selinux is a tool that is cool in principal, but in practice is studpidly hard to work with.
Good tutorial on how to use selinux:
List of commands: https://fedoraproject.org/wiki/SELinux/Commands
However, I’ve been making up a cheatsheet of commands to get it to work, without turning it off:
# This is from CentOS 8.2 # Make sure the auditing tools are available dnf install policycoreutils-python-utils setroubleshoot # disable the dontaudit logs to show all blocked things. semodule --build --disable_dontaudit # set enforcing mode off so we get all things that would have been denied setenforce 0 # watch the audit logs to find what is being blocked - saving to ipam-selinux-blocks.log file tail -f /var/log/audit/audit.log -n0 | grep denied --line-buffered | tee selinux-blocks.log # Now run the thing that you want to work # Have a browse to see what would have been blocked, and remove any lines you don't want to allow vim selinux-blocks.log # You can now compile a working module cat selinux-blocks.log | audit2allow -M allowpolicy semodule -i allowpolicy.pp