similar to: semodule - global requirements not met

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

Hello CentOS Docs People! I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines. My wiki username is WilliamFong.

On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc

On Thu, December 4, 2014 12:29, James B. Byrne wrote: > > Re: SELinux. Do I just build a local policy or is there some boolean setting > needed to handle this? I could not find one if there is but. . . > Anyone see any problem with generating a custom policy consisting of the following? grep avc /var/log/audit/audit.log | audit2allow #============= amavis_t ============== allow

On Fri, December 5, 2014 04:53, Daniel J Walsh wrote: > > On 12/04/2014 03:22 PM, James B. Byrne wrote: >> On Thu, December 4, 2014 12:29, James B. Byrne wrote: >>> Re: SELinux. Do I just build a local policy or is there some boolean >>> setting >>> needed to handle this? I could not find one if there is but. . . >>> >> Anyone see any problem

CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) Is there something going on in selinuxland with respect to clamav, amavisd-new and postfix? Since the most recent update of clamav I seem to be detecting more avc's. It may be that it is because I am looking for them more frequently but it seems to me that

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t

CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) /var/log/maillog Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl from read access on the file online. For complete SELinux messages. run sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a Dec 11 16:52:10 inet18 setroubleshoot: SELinux is

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

we have remote server running as a guest instance on a kvm host. This server acts as a public MX service for our domains along with providing a backup for our Mailman mailing lists. It also has a slave named service. while tracking down a separate problem I discovered these avc anomalies and ran audit2allow to see what was required to eliminate them. All the software is either from CentOS or

I've got a Mailman installation running on CentOS 4 that I'd like to migrate to a CentOS 6 box. My big obstacle at present is getting Mailman's mm-handler Perl script to run as a Sendmail local mailer with SELinux enabled. I've tried changing mm-handler's selinux context type a few times, but nothing has resulted in success: context result

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must

On 17/06/15 15:27, Tim Dunphy wrote: >> Try something like: >> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix >> semodule -i zabbix.pp > > > Thanks for your response! However this is what happens when I try to > install the module: > > [root at monitor2:~] #semodule -i zabbix.pp > libsepol.print_missing_requirements: zabbix's global

Hey guys,. I have a centos 7 machine I'm using as a zabbix server. And I noticed that apache won't start, with this complaint in the error log: (13)Permission denied: AH00091: httpd: could not open error log file /var/log/zabbix_error_log. AH00015: Unable to open logs I tried having a look at audit2allow and this is the response I get back: [root at monitor2:/etc/httpd] #grep http

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp

File a bug!!! On 2 April 2015 at 16:20, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > On Wed, April 1, 2015 16:09, Andrew Holway wrote: > > I used the command: semanage port -m -t http_port_t -p tcp 8000 > > to relabel a port. perhaps you could try: > > "semanage port -m -t unconfined_t -p tcp 8000" > > Failing that; would it work to run your