SELinux Logging

Most users and sysadmins would have come across a situation in which a desired application/program does not behave as expected in a system running SELinux. I have seen that, often, the blame falls squarely on SELinux—whether it is the culprit or not.
To successfully troubleshoot an issue with application performance in an SELinux-enabled system, follow the steps shown below to diagnose the problem:

1. Determine whether the misbehaviour/error is due to SELinux.

2. If not, troubleshoot the application.

3. If yes, decipher SELinux error logs to understand why the denial occurred and take corrective action.

This article addresses the third point—i.e., how to decipher SELinux logs and take corrective action.

To determine whether the application misbehaviour/error is due to SELinux, switch SELinux to permissive mode:

[root@vbg ~]# setenforce 0

Now re-execute the earlier task. If you still face errors, SELinux is not responsible for the malfunction. The troubleshooting efforts need to be directed elsewhere (the application log files would be a good place to start).

If indeed the application behaved as desired on changing SELinux mode to permissive, it is time that you troubleshoot the SELinux logs.

Any denials by SELinux are recorded in the log files as Access Vector Cache (AVC) denials, since AVC is used by the rules engine.