If a problem is selinux related, restoring the selinux security contexts to the files of interest (see restorecon) will often fix the problem.
I read the "man restorecon", and didn't quite understand it. I would have thought that "restorecon (filename)" would do something to the specified file, but apparently it doesn't quite work that way.
But if you made a lot of changes or you have never relabeled the system or you tire of trying to fix a selinux problem, then running "fixfiles relabel && init 6" will fix lots of issues.
I'm reasonably sure I have never "relabeled the system"--at least not on purpose--because I have no idea what that means. And I am reluctant to try anything that might be dangerous.
Also, have a look at the audit2allow and audit2why manpages for more serious selinux problems.
I did, and what I read there helped me solve another problem I was having, trying to get procmail to write to its log file. That works now.
One suggestion: While you are initially setting up new features, it is useful to change selinux to permissive mode.
That way, selinux will not interfere and the real problems will be easier to find and fix. The selinux alerts will still appear in the system logs, so you can identify and fix them before you change back to enforcing mode.
I have already learned that if I have a problem, I should try permissive mode. If something works in permissive mode that didn't work in enforcing mode then I know that selinux is causing my problem. But there is a difference between knowing that selinux is causing the problem, and knowing how to fix it.
I appreciate your help. Thanks.
This Post was from: https://www.centos.org/newbb/viewtopic.php?forum=38&topic_id=12315&post_id=40671