How to debug SELinux
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Overview
This documentation describes how to debug SELinuxwith respect to Atlassian Applications. SELinux is a Linux kernel security module (Application Firewall), which when placed in Enforcing mode, might prevent Atlassian Applications from starting if not properly configured.
SELinux is commonly found enabled with the "enforcing" mode in the Red Hat, CentOS and Fedora linux distributions.
Placing SELinux in permissive mode
If you are experiencing problems starting an Atlassian Application then you can temporarily place SELinux in permissive mode to see if Atlassian Application works when SELinux is in that mode. With that, we can narrow down the issue to this security module.
⚠️ We understand that for a secure system, having SELinux disabled permanently can be not possible, if that's your case please make sure to re-enable it after the troubleshooting is done.
1 - You can verify if SELinux is enabled in the Operation System running:
1
getsebool -a2 - To place SELinux into permissive mode, edit the file /etc/selinux/config and change the line:
1
SELINUX=enforcingto:
1
SELINUX=permissive3 - And then reboot.
1
rebootIf the Atlassian Application works after rebooting then we suggest checking the /var/log/audit/audit.log file for "java" entries and consulting the SELinux documentation for how to troubleshoot it.
Was this helpful?