Experimental selinux Settings

enable or disable selinux:
vim /etc/sysconfig/selinux
setsebool -P httpd_read_user_content 1
grep nginx /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp
enableaudit.pp base policy is provided in
/usr/share/selinux/[policyname]/enableaudit.pp. Install that with:
semodule -b path_to_enableaudit
and you should see all denials.

Leave a Reply

Your email address will not be published. Required fields are marked *