Questions tagged [selinux]
NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.
selinux
676
questions
0
votes
1
answer
12
views
Selinux preventing access to GOOGLE_APPLICATION_CREDENTIALS .json
Using Google Translate API, it appears that Selinux is preventing access to my Google credientials .json file. The selinux context was "unconfined_u:object_r:user_home_t:s0" so I tried ...
- 365
1
vote
2
answers
72
views
How to enforce a state only if a minon has SELinux installed?
I have code that installs a custom selinux module. In my fleet of minions there's Fedora-based systems (with SELinux installed) and Debian-based ones (without SELinux ). On the latter the module/...
- 1,626
2
votes
1
answer
35
views
build generated in go having different SELinux context than parent directory
In my /home/backend directory, there are multiple Golang projects.
I have used
sudo semanage fcontext -a -t bin_t "/home/backend(/.*)?"
and
sudo restorecon -Rv /home/backend
to set the ...
- 83
0
votes
0
answers
28
views
How can we effectively manage writing SELinux policies for our app?
We are currently developing the SELinux policy for our application, but we are encountering significant challenges in managing it effectively.
Here's our approach so far:
We run our app in SELinux ...
- 23.1k
0
votes
1
answer
40
views
Android java service connect to unix socket created by vendor hal
I have a vendor hal which crates unix socket.
I have a java service which connects to the socket created by vendor hal.
Java service can not connect to the socket because violation of sepolicy:
05-31 ...
- 1,209
0
votes
0
answers
50
views
How to configure SEPolicy rules in order to gain access to network in a vendor service?
I have a vendor service (can't make it system one) which has trouble accessing network.
I have written a usual sepolicy rule with
allow myservice self:udp_socket { read write create connect };
allow ...
1
vote
0
answers
82
views
AWS ssm-user with selinux need to switch context
I currently expose some ec2 instances to some users via ssm. The instance assigns the selinux user system_u:system_r:unconfined_service_t:s0. For audit purposes, I want to force users to sign in ...
- 493
0
votes
1
answer
144
views
How to assign a selinux scontext to an android app
My question is similar to this:
How process under android selinux context was labeled?
except for I'm trying to assign it to an android app. Currently my app is being labelled as a platform_app, which ...
- 1,737
0
votes
1
answer
27
views
Why is the value not changing even after the command is run with ROOT?
Even after the command is run successfully with ROOT, the file's value doesn't change
I want to change /sys/class/lcd/panel/vrr value to 65 0
where it is 60 0 by default
For this I first set enforcing ...
0
votes
0
answers
109
views
Android kernel overclock
How to increase Android kernel processor speed, I will compile it with source codes
the processor has persistent kernel source codes from 1.60 to 1.70 What are your suggestions, which path should I ...
- 1
1
vote
1
answer
37
views
Php can not upload file out of /var/www/html even after disabling Selinux
OS: RHEL 9 with php 8.3 and httpd.
Selinux disabled.
Php Application is hosted in /var/www/html/application. Trying to upload file to /home/user/uploads.
This error showing:
move_uploaded_file(/home/...
- 324
0
votes
0
answers
190
views
Install docker on RHEL 8.8. Service does not start because of error : "Failed to initialize nft: Protocol not supported"
We're trying to install docker on RHEL 8.8 :
containerd.io-1.6.28-3.2.el8.x86_64.rpm
docker-ce-25.0.5-1.el8.x86_64.rpm
docker-ce-rootless-extras-25.0.5-1.el8.x86_64.rpm
docker-ce-cli-25.0.5-1.el8....
- 1
0
votes
0
answers
111
views
A mounted directory on a container with label type container_file_t can be accessed by a process running in a different domain (user_t)
I was running some tests to see how effective SELinux is in containerized environments,and I came upon an irregular behavior, and I can't understand why it's happening.
Let's say in the case where ...
0
votes
0
answers
15
views
Something changes selinux context on ~jenkins/.ssh/ files
From time to time, something changes selinux context on ~jenkins/.ssh file:
# restorecon -Fnv ~jenkins/.ssh/authorized_keys
restorecon reset /var/lib/jenkins/.ssh/authorized_keys context system_u:...
- 376
0
votes
0
answers
116
views
MOTD not displaying for LDAP users on Rocky 9 Linux
I have a Rocky 9.3 install configured to use pam_access.so and pam_motd.so. pam_access is working fine. I'm running in to an issue where /etc/motd doesn't display for LDAP user logins but it does ...
- 363