Selinux Tweeks

Introduction

The selinux component of most linux systems can be rather noisy. My first impulse is to shut it down, which is easy enough to do. However, the better practice is to leave it on and collect the different tweeks necessary to reduce the noise. This article will present a collection of different selinux tweeks.

The Tweeks

I'll start off by showing the different tweeks in Table 1, “selinux Tweek List”.

Table 1. selinux Tweek List

Tweek	Description
restorecon -R -v ~/	This is used to fix the context for files in your home directory.
restorecon -R -v /var/cfengine	The configuration engine creates files that don't seem to have the proper context
restorecon -v ./services	This is the /etc/services file. This popped up after a cups update.
restorecon -R -v ./ior	It looks like the gconfd-<user> directory needs to be corrected
restorecon -R -v /tmp/gconfd-dano/lock/ior
restorecon -R -v ./lock
restorecon -R -v ./gconfd-dano
setsebool -P allow_mount_anyfile=1	This turns off complaints for automounting and unmounting
setsebool -P allow_ypbind=1	Allow ypbind to run
chcon -t textrel_shlib_t /usr/lib/vmware/hostd/diskLibWrapper.so	It seems that some vmware libraries require text relocation.
semanage fcontext -a -t textrel_shlib_t /usr/lib/vmware/hostd/diskLibWrapper.so
chcon -t textrel_shlib_t /usr/lib/vmware/vmacore/libvmacore.so.1.0	It seems that some vmware libraries require text relocation.
semanage fcontext -a -t textrel_shlib_t /usr/lib/vmware/vmacore/libvmacore.so.1.0
chcon -t textrel_shlib_t '/opt/real/RealPlayer/plugins/theorarend.so'	Real Player shared libraries do text relocation
semanage fcontext -a -t textrel_shlib_t '/opt/real/RealPlayer/plugins/theorarend.so'	Real Player shared libraries do text relocation

Articles
NFS Locking Issues
Boot Flickering Issue
Selinux Tweeks
Projects
RPM Packaging

	Home

Prev		Next