Displaying 20 results from an estimated 200 matches similar to: "SELinux is preventing 11-dhclient from add_name access on the directory chrony.servers.wlp8s0."
2003 Nov 13
0
2 AGI questions..
Question 1..
Do the "say number" and "say digits" commands in AGI scritps work?
If I use "EXEC SayNumber 123" it works but is I try "say number 123" it
doesn't.. I think I have the syntax right becaasue thats how its shown
when typing "show agi" on a console and also on the agi pages I have
looked at..
Question 2..
Can an AGI script be
2016 Feb 29
0
Odd selinux complaints on new, fully updated CentOS 7
Just installed 7.2, and I'm seeing this - is this a bug in the policy?
**************************
SELinux is preventing systemd-readahe from add_name access on the
directory .readahead.new.
***** Plugin catchall_labels (83.8 confidence) suggests
*******************
If you want to allow systemd-readahe to have add_name access on the
.readahead.new directory
Then you need to change the
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit :
> I thought I had this fixed, but I do not. I was away from this problem
> working on other matters, and came back (after a reboot) and it is still
> there, so I suspect when I thought I had it 'fixed' I was running with
> setenforce 0 from another problem (that is fixed).
>
> So anyone know how to get
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
Hello,
I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.
I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf
I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.
Any help, please?
# setenforce Permissive
# service nagios start
#
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Thanks Laurent. You obviously know a LOT more about SELinux than I. I
pretty much just use commands and not build policies. So I need some
more information here.
From what you provided below, how do I determine what is currently in
place and how do I add your stuff (changing postgresql with mysql, nat.)
thanks
On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017
2012 Nov 22
0
Still cannot manage folders through Samba4 with SELinux samba_export_all_rw enabled
Hello,
I have Samba 4 installed with some correctly configured shares so I can
access them from my Windows box. It is a proven setup from an older
Fedora+Samba setup, though on that other machine I have SELinux
disabled. So I set samba_export_all_rw=1 to be able to access the shares
whose files and directories are labelled public_content_rw_t by issuing:
semanage fcontext -a -t
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've
got it working well enough that I can switch selinux enforcing back on
again.
I've done the usual-
- grab a chunk of the audit.log that is relevant to all the actions
that would be denied.
- do 'cat audit.log | audit2allow -M amavis' to generate the module
- amavis.te looks like:
module amavis 1.0;
2012 Oct 02
1
SELinux, Amavis, Clamav
Regarding the brilliant wiki site:
http://wiki.centos.org/HowTos/Amavisd?highlight=%28Amavis%29
I faced the following issue on CentOS 6.2:
"Spamassind" saves each message and its attached part in a folder in
clamd accesses the folder, creates itself a temporary folder and deletes
it afterwards. This was stopped by SELinux and caused the virus scan to
fail.
This action causes SE-Linux
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2016 Sep 16
0
SELinux module
I do not want to disable SELinux at large but only for a directory and its
sub-directories.
On Fri, Sep 16, 2016 at 8:31 AM, Eddie G. O'Connor Jr. <eoconnor25 at gmail.com
> wrote:
> Not sure about most others, but I was always told that you never disable
> Selina. Of course that is in a business/corporate setting. If it's just
> you at home with a few servers? Then
2016 Sep 16
2
SELinux module
Hello everyone,
I have a problem with oddjob_mkhomedir on a NFS mount point. The actual
context is nfs_t
drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/
With this type, oddjob_mkhomedir cannot do is job of creating home user
directories.
In the logs, I found about creating a new module with audi2allow and
semodule:
[root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598
2019 Nov 13
0
Centos 8 server rebooting...
Can someone provide some guidance with my server, I have a fairly new
centos 8 server, pretty much just a KVM host but I have noticed that its
dumping and rebooting at various times. Journalctl does not go back past
the reboot so I am unable to catch what may be causing it, it appears to be
KVM from /var/log/messages and it appears I should have a kernel dump file
but I am unable to find it. I
2006 Jun 07
1
Apache php and exim
Hello,
I'm using the targeted policy.
PHP's mail() function fails because of selinux.
audit(1149662369.454:2): avc: denied { setgid } for pid=18085
comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
When i turn to permisive mode:
audit(1149668677.105:12): avc: denied { setuid } for pid=29159
2007 Jun 12
1
Selinux custom policy issue - Centos 5
Hi,
I've got a Centos 5 box (recently replaced a Centos4 box of the
same function). The means of applying custom SELinux policy has changed
somewhat from 4->5. I've got it mostly figured out; I have a local.te
file with my custom policy and also which defines a few new file types,
and a local.fc with appropriate defintions of file contexts. When I
run:
# checkmodule -M -m -o
2014 Mar 05
2
CentOS 5 + Quagga + SELinux
Hello All,
Does anyone happen to be running Quagga on CentOS 5 with SELinux in
enforcing mode?
Have you had to create SELinux policies or did it "just work" out of the
box?
(I'll get around to building this out on CentOS 6 as well.)
I'm simply trying to write my config (for the zebra daemon) and it can't be
written...
Looks like this bug from Fedora 8 in 2008 [0] remains
2016 Jul 06
0
How to have more than on SELinux context on a directory
I can access /depot/tftp from a tftp client but unable to do it from a
Windows client as long as SELinux is enforced. If SELinux is permissive I
can access it then I know Samba is properly configured.
# getenforce
Enforcing
# ls -dZ /depot/tftp/
drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/
And if I do it the other way around, give the directory a type
samba_share_t then
2017 Oct 27
0
Fwd: Network interface regression on F26 VM after 4.13/4.12 kernel update
I did not hear back on this posting so I figured I was addressing the wrong audience.
Maybe someone on the host-side better understands how the 4.12 kernel is interacting with KVM.
Thanks,
-Philip
> Begin forwarded message:
>
> From: Philip Prindeville <philipp_subx at redfish-solutions.com>
> Subject: Network interface regression on F26 VM after 4.13/4.12 kernel update
2016 Jul 06
2
How to have more than on SELinux context on a directory
> If I understand well, I could add a type to another type?!?!?!
No.
The default targeted policy is mostly about Type Enforcement. Quote from
the manual:
"All files and processes are labeled with a type: types define a SELinux
domain for processes and a SELinux type for files. SELinux policy rules
define how types access each other, whether it be a domain accessing a
type, or a