Packet Capture fails to start on Linux due to SELinux


Article ID: 160222


Updated On:


Data Loss Prevention Network Monitor


Packet Capture won't start on Linux. In the PacketCapture.log file, there are error entries that state "PacketCapture could not elevate it's privileges".


One of the causes for this is if SELinux is enforcing. Symantec DLP requires that SELinux be disabled to be able to function properly. You can check if SELinux is running with the following command:


If it responds with: Disabled

SELinux is already disabled and is not causing this issue.

However if it says "Enforcing", SELinux is running and must be disabled

To disable Selinux, edit this file:


Change the entry "SELINUX=" to "disabled". This is case sensitive. This change requires a reboot of the linux box after making this change.