EDR Server: How to modify SELinux security contexts
search cancel

EDR Server: How to modify SELinux security contexts


Article ID: 290227


Updated On:


Carbon Black EDR (formerly Cb Response)


How to use the cbcheck utility to apply correct SELinux security contexts to resolve cb-enterprise service start issues.


  • EDR (Formerly CB Response) Server: All Versions
  • CentOS: 7.x and Higher
  • Red Hat: 7.x and Higher
  • SELinux enabled


1. On each EDR server, find out if there are any SELinux security context mismatches:
/usr/share/cb/cbcheck selinux --mismatch

2. If there are no mismatches, do not proceed with these steps.
3. If mismatches are present, first ensure services are stopped by following the stop section in https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-restart-server-services/ta-p/41294. Do not start services.
4. Apply the correct SELinux security contexts:
/usr/share/cb/cbcheck selinux --apply
5. Confirm there are no mismatches:
/usr/share/cb/cbcheck selinux --mismatch
6. Start services: https://community.carbonblack.com/t5/Knowledge-Base/CB-Response-How-to-restart-server-services/ta-p/41294 

Additional Information

To check if SELinux is enabled, use the following command:
$ sestatus 
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 24
Policy from config file:        targeted