SE Linux issues

ralxx · August 18, 2022, 8:18pm

Dear all, I am new here and new to AlmaLinux/RHEL
I am currently running AL9 on a workstation - for now test-wise.

I need to access my Nextcloud, but after installing the Nextcloud package (flatpak), SE Linux complained and seemed to block my attempts. I decided to switch off SE Linux.
I just need a quick feed-back whether this is a kind of okay or not such a good idea. If this idea is less good what quick fix could I apply to get Nextcloud running with SE Linux and what to do if I come across similar issues?
Thanks in advance

jlehtone · August 19, 2022, 8:10am

Not a good idea.

A usual troubleshooting approach is to keep SELinux enabled, but switch it into “permissive mode” (setenforce 0). In this state SELinux logs the things that it would block, but allows them anyway. (There was some action that SELinux did block even in permissive – in CentOS 7.)

You can get some info about the blocked actions with:

audit2why < /var/log/audit/audit.log

Its companion audit2allow generates policy (to allow action) that can be added to system.

scottro · August 20, 2022, 11:57am

The CentOS wiki has a very good article on using audit2allow to troubleshoot. You might need to add the settroubleshoot package.

https://wiki.centos.org/HowTos/SELinux#Creating_Custom_SELinux_Policy_Modules_with_audit2allow

That link is specifically about troubleshooting but the whole article is worth a read if you’re unfamiliar with SELinux.

Topic		Replies	Views
File permissions for audit.log for monitoring Operations	3	1755	July 30, 2021
Java complaining about permissions in an Isilon NFS mount Support	0	221	July 17, 2023
Fail2ban no longer works after today's update Support	4	347	April 17, 2023
automatic proxy authorization does not work Support	4	254	January 26, 2022
Almalinux 9.x with CIS 2.0 Network loss Support	8	208	March 1, 2024

SE Linux issues

Related Topics