Can't enable SElinux
I'm new to unix administration. Please don't blame me asking anything stupid.
I'm trying to enable selinux on CentOS7 server.
I've tried to edit /etc/selinux/config
__SELINUX=permissive
SELINUXTYPE=targeted__
I've tried enforcing too. Nothing works. When I type getenforce I get
Disabled
I've looked into similar topics but I can't move forward. Some topics suggest to check grub file. But I don't have it. Everytime I try to fix something I need another fix which requires another fix, etc.
I'll appreciate any help.
8 Replies
Not sure if the solution is as simple as using pv-grub to install your own CentOS kernel.
@vonskippy:
I don't think Linode builds SELINUX into their kernels - with a default install, no matter what distro, you're actually running on top of a Ubuntu kernel.
Not sure if the solution is as simple as using pv-grub to install your own CentOS kernel.
Honestly it's not simple for me.
My goal is to install a mail server and I use this instruction:
I followed the instruction (didn't use nginx and used apache). I reached the line where I need to do
systemctl restart firewalld
The problem is that when I start firewalld my website becomes unavailable. I thought it can be related with SElinux.
What I'm doing wrong? Maybe I can find some logs?
__interfaces:
sources:
services: dhcpv6-client http ssh
ports: 80/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:__
And I run firewall-cmd –reload but that doesn't help
Very simply put - Firewall controls traffic access, SELinux controls Application access
The link you posted gives me "502 Bad Gateway - nginx"
The website just went down. Hopefully it will get back soon.
Anyway I opened port 80 but it keeps blocking my requests. Don't know what else I can try.
@vahan:
The problem is fixed. Not sure how I've fixed it. I was playing around, disabled and re-enabled port 80, couple of restarts. Not sure what solved the issue but it works now. Thanks
Could you explain, what problem was fixed: do you turn on selinux or fix firewall problem?
@vahan:
The firewall-cmd –zone=public --list-all output is:
__interfaces:
sources:
services: dhcpv6-client http ssh
ports: 80/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:__
And I run firewall-cmd –reload but that doesn't help
It seams that you don't have interface assigned to the zone. Therefore it won't apply the rule.
You can add the interface by using:
#firewall-cmd --zone=public --add-interface=eth0 --permanent
the run the reload command.