SELinux¶

Foreman RHEL6 release fully supports SELinux. Currently the following processes are confined:

• Foreman Rails application running under Passenger

Our policy lives in:

How to report errors¶

Please open ordinary issues and set component to "SELinux". Also give us information about how to reproduce denials and full log from the audit.log:

grep AVC /var/log/audit/audit.log

Providing information via foreman-debug command also helps us with investigating.

Tips for debugging¶

You can run a script in passenger_t policy easily

runcon u system_u -r system_r -t unconfined_t - runcon t passenger_t - <your_script>

To reinitialize selinux use

semodule -B

or

setenforce 1 && setenforce 0