Skip to main content

SELinux | Into the Terminal 14

SELinux has a reputation as the first thing people disable when something breaks. This episode of Into the Terminal makes the case for leaving it on and actually understanding it, because on RHEL it is one of the strongest layers of defense you already have.

What this episode covers:

  • The three modes. Enforcing blocks and logs, permissive only logs (great for troubleshooting without breaking things), and disabled turns it off entirely — and why setenforce 0 for a test is very different from disabling it in config.
  • Contexts are the whole game. Every file, process, and port carries an SELinux context, and most “SELinux problems” are really just a label that does not match — which is why ls -Z, ps -Z, and restorecon matter more than the off switch.
  • Booleans let you say yes without weakening everything. Toggles like httpd_can_network_connect open up specific, intended behavior instead of forcing an all-or-nothing choice.
  • Reading a denial. How to use the audit log and tools like sealert/ausearch to see exactly what was blocked and why, so you can fix the label or set a boolean rather than reaching for permissive.

If SELinux has ever cost you an afternoon, this episode is the one that turns it from an enemy into a tool. Watch the full walkthrough above.