Logging
selinux logs to /var/log/audit/audit.log.audit2why
audit2why will often explain the reason for the error and may offer a simple fix:# grep 1561301145.470:205197 /var/log/audit/audit.log | audit2why
audit2allow
When audit2why does not provide any help audit2allow may provide a solution.# grep 1561296359.838:200837 /var/log/audit/audit.log | audit2allow
Will create and display a module to allow the banned behavior.
# grep 1561296359.838:200837 /var/log/audit/audit.log | audit2allow -a -M name # semodule -i name.pp
Will create and install the module.
No comments:
Post a Comment