If you’re using a Linux distribution that takes advantage of SELinux, such as CentOS, Red Hat, Fedora, or SUSE, you know it can be a blessing and a curse. While SELinux is an incredibly powerful tool that goes a very long way to keep your Linux-powered machines secure, it can be a nightmare to configure. Fortunately, there is a tool called SELinux Alert Browser that can ease those troubles.
With SELinux Alert Browser, you can get quick solutions when SELinux is causing you issues. In fact, you’d be hard-pressed to find an easier route to solving your SELinux-based headaches.
Let’s see how to take advantage of this powerful application.
Opening the tool
Note: The SELinux Alert Browser will be installed, by default, on any distribution that uses SELinux and has a GUI interface.
SELinux Alert Browser will pop up in your notification window when there’s an issue, and then you can open the tool from there. If you haven’t received an alert or your alerts are a bit aging, you may not see the warning; if that’s the case, there’s an easy way to open SELinux Alert Browser:
- Open a terminal window
- Issue the command sealert.
The tool will open, and you’re ready to start browsing alerts.
SEE: Securing Linux Policy (Tech Pro Research)
Using the SELinux Alert Browser
When you open the tool, you may see alerts listed (Figure A).
The best thing about the SELinux Alert Browser, and the feature you will use most often, is the Troubleshoot button. When you click that button, you will get a possible solution for the issue that was reported in your alert from SELinux (Figure B).
The Troubleshoot button will reveal possible actions you can take to resolve your issue. In some cases sealert will instruct you how to have SELinux stop auditing the issue; in other cases sealert will show how to generate a new policy module that allows an object (such as xenconsoled) access to a resource.
When SELinux Alert Browser makes suggestions, they will be in the form of commands you can run to solve the problem. If you agree with the suggestion offered by sealert, go back to the Terminal window and issue the suggested command(s). Hopefully, your issue will be resolved. If you’re unsure that access should be allowed, I highly recommend doing research before issuing the suggested command(s).
Troubleshooting at the tips of your fingers
You no longer have to let SELinux get the best of you. With just a little extra work, you can solve your SELinux woes without disabling this crucial security system, which is something you should never do. Start using the SELinux Alert Browser so you can be aware of what’s going on with your system, and easily solve issues that arise.