4

I am running Fedora Server 28 for ARM on my Raspberry and during the installation of Pi-Hole I got a warning message about SELinux being set to 'Enforced' and that because of it I cannot use Pi-Hole's admin page.

That is indeed the case, http://pi.hole/ returns a blank page, and without disabling SELinux / setting it to permissive on /etc/sysconfig/selinux Pi-Hole does not work at all.

The question is, how do I create a policy that allows Pi-Hole to work as intended while having Enforced status on?

Edit #1

I found this question:

start with the default policy, run in permissive to see what needs to be fixed. Then modify your policies to fix potential problems. Then restart strict enforcing.

grep hole /var/log/audit/audit.log outputs many comm="php-cgi" and comm="dnsmasq" denials.

Could this solve my problem?

$ grep hole /var/log/audit/audit.log | audit2allow -M mypolicy ******************** IMPORTANT *********************** To make this policy package active, execute: # /usr/sbin/semodule -i mypolicy.pp
Improve this question

1 Answer 1

Reset to default
1

From Pi-Hole's GitHub:

Pi-hole being a advertising-aware DNS/Web server, makes use of the following technologies:

dnsmasq - a lightweight DNS and DHCP server

Solved my problem with:

SELINUX=permissive in /etc/sysconfig/selinux

reboot

# grep dnsmasq_t /var/log/audit/audit.log | audit2allow -m dnscache > dnscache.te

# grep dnsmasq_t /var/log/audit/audit.log | audit2allow -M dnscache

semodule -i dnscache.pp

Verified with:

semodule -l | grep dns

Afterwards:

SELINUX=enforcing in /etc/sysconfig/selinux

reboot

Improve this answer
1
  • I'd be grateful for any feedback or criticism that I can learn from or use to help me improve my answer Commented Jun 29, 2018 at 8:35

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.