Welcome to the Linux Foundation Forum!

Lab 41.1

The problem of not experiencing a problem (using CentOS, and SElinux is enabled and in enforcing mode):

Part 4.
When I tried to view file2.html moved to /var/www/html, I do not get the forbidden message; the file is dumped to standard output fine.
When I examine the context of file2.html, it has etc_run_time_t rather than admin_home_t. But even when I use chcon to change that to admin_home_t to see if I can get the forbidden message, the file still dumps correctly.
Any suggestions?

Also a typo in 4:
$ sudo mv file2.html /var/www.html - should be /var/www/html


  • mo79uk
    mo79uk Posts: 42

    A few issues in lab 42.2 too:

    Part 7 says aa-genproc rather than aa-genprof

    My ping-x profile was set as complain by default, so to get the operation to deny, first you had to enter
    $ sudo aa-enforce /bin/ping-x

  • Hi mo79uk, what is the CentOS version you are working with? So I can do a test case.


  • mo79uk
    mo79uk Posts: 42
    edited December 2018


    CentOS with GNOME in a VM:

    $ cat /etc/redhat-release
    CentOS Linux release 7.5.1804 (core)

    $ uname -r

  • Hi mo79uk,

    I did the testcase on CentOS 7.2 and it worked, in fact I obtained the "Forbidden" message. Are you sure that SELinux is in enforcing mode? Also, did you move the file from /root/ to the DocumentRoot directory? I suggest to paste here all the commands you run, because it's working for me.


  • mo79uk
    mo79uk Posts: 42

    Hmm, now it's working (it wasn't several times earlier) - either my brain needed a reboot or something in the VM.. Thanks anyway.

  • With my best friend happens the same; she says "c'mon please, it doesn't work". And as soon as I get there it starts working, hehehe.



  • coop
    coop Posts: 913

    "There are some mysteries not understood by modern science."


Upcoming Training