Displaying 20 results from an estimated 451 matches for "system_u".
2013 Nov 16
1
(no subject)
[root at ipa tftpboot]# semanage fcontext -l | grep tftp
/tftpboot directory
system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files
system_u:object_r:tftpdir_t:s0
/usr/sbin/atftpd regular file
system_u:object_r:tftpd_exec_t:s0
/usr/sbin/in\.tftpd regular file
system_u:object_r:tftpd...
2011 Nov 03
1
CentOS-5.7 + megaraid + SELinux : update problem
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm="smartd"
name="megadev0" dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Chan...
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...images out of /var/lib/libvirt/images/.
http://libvirt.org/drvqemu.html#securityselinux is saying that "If
attempting to use disk images in another location, the user/administrator
must ensure the directory has be given this requisite label. Likewise
physical block devices must be labelled system_u:object_r:virt_image_t.".
So did I:
[root at vpl2 ~]# ls -dlZ /home/aik/virtimg /var/lib/libvirt/images
drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /home/aik/virtimg
drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /var/lib/libvirt/images
[root at vpl2 ~]# ls -lZ /home/aik...
2013 Dec 19
1
quota and selinux on centos 6.5
...quota.user
[root at CentOS active]# restorecon /var/spool/cron/aquota.user
restorecon:? Warning no default label for /var/spool/cron/aquota.user
Semanage reports this
[root at CentOS active]#? semanage fcontext -l|grep quota
/a?quota\.(user|group)???????????????????????????? regular file?????? system_u:object_r:quota_db_t:s0
/boot/a?quota\.(user|group)??????????????????????? regular file?????? system_u:object_r:quota_db_t:s0
/etc/a?quota\.(user|group)???????????????????????? regular file?????? system_u:object_r:quota_db_t:s0
/sbin/quota(check|on)????????????????????????????? regular file?????? sy...
2015 Jun 30
6
RPC server not available when windows client attempts to join samba AD
I am installing a new Samba 4.2 Active Directory server on CentOS 7. I
followed the Wiki instructions on how to create the server. I am using
sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but
I cannot get any windows client to successfully join the domain. Each
attempt returns the following error message "RPC Server in not available".
Below are the config file
2020 Apr 03
2
Samba 4.12 SELinux context /var/run
Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct
anymore:
```
root at files:~ # ls -la -Z /var/run/samba/
total 12
drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
20:42 .
drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
18:39 ..
drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 ncalrpc
drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 nmbd
-rw-r--r--. 1...
2020 Jul 25
3
tmpfs / selinux issue
Hi all,
I have some AVC in the logs and wonder how to resolve this: Under
EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
# tail -1 /etc/fstab
tmpfs /var/lib/php/session tmpfs
defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0"
0 0
# df -a |grep php
tmpfs 16384 0 16384 0% /var/lib/php/session
# ls -laZ /var/lib/php/session
insgesamt 0
drwxrwx---. 2 root apache system_u:object_r:httpd_var_run_t:s0 40 24.
Jul 15:36 .
drwxr-xr-x. 6 root root system_u:object_...
2007 May 30
2
Centos 5 OpenVPN / SElinux
...r
the system has come up completely it works fine.
Here are all the messages from /var/log/messages that are SElinux related:
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:10): avc:
denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs
ino=1396 scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=fd
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:11): avc:
denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs
ino=1396 scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:p...
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...es until you confirm that you've
> found one (or a minimal combination) of rules that is causing dovecot
> to crash and log a backtrace.
Here are the messages I got:
type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh }
for pid=3047 comm="cleanup"
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1
type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for
pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_cle...
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
...to KVM guest (whole disks, not partitions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks (files in /dev) which attached to KVM guest has SELinux context
which inaccessible from context of smartd process.
[root at srv-1.home ~]# ls -laZ /dev/sd{a..f}
brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sda
brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sdb
brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdc
brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdd
brw-rw----. qemu qemu system_u:obj...
