selinux

Today, I want to run the httpd server on a custom port, 8002 on a CentOS 7 server. Of course, all my system has SELinux in enforcing mode. In order for the httpd to bind on port 8002, we need to add this port to the httpd_port_t port type list. First let’s confirm that port 8002 is not yet in the http_port_t list: [root@servera ~]# semanage port -l | grep ^http http_cache_port_t tcp 8080, 8118, 8123, 10001-10010 http_cache_port_t udp 3130 http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000 We know from the manual semanage-port(8), to add a port to an SELinux port type list, we run the following command:...

On most my systems I created a user called devops with its home directory created at /srv/devops. And on Fedora or CentOS systems, those home directories have their SELinux context set correctly when created. Recently, I found out that on all 3 machines so far, the SELinux context has been reverted. ~# ls -lZ /srv total 0 drwx------. 5 devops devops system_u:object_r:var_t:s0 127 Oct 30 2019 devops It should have had the same context as the normal user kenno in /home directory:...

What? Why does mpd want to access /root/.config? What’s MPD? It’s a daemon for playing music. It runs as a service, which I connect to with either ncmp or ncmpcpp. Here’s the full SETroubleshoot detail: The version of MPD that causes this issue is: 0.20.10 on Fedora 27. I’m pretty sure it was working last week and I didn’t have to do anything. So what’s changed? Well, it seems like this could be a very old problem as reported int bug 1325502....