How To Troubleshoot SELinux Audit2Allow Unable to Open (null)

Overview

The purpose of this guide is to resolve the “Bad address” error message, when you run command “audit2allow”.

Applies To

·        Fedora 22, Fedora 23

·        RHEL 7

·        CentOS 7

Error Message

audit2allow, unable to open (null): Bad address

cat /var/log/audit/audit.log | autid2allow

Cause

This happens when SELinux is completely disabled state.

Resolution

Modify the SELinux state to enforcing mode.

SELinux Status

Verify current SELinux enforcement status. To know the status run the command

sestatus or

cat /etc/selinux/config | grep ^SELINUX

Enable Enforcement

To enable SELinux, run the command; and subsequently restart server to activate the changes.

sed -i "s/^SELINUX=.*$/SELINUX=enforcing/" /etc/selinux/config

reboot

Run Audit2Allow

After rebooting the server run the “audit2allow” command; now you should be able to run the command and generate “type enforcement (.te)” file.

cat /var/log/audit/audit.log | audit2allow -M  MyPolicies

Validate Generated Policy

After creating “type enforcement (.te)” file; you should always validate it ensure that you would really want to allow access for the denied policy.

cat MyPolicies.te

Disable Enforcement

To disable SELinux, run the command; and subsequently restart server to activate the changes.

sed -i "s/^SELINUX=.*$/SELINUX=disabled/" /etc/selinux/config

reboot

Slideshare Information

Step by step guide is uploaded.

How to Troubleshoot SELinux Audit2Allow unable to open (null) from VCP Muthukrishna