Troubleshooting SELinux
Let's take a look at different ways of troubleshooting SELinux.
The log file
If we were left uncertain as to the problem that was causing errors that we encountered before with the web server, then our troubleshooting should always start with log files. For SELinux, this is the /var/log/audit/audit.log file. Logging in from SELinux will be marked as AVC (Access Vector Cache). We can search the log file with grep using something similar to the following command:
# grep AVC /var/log/audit/audit.log
However, more appropriately, there is also the ausearch command that we can use. If an error has just occurred, we can use the recent time start code to help reduce returned results. This is a shortcut for displaying errors within the last 10 minutes:
# ausearch -m avc -ts recent
Other than this, we can supply an actual time, date, or both. In the following example, we will use 16:00 as the starting time to search. In the absence of the date, today's date is implied...
