CentOS8 Stream - what is security context in files permissions and how it can affect access?
Solution 1:
SELinux is a role based access control system that can control in fine detail what a process is allowed to do. For example, a web server is more secure when it cannot read say /etc/shadow
even as root user, nor start a web shell. Security context is fundamental to this system and has been there since the beginning.
SELinux file context is separate thing from UNIX permissions or extended ACLs. All have to allow; yes selinux can deny when basic file permissions would indicate allowed.
Read the RHEL 8 Using SELinux manual and the CentOS wiki page on SELinux. Use the troubleshooting tools there, in particular sealert -a /var/log/audit/audit.log
Review any denials around the time of your application problem. Check if any Booleans exist to toggle behavior you want.