search for: avcs

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

Hello CentOS / RedHat / IBM folks! I am wondering if I can get a communication channel opened with someone who can affect changes win upstream RHEL? I don't have support accounts with RHEL, and use CentOS almost exclusively. I did have a direct email conversation with Mr. Daniel Walsh regarding these problems, but his answer was to create custom policy to allow what's being denied, as

...rt would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need to turn on debugging (logging the otherwise silent AVCs) to figure this out, in order to provide information that the maintainers can use to actually fix the problem. So, similar to the previous process: 1: semodule -DB 2: setenforce permissive 3: tail -f /var/log/audit/audit.log | grep AVC 4: use the service, exercise each function that's const...

Hello, I'm using HP homeserver where host system run CentOS 6.3 with KVM virtualization with SELinux enabled, guests too run the same OS (but without SELinux, but this does not matter). Host system installed on mirrors based on sda and sdb physical disks. sd{c..f} disks attached to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks

...pful. > > I'm looking back at the message you wrote describing errors in > ld-2.17.so. I think what's happening is that the policy on your > system includes a silent rule that somehow breaks your system. You'll > need to turn on debugging (logging the otherwise silent AVCs) to > figure this out, in order to provide information that the maintainers > can use to actually fix the problem. > > So, similar to the previous process: > > 1: semodule -DB > 2: setenforce permissive > 3: tail -f /var/log/audit/audit.log | grep AVC > 4: use the servi...

Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" 0 0 # df -a |grep php tmpfs 16384 0 16384 0%

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: > > ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >> Hi all, >> >> I have some AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

Hi! I am trying libvirt on POWERPC64 with the default settings such as selinux enabled. It is all good till I move images out of /var/lib/libvirt/images/. http://libvirt.org/drvqemu.html#securityselinux is saying that "If attempting to use disk images in another location, the user/administrator must ensure the directory has be given this requisite label. Likewise physical block devices

What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you

...ppeared in our log on January 4. Yum history indicates that there were updates on Jan 2 and Jan 8. The Jan 2 update was to Webmin alone. I doubt that had anything to do with this. I am not sure what to think at them moment. Is there something wrong with SETroubleShoot? I can work around these avcs with a local policy but in the event the issue is not our error this may have wider implications so I am posting the details here. I am also seeing avcs relating to bash accessing ldconfig. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB a...

PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root

Fix formatting of Flask AVC audit messages so that existing policy tools can parse them. After applying, ''xm dmesg | audit2allow'' yields the expected result. Signed-off-by: Stephen D. Smalley <sds@tycho.nsa.gov> Signed-off-by: George S. Coker, II <gscoker@alpha.ncsc.mil> --- xen/xsm/flask/avc.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-)

Hi, I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

Hi Leon, have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ? Best Regards, Strahil Nikolov ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >Hi all, > >I have some AVC in the logs and wonder how to resolve this: Under >EL8 (enforcing SElinux) I have /var/lib/php/session mounted as

...e/doc/amavisd-new-2.10.1/test-messages/README > > It failed accessing mysql with the following maillog messages: Yes, but the policy you added earlier only granted MySQL access to dovecot. For postfix, you'll want to check for booleans first and then create a policy (without debugging AVCs) if no boolean exists, and then look at debugging AVCs if there are still issues (which is *almost* never the case). > > When I get home Monday, I am going to rebuild the server. That would be good. Keep a log of *all* of the changes you make to the system, from the very beginning. Onc...

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

...: SELinux is preventing the deliver from using potentially mislabeled files (2F746D702F646F7665636F742E64656C697665722E2E313233313235363636372E373934302E35336630663930386635613937373132202864656C6574656429). For complete SELinux messages. run sealert -l afe6e0ae-8c2e-4882-925b-b15e26da2a15 And the AVCs for those: node=jukebox.alleroedderne.adsl.dk type=AVC msg=audit(1231439791.493:10819): avc: denied { search } for pid=9073 comm="deliver" name="tmp" dev=sda3 ino=786433 scontext=system_u:system_r:dovecot_deliver_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=dir node=jukeb...

I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6 virtual guest: ---- time->Thu Dec 4 12:14:58 2014 type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2 success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698 pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2784 comm="trivial-rewrite"