SELinux¶

Foreman RHEL6 release fully supports SELinux. Currently the following processes are confined:

• Foreman Rails application running under Passenger

Our policy lives in: https://github.com/theforeman/foreman-selinux

How to report errors¶

Please open ordinary issues and set component to "SELinux". Also give us information about how to reproduce denials and full log from the audit.log:

grep AVC /var/log/audit/audit.log

Providing information via foreman-debug command also helps us with investigating.

Tips for debugging¶

If you identify part of code you want to test separatey, you can run a script in passenger_t policy easily

runcon u system_u -r system_r -t unconfined_t - runcon t passenger_t - your_script.rb

To reinitialize selinux use

semodule -B

or

setenforce 1 && setenforce 0