search for: bin_t

...fcontext -a -t httpd_sys_content_t "/web(/.*)?" # restorecon -R -v /web If semanage worked "normally", I'd have been able to do semanage fcontext -m -t lib_t "/path/smwa/webagent/bin/*.so" Hmmm, didn't complain when I did that... but they're still bin_t, not lib_t. On the selinux list, I was asked for the context of the directory, which is bin_t, which might be correct... if the idiots of CA had a ./lib directory, which they do not. Windows turkeys.... mark mark

...puppet://$puppetserver/modules/nagios/nagios/libexec/nrpe", owner => ''root'', group => ''root'', notify => Service[''nagios''], } exec { ''chcon'': command => "/usr/bin/chcon -R -t bin_t /usr/sbin/nrpe", subscribe => File[''/usr/sbin/nrpe''], } What happens is that Puppet always updates the file because the seltype appears to be wrong. This means that the exec is always called and the service is always restarted: notice: /File[/usr/sbin/nrpe]/seltype:...

..._no_trans access on the file /usr/bin/uname.#012#012***** <...> May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/mailx.#012#012***** <...> I did do an ll =Z /usr/bin, and everything looks correct (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. No? Yes? File a bug report? mark

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

We're forced to use Siteminder, by CA, who have no clue what they're doing in *nix. No packages, tarballs... Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all their binaries, including .so's, are in there, duh... I'm trying to set the .so's to lib_t. semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so" gives me the

...s selinux context type a few times, but nothing has resulted in success: context result ------------------- ----------------------------------------- etc_mail_t sendmail can't execute mm-handler mailman_mail_exec_t mm-handler can't load perl modules bin_t mm-handler can't read Mailman data sendmail_exec_t mm-handler can't read Mailman data I'm willing and able to whip up a local policy modification, but I thought I'd ask if there's a standard solution to this problem; my Google searches have so far prove...

...r/ 10470 procmail: Unlocking "/home/campbell/.lockmail" procmail: Executing "/usr/libexec/dovecot/deliver,-m,/home/campbell/Maildir/" /bin/sh: /usr/libexec/dovecot/deliver: Permission denied ls -laFZ /usr/libexec/ <snip> drwxr-xr-x. root root system_u:object_r:bin_t:s0 dovecot/ <snip> ls -laFZ /usr/libexec/dovecot <snip> lrwxrwxrwx. root root system_u:object_r:bin_t:s0 deliver -> dovecot-lda* -rwxr-xr-x. root root system_u:object_r:dovecot_deliver_exec_t:s0 dovecot-lda* <snip> It doesn't matter whether I reference the lin...

...system_u:object_r:clamd_exec_t:s0 /usr/bin/clamscan -- system_u:object_r:clamscan_exec_t:s0 /usr/bin/clamdscan -- system_u:object_r:clamscan_exec_t:s0 /usr/bin/freshclam -- system_u:object_r:freshclam_exec_t:s0 /usr/share/clamav/clamd-gen -- system_u:object_r:bin_t:s0 /var/spool/amavisd/clamd\.sock -s system_u:object_r:clamd_var_run_t:s0 /usr/share/clamav/freshclam-sleep -- system_u:object_r:bin_t:s0 Is there something I don't understand or does this need to be bugzilla'd? Upstream? Craig -- This message has been scanned for viruses and da...

...sp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now seeing in /var/log/audit/audit.log : type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s...

.../bin/uname.#012#012***** > <...> May 28 17:02:47 <servername> python: SELinux is preventing > /usr/bin/bash from execute access on the file > /usr/bin/mailx.#012#012***** <...> > > I did do an ll =Z /usr/bin, and everything looks correct > (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. > No? Yes? File a bug report? > > mark > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > I saw the same be...

...made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module puppet_passenger 1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace };...

...llow creates and add it to this file, then re-compile, package # # and update the kernel. # ############################################################################ module local_postfix 1.0; require { type admin_home_t; type bin_t; type default_t; type dovecot_t; type dovecot_deliver_t; type dovecot_deliver_exec_t; type dovecot_var_log_t; type etc_runtime_t; type fs_t; type home_root_t; type httpd_config_t; type httpd_t; type initrc_t;...

...file /usr/bin/uname.#012#012***** <...> > May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/mailx.#012#012***** <...> > > I did do an ll =Z /usr/bin, and everything looks correct > (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. > No? Yes? File a bug report? > > mark > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > I saw the same be...

.../usr/bin/uname.#012#012***** > <...> > May 28 17:02:47 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/mailx.#012#012***** <...> > > I did do an ll =Z /usr/bin, and everything looks correct > (system_u:object_r:bin_t:s0). Given that, looks to me like a policy bug. > No? Yes? File a bug report? > > mark > > -- > selinux mailing list > selinux at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux What is the avc that you are seeing? ausearch -m avc...

...I compiled openntpd-6.0p1 and it runs great on centos7, but have not had much luck with selinux contexts for it. This is what I tried- semanage fcontext -a -t ntp_conf_t /usr/local/etc/ntpd.conf # seems to work semanage fcontext -a -t ntpd_exec_t /usr/local/sbin/ntpd # gets reset on reboot to bin_t and/or stops ntpd from working semanage fcontext -a -t ntpd_exec_t /usr/local/sbin/ntpctl # stops ntpd from working semanage fcontext -a -t ntp_drift_t /usr/local/var/db/ntpd.drift # seems ok No idea about context for /usr/local/var/db/ntpd.sock Thanks in advance for any help, jl

...Upgrade 3.3.5-3.fc23.x86_64 @updates The missing part in the above logs is about a kernel update. May the_"Permission denied"_ error be related to SELinux ? Here're the contexts for R and ldpaths: $ ls -lhZ /usr/bin/R /usr/lib64/R/etc/ldpaths system_u:object_r:bin_t:s0 8.6K /usr/bin/R unconfined_u:object_r:lib_t:s0 574 /usr/lib64/R/etc/ldpaths Something weird is that RStudio keeps running as it used to do earlier when R on the command line was still _allowed_ to run. The root's shell gives no error, too. # R --version R version 3.2.3 (2015-12-10) --...

I am getting this error from the SELinux troubleshooter SELinux is preventing rsync (/usr/bin/rsync) "search" to bin (bin_t) I can fix this easily enough but I want to ask why is rsync searching /bin as a repository? Is this a bug in the program or is the default SELinux configuration wrong for rsync? Regards, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB...

Hi, I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better. I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed? -- Drew Einhorn --------------

Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be gettin...

...ee booleans will solve most of the problem. > > httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write > > > On 12/03/2014 03:55 AM, John Beranek wrote: > > Mark: Labels look OK, restorecon has nothing to do, and: > > > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > > > I'll send the audit log on to Dan. > > > > Cheers, > > > > John > > > > On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com&...