Check if SELinux is enabled with getenforce or sestatus.
Set it with setenforce enforcing or setenforcing 1.
Disable with setenforce permissive or setenforcing 0.
Files used
.te , Type Enforcement file
.fc , File Context file
checkmodule -M -m -o mymodule.mod mymodule.te semodule_package -o mymodule.pp -m mymodule.mod sudo semodule -i mymodule.pp
.te file starts with "policy_module(my_module_name, 1.0.0)" make -f /usr/share/selinux/devel/Makefile mymodule.pp sudo semodule -i mymodule.pp
Also see: https://wiki.gentoo.org/wiki/SELinux/Tutorials/Creating_your_own_policy_module_file
sudo ausearch -m avc -ts today
sudo sealert -a /var/log/audit/audit.log
# "avc" is "access vector cache"
#Log message example:
type=AVC msg=audit(1348173901.081:298): avc: denied { write open } for pid=3426 comm="smartd" name="smartd.WDC_WD2500BEKT_75PVMT0-WD_WXC1A21E0454.ata.state" dev=sda6 ino=582390 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_lib_t tclass=file
sudo restorecon -Rv /path/to/broken/file/or/directory sudo setsebool -P <boolean_name> on sudo semanage port -l | grep <service_name> sudo semanage port -a -t <port_type_t> -p tcp <port_number>