SELinux – Ryan Chapin's Website

How To Compile and Install New SELinux Plicy Modules

Posted on February 2, 2018January 23, 2021 by rchapin

Following is a quick how-to on compiling and adding addition SELinux modules.

When configuring and deploying new and/or custom services on systems that are enforcing SELinux you will likely have to compile addition SELinux modules.

This how-to includes how to go through each step of compiling a new module one-by-one; similar to the model of breaking down the compilation of C and C++ into it’s composite steps.

Step 1: Gather the audit.log entries

You will need to determine which → Continue reading “How To Compile and Install New SELinux Plicy Modules”

How to See SELinux Denials That Do Not Show In the audit.log

Posted on July 20, 2017January 23, 2021 by rchapin

Or, otherwise know as: SELinux and Silent Denials.

Sometimes when troubleshooting SELinux issues, you will have added new policies for each of the denial causes written to the audit.log, but SELinux will still be denying access . . . and not giving you any further information about it in the audit.log.

Various processes often execute additional system calls that are above an beyond what they need to do for normal operation. Many of them are blocked, and in order to → Continue reading “How to See SELinux Denials That Do Not Show In the audit.log”