search for: system_u

Displaying 20 results from an estimated 451 matches for "system_u".

2013 Nov 16
1
(no subject)
[root at ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd regular file system_u:object_r:tftpd...
2011 Nov 03
1
CentOS-5.7 + megaraid + SELinux : update problem
Hello, After updating to CentOS-5.7, I have a (small) problem : The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0. This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284 scontext=system_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file Chan...
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...images out of /var/lib/libvirt/images/. http://libvirt.org/drvqemu.html#securityselinux is saying that "If attempting to use disk images in another location, the user/administrator must ensure the directory has be given this requisite label. Likewise physical block devices must be labelled system_u:object_r:virt_image_t.". So did I: [root at vpl2 ~]# ls -dlZ /home/aik/virtimg /var/lib/libvirt/images drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /home/aik/virtimg drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /var/lib/libvirt/images [root at vpl2 ~]# ls -lZ /home/aik...
2013 Dec 19
1
quota and selinux on centos 6.5
...quota.user [root at CentOS active]# restorecon /var/spool/cron/aquota.user restorecon:? Warning no default label for /var/spool/cron/aquota.user Semanage reports this [root at CentOS active]#? semanage fcontext -l|grep quota /a?quota\.(user|group)???????????????????????????? regular file?????? system_u:object_r:quota_db_t:s0 /boot/a?quota\.(user|group)??????????????????????? regular file?????? system_u:object_r:quota_db_t:s0 /etc/a?quota\.(user|group)???????????????????????? regular file?????? system_u:object_r:quota_db_t:s0 /sbin/quota(check|on)????????????????????????????? regular file?????? sy...
2015 Jun 30
6
RPC server not available when windows client attempts to join samba AD
I am installing a new Samba 4.2 Active Directory server on CentOS 7. I followed the Wiki instructions on how to create the server. I am using sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but I cannot get any windows client to successfully join the domain. Each attempt returns the following error message "RPC Server in not available". Below are the config file
2020 Apr 03
2
Samba 4.12 SELinux context /var/run
Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct anymore: ``` root at files:~ # ls -la -Z /var/run/samba/ total 12 drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3 20:42 . drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3 18:39 .. drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3 18:39 ncalrpc drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3 18:39 nmbd -rw-r--r--. 1...
2020 Jul 25
3
tmpfs / selinux issue
Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" 0 0 # df -a |grep php tmpfs 16384 0 16384 0% /var/lib/php/session # ls -laZ /var/lib/php/session insgesamt 0 drwxrwx---. 2 root apache system_u:object_r:httpd_var_run_t:s0 40 24. Jul 15:36 . drwxr-xr-x. 6 root root system_u:object_...
2007 May 30
2
Centos 5 OpenVPN / SElinux
...r the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:10): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=fd May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:11): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:p...
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...es until you confirm that you've > found one (or a minimal combination) of rules that is causing dovecot > to crash and log a backtrace. Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cle...
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
...to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks (files in /dev) which attached to KVM guest has SELinux context which inaccessible from context of smartd process. [root at srv-1.home ~]# ls -laZ /dev/sd{a..f} brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sda brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sdb brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdc brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdd brw-rw----. qemu qemu system_u:obj...
2014 Mar 05
2
CentOS 5 + Quagga + SELinux
...;-) [0] https://bugzilla.redhat.com/show_bug.cgi?id=429252 [1] https://www.centos.org/forums/viewtopic.php?t=21040 type=AVC msg=audit(1393980136.848:15): avc: denied { add_name } for pid=2646 comm="zebra" name="zebra.conf.CxNsyz" scontext=root:system_r:zebra_t:s0 tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir type=SYSCALL msg=audit(1393980136.848:15): arch=40000003 syscall=5 success=no exit=-13 a0=8512960 a1=c2 a2=180 a3=1e6a6 items=0 ppid=1 pid=2646 auid=0 uid=92 gid=92 euid=92 suid=92 fsuid=92 egid=92 sgid=92 fsgid=92 tty=(none) ses=1 comm="zebra" exe=&quo...
2012 Mar 22
1
Does libvirt check MCS labels during hot-add disk image ?
...isk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c219,c564</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c219,c564</imagelabel> </seclabel> vm2 : <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c122,c658...
2012 Jan 13
1
SELinux and rsh+xauth
.../usr/bin/xauth nmerge - But when SELinux is in enforcing mode on Server, the commands fail with this message : bash: /usr/bin/xauth: Permission denied and /var/log/audit/audit.log shows the following errors : type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=217...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look
2008 Oct 30
1
nfs mounted /home and selinux
I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t nfs -o context=user_u:object_r:user_home_dir_t \ server001a:/vol/vol01/home /home $ ls -alZ /home drwxrwxr-x root root system_u:object_r:nfs_t . drwxr-xr-x root root...
2018 Oct 14
3
Centos7 & Selinux & Tor
...3002F7573722F73686172652F746F722F6465666175 6C74732D746F727263002D66002F6574632F746F722F746F727263002D2D76657269667 92D636F6E666967 type=PATH msg=audit(1539540150.692:60570): item=0 name="/var/lib/tor/hidden_service/" inode=201616393 dev=fd:02 mode=040700 ouid=494 ogid=490 rdev=00:00 obj=system_u:object_r:tor_var_lib_t:s0 objtype=NORMAL cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0 type=CWD msg=audit(1539540150.692:60570): cwd="/" type=SYSCALL msg=audit(1539540150.692:60570): arch=c000003e syscall=2 success=no exit=-13 a0=562d3767da80 a1=20000 a2=0 a3=1 it...
2020 Jul 26
1
tmpfs / selinux issue
...AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs /var/lib/php/session tmpfs >> defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" >> >> 0 0 >> >> # df -a |grep php >> tmpfs 16384 0 16384 0% /var/lib/php/session >> >> # ls -laZ /var/lib/php/session >> insgesamt 0 >> drwxrwx---. 2 root apache system_u:object_r:htt...
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
...ar 15 09:39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0...
2013 Apr 25
0
libvirt_lxc start problem when selinux enbale
Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6? 1. When selinux is Permissive?lxc start is ok The result of ?Ps auxZ? is? system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19219 0.3 0.0 19276 1532 ? Ss 15:26 0:00 /sbin/init system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19406 0.0 0.0 1774...