SELinux / AppArmor
What they are
Both provide mandatory access control (MAC):
- SELinux: label-based policy enforcement (common on RHEL/Fedora)
- AppArmor: path-based profiles (common on Ubuntu)
They restrict what processes can do even if file permissions would allow it.
SELinux quick commands
Status:
Common modes:
- Enforcing
- Permissive (logs violations, doesn’t block)
- Disabled
Search recent denials (audit logs):
sudo ausearch -m avc -ts recent
AppArmor quick commands
Status:
Profile modes:
sudo aa-complain /etc/apparmor.d/usr.sbin.nginx
sudo aa-enforce /etc/apparmor.d/usr.sbin.nginx
Troubleshooting approach
- Confirm whether SELinux/AppArmor is blocking the action
- Switch to permissive/complain temporarily to validate hypothesis
- Fix policy/profile (don’t leave protections disabled)