For of you that run a server powered by Fedora or another distribution that’s based on it, here’s a very good SELinux tutorial from Major Hayden, a Rackspace employee.
It begins thus:
I’ve decided to start a series of posts called “Chronicles of SELinux” where I hope to educate more users on how to handle SELinux denials with finesse rather than simply disabling it entirely. To kick things off, I’ll be talking about dealing with web content in the first post.
First stepsIf you’d like to follow along, simply hop onto a system running Fedora 21 (or later), CentOS 7 or Red Hat Enterprise Linux 7. We need SELinux in enforcing mode on the host, so be sure to check the status with getenforce. Depending on what getenforce returns, you’ll need to make adjustments:
- Enforcing: No adjustments needed — you’re all set!
- Permissive: Run setenforce 1 and adjust SELinux configuration file (see below)
- Disabled: Adjust the SELinux configuration file and reboot (see below)
To enable enforcing mode in the SELinux configuration file, edit /etc/selinux/config and ensure your SELINUX line has enforcing:
Read the complete article here.
