>I am really trying to not turn off SELinux with this server, and only have >this one showstopper error. But I don't know what to do with this gibberish:
Here's an extract from a page I wrote about SELinux (not currently published, or I could just send you the link). --->8--- This is where it can get a bit hairy. I recommend creating /root/selinux as a scratchpad to work in, and as a record of what changes have been made. First, copy and paste lines from the log into a file called thing0.log where thing is a mnemonic name for what you're trying to enable. In this example, thing is smartd root# cd; mkdir selinux; cd selinux root# cat > smartd0.log type=AVC msg=audit(1425551687.181:491): avc: denied { getattr } for pid=20943 comm="smartd" path="/usr/lib64/libstdc++.so.6.0.19" dev="dm-1" ino=134323340 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file type=AVC msg=audit(1425551687.181:492): avc: denied { execute } for pid=20943 comm="smartd" path="/usr/lib64/libstdc++.so.6.0.19" dev="dm-1" ino=134323340 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=file Next, see what allowing this would look like root# audit2allow < smartd0.log #============= fsdaemon_t ============== allow fsdaemon_t file_t:file { getattr execute }; Assuming this looks vaguely sane, generate a loadable module that will allow the access root# audit2allow -M smartd0 < smartd0.log And then load that module, using the command it just told you (annoyingly, this step takes on the order of 10s) root# semodule -i smartd0.pp What you'll typically find is that whatever you were trying to do now fails at the next step. For example, you might have just allowed getattr access, but the next thing the program needs to do is open the file. Repeat the process with thing1.log. This does get a bit annoying, but I don't think I've ever taken more than about 3 or 4 steps. Note that not everything forbidden by SELinux needs to be allowed. Quite often programs will happily run, despite generating a few warnings in the log. ---8<--- Hope this helps! Toby.