From 8751924f2f9f1edb01bf11ee43b41c3dced87ff9 Mon Sep 17 00:00:00 2001
From: lacatoire <la.catoire@gmail.com>
Date: Tue, 10 Feb 2026 17:24:53 +0100
Subject: [PATCH] Add SELinux detection warning to preflight checks

When SELinux is in Enforcing mode, users frequently report being unable
to write to directories despite having 777 permissions. This adds a
warning in the preflight check when SELinux is detected in Enforcing
mode, with guidance on how to set the correct security contexts.

Fixes #1134
---
 preflight.inc.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/preflight.inc.php b/preflight.inc.php
index 99215104d..fb6d140c8 100644
--- a/preflight.inc.php
+++ b/preflight.inc.php
@@ -252,6 +252,18 @@ function get_base_url() {
 	}
 
 
+	// Check for SELinux
+	if(strtolower(PHP_OS)=='linux'){
+		exec("getenforce 2>/dev/null", $getenforce, $return);
+		if($return == 0 && isset($getenforce[0]) && $getenforce[0] == "Enforcing"){
+			$tests['selinux']['state']="warning";
+			$tests['selinux']['message']='SELinux is in Enforcing mode. If you have trouble writing to directories even with correct permissions, you may need to adjust SELinux contexts (e.g. <i>chcon -R -t httpd_sys_rw_content_t</i> on writable directories) or set appropriate booleans.';
+		}else{
+			$tests['selinux']['state']="good";
+			$tests['selinux']['message']='';
+		}
+	}
+
 	//Adding in some preliminary support for nginix
 	if(preg_match("/apache/i", $_SERVER['SERVER_SOFTWARE'])){
 		if(function_exists('apache_get_modules')){