Super User
Super User

Questions tagged [selinux]

Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.

SELinux is a set of kernel modifications and user-space tools, which have been added to various Linux distributions.

A Linux kernel integrating SELinux enforces mandatory access control (MAC) policies that confine user programs' and system servers' access to files and network resources.

To read more in-depth on mandatory access control (MAC), see this Wiki.

142 questions
130
votes
5 answers

What does the dot mean at the end of `-rw-r--r--`? How do you set it with `chmod`?

Some of the files in my directories under Linux have a . at the end of the permissions listing. What does the dot mean at the end of -rw-r--r--? How do you set it with chmod?
Darrell Duane
  • 1,398
18
votes
3 answers

How do I remove any SELinux context or ACL?

HI, I have some files, that I'd like to remove the SELinux context or ACLs from (denoted by a '.' or a '+' respectively when using ls -alZ). I don't have too much time on my hands to read on the , etc on how to use chcon etc., so I just want to…
polemon
  • 2,899
16
votes
4 answers

A way to trigger an SELinux policy violation?

I'm studying the basic workings of SELinux and would find it useful to trigger a denial. My test machine is running CentOS 7, it's a basic server install without any extra services, and getenforce states 'Enforcing'. So I felt sure that making /root…
Thoughtitious
  • 323
8
votes
4 answers

semanage command not changing file context

I am trying to change selinux context for upload directory to enable anonymous upload. This is the Directory path /var/ftp/upload This is the default context [root@server ftp]# ls -Z upload drwxr-xr-x. root root…
max
  • 4,163
8
votes
2 answers

How do you boot linux with networking disabled?

Is there some way to disable networking by passing a kernel option through grub? Prefereably I could only disable 2 interfaces, but disabling all networking would be okay also. My use case is that I am working on a SELinux operating system and want…
Jason Axelson
  • 1,900
7
votes
1 answer

What are the main impacts of SELinux, from an administration point of view?

Thanks to Wikipedia and others, we can have a vague idea of what SELinux is. I understood it gives ways to handle permissions more precisely, but I'm really not aware about how. The question would be : if I decided to change a Linux system to a…
Levans
  • 2,200
6
votes
1 answer

How can I make SELinux allow access to a file?

I have a proprietary piece of software my company owns that needs access to a root-level file. We'll call it /secfile as it is security/license related. The system runs a daemon that writes out updated information to /secfile. This daemon, if…
UtahJarhead
  • 2,077
6
votes
2 answers

How do I change security context on a directory in CentOS with SELinux?

I tried to change it, but it wouldn't let me. # ls -dZ /usr/local/spamassassin drwx------. spam spam system_u:object_r:usr_t:s0 /usr/local/spamassassin # chcon -v --type=spamd_t /usr/local/spamassassin changing security context of…
Chloe
  • 6,196
5
votes
2 answers

selinux doesn't have httpd_can_network_connect as an option on ubuntu 15.04

I installed Ubuntu 15.04 and then installed selinux by doing sudo apt-get install selinux. I then did setsebool -P httpd_can_network_connect 0 and got a "Boolean httpd_can_network_connect is not defined" error. I do getsebool -a | grep http and…
neubert
  • 7,574
  • 39
  • 94
  • 156
5
votes
3 answers

SELinux transition from unconfined_r to user_r

On a Fedora 18 machine, I have the following SELinux context as a regular user created during installation: $ sestatus SELinux status: enabled Loaded policy name: targeted Current mode: enforcing Mode…
ArjunShankar
  • 375
5
votes
2 answers

Making SELinux play nice with OpenVPN (in NetworkManager)

I have been trying to use OpenVPN to connect to my work network. Using it via the command line works fine: openvpn user.conf I haven't bothered to set it up with DNS properly though, and it looks to be a bit of a pain. I'd much rather use it…
jelford
  • 153
5
votes
2 answers

How to run an X11 application (xclock) on podman?

podman says Error: Can't open display: localhost:10.0 when I try to run xclock in a container with the command podman run -ti -e DISPLAY --rm -v ~/.Xauthority:/root/.Xauthority:Z localhost/xclockimage on a Fedora 29 computer. Longer story On my…
Erik Sjölund
  • 356
4
votes
0 answers

selinux: how to enable httpd to have read-write and execute permissions

I am facing problems with PHP interface that calls perl and shell scripts. These enable uploading of a file to a folder and execute them with some input while storing output into some other files. Now it appears that I can either give read-write…
Quiescent
  • 163
4
votes
1 answer

HIPS for Linux (ie, interactive SELinux/AppArmor)

Windows has a number of programs (generally referred to as Host-based Intrusion Prevention Systems) that offer protection against difficult security threats (such as zero-day exploits) by blocking potentially dangerous program behavior and asking…
Aleksandr Dubinsky
  • 664
4
votes
3 answers

Is SELinux important if I'm the only one who uses my computers?

I've got two Fedora laptops and a CentoOS home server, but I'm the only person who uses any of them, with the exception of a smb share that a family member uses. Does SELinux have any real benefit if there aren't any other regular users on my my…
Kefka
  • 1,536
  • 2
  • 17
  • 32
1
2 3
9 10