search for: ldz

...ecifically for mysql. I stopped myql and renamed /var/lib/mysql to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/ mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ I tried to changed the context on mysql with the following commands: # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?" # restore...

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr...

...to > > /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the > LV > > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > > /var/lib/mysql.old to /var/lib/mysql. > > > > But then I got a selinux problem: > > # ls -ldZ mysql.old/ mysql > > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > > > I tried to changed the context on mysql with the following commands: > > > > # semanage fcontext -a...

...storecon -R netdot/ When I list the contexts, it is part of the list.... [root@ local]# semanage fcontext -l | grep netdot ./netdot(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0 ... but does not appear on the directory itself: [root@ local]# ls -ldZ netdot/ drwxr-xr-x. root root unconfined_u:object_r:*usr_t*:s0 netdot/ I am expecting to see something like: drwxr-xr-x. root root unconfined_u:object_r:*httpd_sys_rw_content_t*:s0 netdot/ What am I doing wrong or do not understand? Thanks,

On 23 October 2017 at 19:18, Bernard Fay <bernard.fay at gmail.com> wrote: > Thanks, I managed to fix /var/lib/mysql > > # ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql > > To fix it, I tried: > semanage fcontext -d -e /var/lib/mysql > this command returned: > KeyError: /var/lib/mysql > I tried restorecon anyway: > restorecon -Rv /var/lib/mysql > But...

...ped myql and renamed /var/lib/mysql to > /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > /var/lib/mysql.old to /var/lib/mysql. > > But then I got a selinux problem: > # ls -ldZ mysql.old/ mysql > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > I tried to changed the context on mysql with the following commands: > > # semanage fcontext -a -t mysqld_db_t "/var/lib...

...way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. ........................................ # ls -ldZ /etc/<apps>/db drwx------ postgres postgres user_u:object_r:etc_t db # restorecon -v /etc/<apps>/db # ls -ldZ /etc/<apps>/db drwx------ postgres postgres user_u:object_r:etc_t db ------------------------------------------------------- Regards, James -----...

...> drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ > > > And if I do it the other way around, give the directory a type > samba_share_t then the tftp clients are unable to push files. > > # getenforce > Enforcing > [root at CTSFILESRV01 depot]# ls -ldZ tftp/ > drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/ > > > I would then to either create my own type or missing access rules as you > suggest. Unfortunately, this will be when I will have time which I don't > have at the moment. > > Thanks for you he...

...to > > /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the > LV > > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > > /var/lib/mysql.old to /var/lib/mysql. > > > > But then I got a selinux problem: > > # ls -ldZ mysql.old/ mysql > > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > > > I tried to changed the context on mysql with the following commands: > > > > # semanage fcontext -a...

...th equivalent to a mount point (XFS/Raid5 filesystem in my case. Well, I'm running CentOS 5.5 and it has SELinux enabled by default but the context on the share path is probably not allowing samba. you can check the context of the path with the -Z switch ls: [root at nas samba]# ls -ldZ /mnt drwxr-xr-x root root system_u:object_r:mnt_t /mnt In this case the context is "mnt_t", you need to change the context to samba_share_t [root at nas samba]# chcon -t samba_share_t /mnt/nas [root at nas samba]# ls -adZ /mnt/nas drwxr-x--- nas nas system_u:object_r:samba_sh...

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

...object_r:tftpdir_rw_t:s0 /depot/tftp/ > > > > > > And if I do it the other way around, give the directory a type > > samba_share_t then the tftp clients are unable to push files. > > > > # getenforce > > Enforcing > > [root at CTSFILESRV01 depot]# ls -ldZ tftp/ > > drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/ > > > > > > I would then to either create my own type or missing access rules as you > > suggest. Unfortunately, this will be when I will have time which I don't > > have at the moment....

...# getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then the tftp clients are unable to push files. # getenforce Enforcing [root at CTSFILESRV01 depot]# ls -ldZ tftp/ drwxrwxrwx. root root system_u:object_r:samba_share_t:s0 tftp/ I would then to either create my own type or missing access rules as you suggest. Unfortunately, this will be when I will have time which I don't have at the moment. Thanks for you help On Wed, Jul 6, 2016 at 11:07 AM, ??...

...P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba-share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_...

...P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba-share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_...

...> # If you create a new directory you want to share you should mark it as > # "samba-share_t" so that selinux will let you write into it. > # Make sure not to do that on system directories as they may already have > # been marked with othe SELinux labels. > # > # Use ls -ldZ /path to see which context a directory has > # > # Set labels only on directories you created! > # To set a label use the following: chcon -t samba_share_t /path > # > # If you need to share a system created directory you can use one of the > # following (read-only/read-write): &g...

...a new directory, such as a new top-level directory, label it # with samba_share_t so that SELinux allows Samba to read and write to it. Do # not label system directories, such as /etc/ and /home/, with samba_share_t, as # such directories should already have an SELinux label. # # Run the "ls -ldZ /path/to/directory" command to view the current SELinux # label for a given directory. # # Set SELinux labels only on files and directories you have created. Use the # chcon command to temporarily change a label: # chcon -t samba_share_t /path/to/directory # # Changes made via chcon are lost w...

...a new directory, such as a new top-level directory, label it # with samba_share_t so that SELinux allows Samba to read and write to it. Do # not label system directories, such as /etc/ and /home/, with samba_share_t, as # such directories should already have an SELinux label. # # Run the "ls -ldZ /path/to/directory" command to view the current SELinux # label for a given directory. # # Set SELinux labels only on files and directories you have created. Use the # chcon command to temporarily change a label: # chcon -t samba_share_t /path/to/directory # # Changes made via chcon are lost w...

...a new top-level directory, label it > # with samba_share_t so that SELinux allows Samba to read and write to it. Do > # not label system directories, such as /etc/ and /home/, with samba_share_t, as > # such directories should already have an SELinux label. > # > # Run the "ls -ldZ /path/to/directory" command to view the current SELinux > # label for a given directory. > # > # Set SELinux labels only on files and directories you have created. Use the > # chcon command to temporarily change a label: > # chcon -t samba_share_t /path/to/directory > # >...

...P samba_enable_home_dirs on # # If you create a new directory you want to share you should mark it as # "samba-share_t" so that selinux will let you write into it. # Make sure not to do that on system directories as they may already have # been marked with othe SELinux labels. # # Use ls -ldZ /path to see which context a directory has # # Set labels only on directories you created! # To set a label use the following: chcon -t samba_share_t /path # # If you need to share a system created directory you can use one of the # following (read-only/read-write): # setsebool -P samba_export_all_...