Chapter 8. Debugging SELinux

In this chapter, we will look at SELinux debugging through the following recipes:

Identifying whether SELinux is to blame
Analyzing SELINUX_ERR messages
Logging positive policy decisions
Looking through SELinux constraints
Ensuring an SELinux rule is never allowed
Using strace to clarify permission issues
Using strace against daemons
Auditing system behavior

Introduction

On an SELinux-enabled system, the SELinux policy defines how applications should behave. Any change in behavior might trigger SELinux denials for certain actions of that application. As a result, end users can notice unexpected permission issues or erratic application behavior.

Troubleshooting such situations is usually done through analysis of the AVC events. ...

Get SELinux Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

SELinux Cookbook by Sven Vermeulen

Chapter 8. Debugging SELinux

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly