Useful Commands

Here’s a list of useful commands to aid man/google around SELinux issues as and when needed.

Check the SELinux audit logs (as a matter of course):

$ /usr/sbin/audit2why < /var/log/audit/audit.log

Switch into permissive mode as a diagnostics tool (does it still not work even when SELinux is permissive):

$ setenforce 0

And back into enforcing:

$ setenforce 1

Changing a context label on a file/directory:

$ chcon CONTEXT FILE

Restore context on a file to that of parent directory (v. useful) $ restorecon FILENAME

Install policy development framework (yum/rpm distros) $ yum install selinux-policy-devel

Create a template policy direct from the audit log to fix specific problem:

$ audit2allow -l -a > mypolicy.te

Build a policy (need to tart up the audit2allow output first)

$ make -f /usr/share/selinux/devel/Makefile</p>

Install a new policy module:

$ semodule -i mypolicy.pp

List installed policies

$ semodule -l

Remove a policy

$ semodule -l <policy>

Notes for expansion:

Policy Booleans, setsebool command etc.