Documentation about SELinux and Collabora Online/CODE

Hello Nextcloud administrators and developers,

Is there someone here who has, or knows where I can find, good documentation about SELinux and Collabora Online / CODE?

The reason why ask this, is that SELinux, on my RHEL system (8.5), seems unreliable. Most of the times Collabora Online works (with SELinux in Enforcing mode) but sometimes it stops working and if I put SELinux in permissive mode it starts working again. It’s unclear why it sometimes stops working (in Enforcing mode).

Every time it stops working, I run sudo sealert -a /var/log/audit/audit.log and fix the SELInux warnings.

For example, I see the following error:

SELinux is preventing /tmp/appimage_extracted_700569c1915a86d7befb2e1e9f1b3d48/usr/bin/loolwsd from name_bind access on the tcp_socket port 9983.

And then run the proposed commands:

usearch -c 'loolwsd' --raw | audit2allow -M my-loolwsd
semodule -X 300 -i my-loolwsd.pp

Does somebody knows a 'bullet proof' way to tackle the SELinux issues?

Thanks in advance,

Scott Trakker

See more details at Documentation missing about Nextcloud Online/CODE and SELinux · Issue #157 · CollaboraOnline/richdocumentscode · GitHub

Any ideas?