Here’s a list of useful commands to aid man/google around SELinux issues as and when needed.
Check the SELinux audit logs (as a matter of course):
$ /usr/sbin/audit2why < /var/log/audit/audit.log
Switch into permissive mode as a diagnostics tool (does it still not work even when SELinux is permissive):
$ setenforce 0
And back into enforcing:
$ setenforce 1
Changing a context label on a file/directory:
$ chcon CONTEXT FILE
Restore context on a file to that of parent directory (v. useful) $ restorecon FILENAME
Install policy development framework (yum/rpm distros) $ yum install selinux-policy-devel
Create a template policy direct from the audit log to fix specific problem:
$ audit2allow -l -a > mypolicy.te
Build a policy (need to tart up the audit2allow output first)
$ make -f /usr/share/selinux/devel/Makefile</p>
Install a new policy module:
$ semodule -i mypolicy.pp
List installed policies
$ semodule -l
Remove a policy
$ semodule -l <policy>
Notes for expansion:
Policy Booleans, setsebool command etc.