- do not use chcon in production
– do not use audit2allow in production
#PERCONA XTRADB CLUSTER semanage port -a -t mysqld_port_t -p tcp 4568 # ALLOW WEB SERVER TO DIRECTORY semanage fcontext --add --type httpd_sys_content_t '/www(/.*)?' # ALLOW ZABBIX TO READ DIRECTORY semanage fcontext --add --type zabbix_log_t '/var/log/syscollector(/.*)?' # ALLOW WEBSERVER TO PHP-FPM semanage port -a -t http_port_t -p tcp 9000 # ALLOW APACHE, NGINX TO WRITE LOGS semanage fcontext --add --type httpd_log_t '/data/logs/www(/.*)?' # SHOW PERMISSIONS FOR APACHE, NGINX semanage fcontext -l | grep http # DELETE CONTEXT semanage fcontext -d '/data/logs/www(/.*)?' # CHECK SELINUX PERMISSIONS DENY cat /var/log/audit/audit.log | grep deni ASTERISK semanage fcontext -a -t asterisk_var_lib_t "/var/lib/asterisk/(/.*)?" semanage fcontext -a -t asterisk_var_run_t "/var/run/asterisk/(/.*)?" semanage fcontext -a -t asterisk_spool_t "/var/spool/asterisk/(/.*)?" restorecon -R /var/lib/asterisk/ restorecon -R /var/run/asterisk/ restorecon -R /var/spool/asterisk/