SELinux Blocking Grafana Connection

Estimated reading time: 3 minutes

If you’re using Grafana and finding it unable to connect over HTTP, it might be SELinux causing the problem. I recently faced this exact situation with SELinux Blocking Grafana Connections and went through a complete top-down troubleshooting process. I checked every config—network, Prometheus, LDAP, and Grafana itself—before realizing SELinux was behind it. This guide is for anyone facing similar issues and will save you from chasing the wrong leads!

Verify if SELinux is the Culprit

First, you’ll need to confirm if SELinux is actually blocking Grafana’s connection attempts. I started by checking SELinux’s status to ensure it was in enforcing mode, which logs all its actions:

If SELinux is set to enforcing, it actively blocks unauthorized actions and logs them. I knew that if Grafana’s connection failed, the log would have some details, so I attempted a connection to trigger any SELinux logging.

Generate and Check Audit Logs for SELinux Denials

After attempting the connection, I checked SELinux’s audit logs to find any relevant denials:

You can also search directly in the audit log using grep:

In the logs, look for entries showing denied actions related to the Grafana server. If SELinux is blocking the connection, it should mention the attempted access on your specified port. Here’s where I found confirmation—Grafana was indeed being blocked when trying to reach Prometheus over HTTPS.

Troubleshooting SELinux Denials

Once you know SELinux is blocking Grafana, you have options to address it. A good place to start is by adjusting SELinux booleans to allow Grafana the network access it needs. I used this command to list SELinux booleans specific to Grafana:

Another essential step was to ensure the httpd_can_network_connect boolean was enabled, allowing HTTP services like Grafana to connect over the network:

Additional SELinux Troubleshooting Tips

If the above doesn’t solve your issue, creating a custom SELinux policy for Grafana may be necessary. You can generate an SELinux policy using audit2allow, which converts your log findings into policy allowances:

1. Run audit2allow with the latest denial entries:

2. Apply the policy:

This process enables SELinux to permit the exact actions Grafana needs, based on the recent logs.

More Troubleshooting Tips for Grafana and SELinux

  1. Check Port Protocols and Security Groups: Ensure that the ports are open and accepting HTTP/HTTPS connections. In my case, I double-checked the security group settings and firewall rules.
  2. Verify Service Dependencies: If Grafana relies on other services like LDAP or Prometheus, make sure those services are configured to allow non-standard HTTP/HTTPS ports as well.
  3. Review Prometheus and LDAP Configurations: Don’t overlook configuration files in Grafana and other linked services, as their security policies may also prevent the connection.
  4. Restart Grafana After Changes: After making any SELinux or configuration changes, always restart the Grafana service:

Further reading

7 Comments

  1. Hi,

    I would like to write a free article for your website, on your choice of topic.

    We can send a few topic suggestions next if you are interested.

    I hope to hear from you soon

    Best regards,

  2. Hi there,

    We run a YouTube growth service, which increases your number of subscribers both safely and practically.

    – We guarantee to gain you 700-1500+ subscribers per month.
    – People subscribe because they are interested in your channel/videos, increasing likes, comments and interaction.
    – All actions are made manually by our team. We do not use any ‘bots’.

    The price is just $60 (USD) per month, and we can start immediately.

    If you have any questions, let me know, and we can discuss further.

    Kind Regards,
    Amelia

  3. Hi there,

    We run a Youtube growth service, where we can increase your subscriber count safely and practically.

    – Guaranteed: We guarantee to gain you 700-1500 new subscribers each month.
    – Real, human subscribers who subscribe because they are interested in your channel/videos.
    – Safe: All actions are done, without using any automated tasks / bots.

    Our price is just $60 (USD) per month and we can start immediately.

    If you are interested then we can discuss further.

    Kind Regards,
    Amelia

  4. Hi there,

    We run a TikTok growth service, which increases your number of followers both safely and practically.

    – We guarantee to gain you 700-1500+ followers per month.
    – People follow because they are interested in your profile, increasing likes, comments and interaction.
    – All actions are made manually by our team. We do not use any ‘bots’.

    The price is just $60 (USD) per month, and we can start immediately.

    If you have any questions, let me know, and we can discuss further.

    Kind Regards,
    Gemma

  5. Hi there,

    We run a TikTok growth service, where we can increase your follower count safely and practically.

    – Guaranteed: We guarantee to gain you 700-1500 new followers each month.
    – Real, human followers who follow because they are interested in your profile/videos.
    – Safe: All actions are done without using any automated tasks / bots.

    Our price is just $60 (USD) per month and we can start immediately.

    If you are interested then we can discuss further.

    Kind Regards,
    Gemma

  6. Hi there,

    We’re excited to introduce Mintsuite, the ultimate platform to enhance your online presence and drive results. Mintsuite empowers you to create stunning websites, manage social media like a pro, and generate traffic effortlessly.

    Create Stunning Websites
    Manage Social Media Effortlessly
    Generate Unlimited Traffic

    Grab Mintsuite now for just $16 (normally $180)!

    Check out the amazing features of Mintsuite here: https://furtherinfo.info/mint

    Thanks for your time,
    Arnette

Leave a Reply

Your email address will not be published. Required fields are marked *