Tools for Troubleshooting and Working with SELinux

Due to my determination to keep SELinux in “enforcing” mode, I tend to run into issues that require troubleshooting the security system. While I can remember getenforce or setenforce, I tend to forget some of the other available tools.

  • tail -f /var/log/audit/audit.log
    # /var/log/messages is still useful, but audit.log has more details
  • sestatus -v
    # found this one today; may be handy at times
  • ls -alhZ
    # I can never remember that darn Z
  • getsebool -a
    # dump the settings
  • setsebool
    # change a setting
  • restorecon
    # restore default security contexts