Troubleshooting SELinux

SELinux decisions, such as allowing or disallowing access, are cached. This cache is known as the Access Vector Cache (AVC). Denial messages are logged when SELinux denies access. For example, an SELinux error generated by the Apache web server may appear as .

Each error message includes information on the source context (scontext) of that part of your system performing an action, and the target context (), the target of the action. In many cases, the source is a binary and the target a file.

setroubleshoot is a utility that parses the messages from SELinux and provides comprehensive help on what it means and possible actions to take. It has both a graphical utility for your desktop and a server side component that can send email alerts. It is installed by default on Fedora. To install it on your system, use the Software tool in GUI or enter the following command:

To start the program, run the following command:

To troubleshoot an error, click the troubleshoot button in the SELinux Alert browser. The browser will return available options for resolving the error and commands to run to fix the problem.

• Four Key Causes of SELinux Errors