Sapsiwai, Fotolia

Sapsiwai, Fotolia

Troubleshooting SELinux

Simple and Secure

Article from ADMIN 00/2010
By
SELinux can provide protection from exploits that could compromise your system – if you know how to set it up and use it. We show you how to solve some commonly encountered problems.

For most people, SELinux is nothing more than "that annoying security feature I need to remember to turn off during the install." This is not entirely surprising, because the SELinux documentation has always been a little sketchy and is frequently out of date. Also, in many environments, enabling SELinux can lead to strange failures with mysterious error messages. In this article, I will shed some light on the basic principles behind SELinux and help you deal with some of the typical problems you will encounter when enabling SELinux on your systems.

Why should you even care about SELinux? When implemented properly, SELinux is an effective application whitelisting tool that restricts critical applications to only the specific functionality they need to accomplish their mission. If an attacker were to subvert the application via a buffer overflow or other exploit, SELinux would very likely prevent the attacker from using the compromised application and from accessing critical files and directories in the operating system. In other words, SELinux can prevent exploits that could compromise your system and steal your data and other computing resources. This is powerful.

Is It Turned On? What's It Doing?

The first question for most sites is: "Is SELinux turned on?" The current state of SELinux on your system is visible via the sestatus command (Listing 1).

Listing 1

sestatus Command

01 # sestatus
02 SELinux status:                 enabled
03 SELinuxfs mount:                /selinux
04 Current mode:                   permissive
05 Mode from config file:          permissive
06 Policy version:                 21
07 Policy from config file:        targeted
...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs



Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>
	</a>

<hr>		    
			</div>
		    		</div>

		<div class=