SELinux help
 

I have a question I am now in Permissive mode and I get some errors and tells me to do the following:

ausearch -c 'php-fpm' --raw |audit2allow -m my-phpfpm
semodule -I my-phpfpm.pp

I have a couple more errors in audit log

can't I use the command

grep denied /var/log/audit/audit.log mypolicy

or is it better to use individually with semodule

I am a little confused on SELinux and it's purpose. Thanks

SElinux improves security by not allowing foreign programmes to run and gain access to upper level system resources. This basically makes it more difficult to be hacked because SElinux stops the programme from running as you see in the logs.

If the programme is legitimate and you want it to run, you have to tell SElinux to do it.

Most people say, just turn it off, but that in general i I feel is very bad advice. If that php thing you try running was malware or a rootkit, you would have been in some hot water. So SElinux aims to keep your server safe, and when something does get in, it puts up walls to limit damage done.

So with the commands you passed, you told selinux, hey this is safe, it is ok to run. After you did your audit to allow, you told the engine it is ok to run the files, but the actual files do not have labels allowing it yet. So after doing the above, relable the files with

After doing that it should be able to run.

Now, in the case of your setting of permissive mode. SElinux is still running but it is not actively enforcing the rules. That means it will shout and scream in the logs and show where problems are, but it will not stop those programmes from running.

Permissive mode is really good for when you try something new and want to make sure it works after you set it up and investigate possible issues with SElinux.

My recommendation would be to create your allowed list as yu did. Restore the file contexts o they allign with the new configs. Check logstjat those alerts are not occur anew. If those things look fine, seit back to enforcing mode for protecting your system.