Experimental selinux Settings

enable or disable selinux:
vim /etc/sysconfig/selinux
 
setsebool -P httpd_read_user_content 1
 
grep nginx /var/log/audit/audit.log | audit2allow -M mypol
semodule -i mypol.pp
 
enableaudit.pp base policy is provided in 
/usr/share/selinux/[policyname]/enableaudit.pp. Install that with: 
semodule -b path_to_enableaudit
and you should see all denials.

Leave a Reply

Your email address will not be published. Required fields are marked *