Sometimes, your are experiencing some security issues, even DAC (discretionary access control) looks OK.

Try to discard SELinux culpability

What is the current status of SELinux ?

[root@selinux_test ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

“Loaded policy name” & “Mode from config file”¬†has been defined in “/etc/selinux/config” file :

[root@selinux_test ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected.
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

 

Ok, if you want to disable SELinux, you can edit this file and reboot your Linux machine. But if you just want temporary disable it, use “setenforce” command.

Disable temporary SELinux :

[root@selinux_test ~]# setenforce permissive

You can check :

[root@selinux_test ~]# getenforce
Permissive

or :

[root@selinux_test ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

And after your test, you can enable SELinux :

[root@selinux_test ~]# setenforce enforcing

And check again :

[root@selinux_test ~]# getenforce
Enforcing

or :

[root@selinux_test ~]# sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

 

PDF Printer    Send article as PDF   

Leave a Reply

Your email address will not be published. Required fields are marked *


*