selinux
SELinux mandatory access control reference. Enforcing/permissive modes, security contexts, booleans, policy modules, file labeling, port management, and troubleshooting with audit2why and sealert.
Why use this skill?
Master SELinux with the openclaw/selinux skill. Learn to manage security contexts, booleans, policies, and troubleshoot access denials efficiently.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/bytesagain/selinuxWhat This Skill Does
The selinux skill acts as an authoritative, interactive reference and troubleshooting guide for Security-Enhanced Linux (SELinux) environments. It demystifies the complex world of Mandatory Access Control (MAC) by providing clear explanations and actionable commands for managing system security. Whether you are dealing with file labeling discrepancies, adjusting port access for web services, or debugging policy denials, this skill provides the necessary syntax and context-aware advice to safely modify system security without compromising the integrity of your host. It covers the full lifecycle of SELinux management, from checking enforcing modes to deploying persistent policy modules.
Installation
To integrate this skill into your environment, run the following command within your terminal or OpenClaw interface:
clawhub install openclaw/skills/skills/bytesagain/selinux
Use Cases
This skill is ideal for Linux system administrators, DevOps engineers, and security analysts. Use it to:
- Analyze and resolve 'Permission Denied' errors in high-security environments where DAC permissions seem correct but processes are blocked.
- Provision new web services by correctly labeling files or opening specific network ports for applications like Nginx or Apache.
- Audit existing security contexts on files and processes to ensure they align with organizational policy.
- Toggle SELinux modes during temporary maintenance or during the deployment phase of new applications.
Example Prompts
- "I am getting a 403 Forbidden error on my web server, but the file permissions are 755. Use the selinux skill to check the security contexts and suggest a fix."
- "My application needs to bind to port 8080, but SELinux is blocking it. Show me the semanage command to allow this port."
- "Explain the difference between enforcing and permissive modes and show me how to switch them temporarily for testing."
Tips & Limitations
Always use this skill on a staging system before applying policy changes to production servers. Remember that SELinux is designed to be restrictive; always favor 'restorecon' for resetting file labels over manual 'chcon' overrides, as 'restorecon' aligns with the system's baseline policy. While the skill provides excellent troubleshooting advice via 'audit2why', ensure you review the generated audit logs manually to verify that an auto-generated policy fix does not grant excessive privileges to a potentially compromised service.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-bytesagain-selinux": {
"enabled": true,
"auto_update": true
}
}
}Tags
Flags: file-read, file-write
Related Skills
doctorbot-ci-validator
Stop failing in production. Validate your GitHub Actions, GitLab CI & Keep workflows offline with surgical precision. Born from Keep bounty research, perfected for agents.
arc-shield
Output sanitization for agent responses - prevents accidental secret leaks
AURA Security Scanner
Scan AI agent skills for malware, credential theft, prompt injection, and dangerous permissions before installing them
sbom-explainer
把依赖清单或 SBOM 翻译成非技术可读的风险说明,按影响面排序。;use for sbom, dependencies, risk workflows;do not use for 伪造 CVE 状态, 替代专业漏洞扫描.
securityvitals
Security vitals checker for OpenClaw. Scans your installation, scores your setup, and shows you exactly what to fix. First scan in seconds.