Quickly locate and interpret SELinux AVC denials so you can fix permission problems without guessing. 04.02.2026 | reading time: 3 min SELinux denials show up as AVC messages in audit logs; learn to find them quickly with the audit tools so he can stop guessing why a service fails. Reproduce and spot a denial Turn on enforcing with `setenforce 1` if needed, then search recent AVC messages using `ausearch -m avc -ts today -i`; example command and a typical single-line result are: `ausearch -m avc -ts today -i` and ```type=AVC msg=audit(1618881234.123:456): avc: denied { write } for pid=789 comm="httpd" name="uploads" dev="sda1" ino=12345 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir``` which tells him that the httpd process was denied a write to a directory labeled user_home_t. Translate logs into fixes Pipe AVC output into helpers: `ausearch -m avc -ts today -i | audit2why` explains why SELinux blocked an action and `ausearch -m avc -ts today -i | audit2allow -M mypol` can generate a module to allow the behavior; a quick example of `audit2why` output looks like "SELinux is preventing httpd from writing to user_home_t" and `audit2allow` will show the minimal rule needed to permit it. Query precisely and at scale Narrow searches with time ranges and identities: use `ausearch -m avc -ts recent`, add `-c <comm>` to filter by command, or `-p <pid>` for a PID; for live investigation `tail -F /var/log/audit/audit.log | grep --line-buffered AVC` or watch kernel AVCs via `journalctl -k | grep AVC` when auditd is not installed. When automated analysis helps Install setroubleshoot for human-readable alerts and run `sealert -a /var/log/audit/audit.log` to get HTML summaries and suggested fixes; combine that with `ausearch` and `audit2why` to move from log to policy change in minutes. Wrap-up and next steps Finding an AVC line is only the start: read the scontext and tcontext, use `audit2why` to understand intent, then apply the smallest policy change necessary or relabel objects; keep practicing this workflow and consider deeper study or certification to master Linux security, for example by preparing with an intensive course at bitsandbytes.academy to aim for CompTIA Linux+ or LPIC-1. Join Bits & Bytes Academy First class LINUX exam preparation. security troubleshooting utilities
