SELinux Installation Issues
SELinux is a security mechanism that works on top of the native file and directory read/write/execute permissions within the Linux file system. It is available for most Linux distributions and is installed by default in newer RHEL (Red Hat Enterprise Linux) & Fedora distributions.
As SELinux may prevent the installation and/or operation of any software being executed, ensure that you create appropriate policy file for it.
SELinux allows you to set a finer granularity of restrictions on access and execution. This control is represented by "policy files", typically created and maintained by the SecOps team within your organization. For more details about SELinux, see https://selinuxproject.org/page/Main_Page.
The policy files are found in /etc/sestatus.conf by default. To
determine if SELinux exists on your system, run the getenforcecommand
which returns the string Enforcingif it is active.
Alternatively, you can run this command:
sestatuswhich generates this output:
SELinux status: enabled
SELinuxfs mount: /selinux
Current Mode: permissive
Policy version: 16
sestatusIf SELinux status is disabled, it indicates that the
system has not installed the package. However, if the status returned is
enabled, but the Current Mode is
permissive, then SELinux policy files are not enforced. To install
and test the APM Agent:
- Set the mode to permissive and then enable it
- Follow the SELinux guidelines to create the appropriate policy statements for the agent in question
To
enable SELinux, use the command setenforce 1 to enable enforcing
mode; to disable SELInux use setenforce 0 (set to
permissive mode).
For more details about enabling/disabling SELinux, see: https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html