By skyforbes Warsaw is a digital identity and anti-fraud tool developed by Diebold and used by several major Brazilian banks (Itaú, Caixa, Banco do Brasil, etc.). It relies on port 30900 to communicate with the browser and banking sites. SELinux, when in enforcing mode, blocks this port by default — which prevents Warsaw from functioning properly.
In my case, Warsaw would run, but the browser wouldn’t detect the service when SELinux was enforcing.
After some testing, I found SELinux was blocking Warsaw. Disabling SELinux worked, but I didn’t want to compromise system security. So I created a custom SELinux policy just for Warsaw.
🔧 Step-by-step:
- Set SELinux to permissive mode to capture denials:
sudo setenforce 0
-
Used Warsaw normally (accessing Itaú’s site) to generate audit logs.
-
Installed required tools:
sudo zypper install policycoreutils selinux-tools audit audit-utils
-
Generated policy based on Warsaw’s core process:
sudo ausearch -c 'core' --raw | audit2allow -M warsaw_local
-
Installed the policy:
sudo semodule -i warsaw_local.pp
-
Returned SELinux to enforcing mode:
sudo setenforce 1
✅ Result:
- Warsaw now works normally on Leap.
- SELinux remains active, with a policy that allows only what Warsaw needs.
- Port 30900 is no longer blocked.
- Security preserved + functionality guaranteed.
🧪 Additional testing:
I also ran extensive tests on openSUSE Tumbleweed. Despite all dependencies being satisfied, the service starting correctly, and both SELinux and AppArmor disabled, Warsaw did not open port 30900. I couldn’t get it to work there — which makes Leap the more viable option for now.
💡 Final tip:
If you’re struggling with Guardião Itaú or other Brazilian banking tools on Linux, try this approach instead of disabling SELinux or AppArmor entirely. It keeps your system protected while letting you use your bank without headaches.