SELinux provides an essential layer of security beyond the discretionary access control set by the user. It prevents any unauthorized attempt to access a resource such as a file by a running process. Here, the process that attempt to access a resource could be a genuine process or it could be a compromised process. Disabling SELinux is not considered good practice. Sometimes, when a binary or application is installed from a third party, it does not contain any appropriate SELinux context, which may lead to restrictions in running that service properly. In those circumstances, SELinux is run in permissive mode and new rules are created based on the denial of service messages captured in log files. In most cases of SELinux troubleshooting, it has been observed that access control restrictions are applied by SELinux due to incorrect type context on a file. This issue can be easily resolved using the restorecon command, which sets the default context on files from SELinux rules given in a policy. Using this method, we can keep our SELinux in enforcing mode and the security of our systems intact.

Modifying the mode of SELinux Booleans by turning their values on and off is also used sometimes to relax or harden the SELinux controls for running a service. For making an appropriate change in SELinux rules or policies, the primary requirement is to understand the problem correctly. In this, the monitoring of SELinux violations by going through logs plays an important role. For logging SELinux messages to /var/log/messages and /var/log/audit/audit.log in an easily understandable format, the setroubleshoot-server package should be installed on the system with the following command:

# yum install setroubleshoot-server -y