A place to list all my SELinux debugging commands and handy tips. Help me SELinux, you're my only hope.
- Copy custom policy interface to locatation so it is available to build against with
audit2allow -R
:install -Dp -m 0664 -o root -g root myapp.if /usr/share/selinux/devel/include/myapplications/myapp.if
make -f /usr/share/selinux/devel/Makefile myapp.pp
semodule -i myapp.pp
restorecon -RvF
sesearch -A -s myapp_t -t etc_t -c file -p read
seinfo -xt myapp_var_log_t
semanage port -a -t myapp_port_t -p tcp 3000
ps -efZ | grep myapp
matchpathcon /path/to/something
ausearch -m avc,user_avc,selinux_err -ts recent | less
- Searching the audit log with audit2allow and match against interfaces with switch -R:
ausearch -m avc,user_avc,selinux_err -ts recent | auditallow -R
-
Will remain until reboot:
auditctl -w /etc/shadow -p w
-
Permanently (CentOS 9 Stream):
echo "-w /etc/shadow -p w" >> /etc/audit/rules.d/audit.rules
service auditd restart
- List all current rules in use:
auditctl -l
- Add a directory to monitor for write permissions:
auditctl -w /opt/mydir -p w
- Remove a rule (capital switch):
auditctl -W <exact rule>
- SELinux stored file contexts:
/etc/selinux/targeted/contexts/files/file_contexts
setools-console
policycoreutils