2014 Mar 05
2
CentOS 5 + Quagga + SELinux
...;-)
[0] https://bugzilla.redhat.com/show_bug.cgi?id=429252
[1] https://www.centos.org/forums/viewtopic.php?t=21040
type=AVC msg=audit(1393980136.848:15): avc: denied { add_name } for
pid=2646 comm="zebra" name="zebra.conf.CxNsyz"
scontext=root:system_r:zebra_t:s0
tcontext=system_u:object_r:zebra_conf_t:s0 tclass=dir
type=SYSCALL msg=audit(1393980136.848:15): arch=40000003 syscall=5
success=no exit=-13 a0=8512960 a1=c2 a2=180 a3=1e6a6 items=0 ppid=1
pid=2646 auid=0 uid=92 gid=92 euid=92 suid=92 fsuid=92 egid=92 sgid=92
fsgid=92 tty=(none) ses=1 comm="zebra" exe=&quo...
2012 Mar 22
1
Does libvirt check MCS labels during hot-add disk image ?
...isk images. It even
accepts addition of disk images of other guest running on the host.
Steps followed to create this scenario :
Started two VMs with following security configurations:
vm1:
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c219,c564</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c219,c564</imagelabel>
</seclabel>
vm2 :
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c122,c658...
2012 Jan 13
1
SELinux and rsh+xauth
.../usr/bin/xauth nmerge -
But when SELinux is in enforcing mode on Server, the commands fail with
this message :
bash: /usr/bin/xauth: Permission denied
and /var/log/audit/audit.log shows the following errors :
type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=217...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be related
> to Selinux.
> If it does not change yout problem, you may want to look
2008 Oct 30
1
nfs mounted /home and selinux
I'm trying to set the context on an nfs mounted /home. I believe
exactly like in Redhat's Deployment Guide at
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html
On my system running CentOS 5.2:
$ ls -alZ /home
drwxr-xr-x root root system_u:object_r:home_root_t .
drwxr-xr-x root root system_u:object_r:root_t ..
$ mount -t nfs -o context=user_u:object_r:user_home_dir_t \
server001a:/vol/vol01/home /home
$ ls -alZ /home
drwxrwxr-x root root system_u:object_r:nfs_t .
drwxr-xr-x root root...
2018 Oct 14
3
Centos7 & Selinux & Tor
...3002F7573722F73686172652F746F722F6465666175
6C74732D746F727263002D66002F6574632F746F722F746F727263002D2D76657269667
92D636F6E666967
type=PATH msg=audit(1539540150.692:60570): item=0
name="/var/lib/tor/hidden_service/" inode=201616393 dev=fd:02
mode=040700 ouid=494 ogid=490 rdev=00:00
obj=system_u:object_r:tor_var_lib_t:s0 objtype=NORMAL
cap_fp=0000000000000000 cap_fi=0000000000000000 cap_fe=0 cap_fver=0
type=CWD msg=audit(1539540150.692:60570): cwd="/"
type=SYSCALL msg=audit(1539540150.692:60570): arch=c000003e syscall=2
success=no exit=-13 a0=562d3767da80 a1=20000 a2=0 a3=1 it...
2020 Jul 26
1
tmpfs / selinux issue
...AVC in the logs and wonder how to resolve this: Under
>> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
>>
>>
>> # tail -1 /etc/fstab
>> tmpfs /var/lib/php/session tmpfs
>> defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0"
>>
>> 0 0
>>
>> # df -a |grep php
>> tmpfs 16384 0 16384 0% /var/lib/php/session
>>
>> # ls -laZ /var/lib/php/session
>> insgesamt 0
>> drwxrwx---. 2 root apache system_u:object_r:htt...
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
...ar 15 09:39 /var/lib/asterisk/astdb.sqlite3
>
>
> [root at localhost ~]# tail -f /var/log/audit/audit.log
> type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
> type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0...
2013 Apr 25
0
libvirt_lxc start problem when selinux enbale
Hi?all?
the problem came out when selinux was enforced in targeted+MCS
I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6?
1. When selinux is Permissive?lxc start is ok
The result of ?Ps auxZ? is?
system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name
system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19219 0.3 0.0 19276 1532 ? Ss 15:26 0:00 /sbin/init
system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19406 0.0 0.0 1774...