search for: dontaudit

Displaying 20 results from an estimated 21 matches for "dontaudit".

2019 Apr 16
4
Time Synchronisation - SELinux Labeling and Policy
...selinux to usw with ntpd but when i run (as described in wiki) semanage -a -t ntpd_t "/usr/local/samba/var/lib/ntp_signd" i have that error " usage: semanage [-h] {import,export,login,user,port,ibpkey,ibendport,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage: error: argument subcommand: invalid choice: 'ntpd_t' (choose from 'import', 'export', 'login', 'user', 'port', 'ibpkey', 'ibendport', 'interface', 'module', 'node', 'fcontext&...
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand
2010 Jul 23
1
postgresql copy to and selinux
I need to run a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir { getattr search }; I changed the "dir" type to tmpfs_t and I could write with "\copy" but not with "copy". Anyway, what are the best practices to allow postgresql &quo...
2018 May 04
2
Samba HOWTO wiki bug: chcon samba_share_t
...error: unrecognized arguments: samba_share_t /path/to/share > > What is "noise" exactly? I don't get errors from that command: The full message is: usage: semanage [-h] {import,export,login,user,port,interface,module,node,fcontext,boolean,permissive,dontaudit} ... semanage: error: unrecognized arguments: samba_share_t '/path/to/share(/.*)?'
2019 Apr 16
0
Time Synchronisation - SELinux Labeling and Policy
...ribed in wiki) > > semanage -a -t ntpd_t "/usr/local/samba/var/lib/ntp_signd" > > > i have that error > " > usage: semanage [-h] > > > {import,export,login,user,port,ibpkey,ibendport,interface,module,node,fcontext,boolean,permissive,dontaudit} > >                 ... > semanage: error: argument subcommand: invalid choice: 'ntpd_t' (choose > from 'import', 'export', 'login', 'user', 'port', 'ibpkey', 'ibendport', > 'interface', 'module', &...
2007 Mar 20
2
selinux ntp samba error message
Just prior to the time change, I made sure that ntpd and my timezone files were properly setup. Since this time, I've noticed the following errors: audit(1173310084.404:5): avc: denied { read } for pid=8634 comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662 scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t tclass=file I've not successfully (so
2012 Jan 11
2
SELinux blocking cgi script from "writing to socket (httpd_t)"
Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were
2008 Aug 10
7
SELinux
Hi list, I've knocked up a contribution on SELinux here: http://wiki.centos.org/HowTos/SELinux I've tried to pitch it as an introduction for those not already familiar with SELinux but also hopefully a useful reference. I'm relatively new to SELinux and have covered pretty much everything I know to the limits of my limited knowledge. If folks think other material needs to be
2013 Feb 13
4
[PATCH 0/3] FLASK policy build rework
These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build
2017 Feb 12
2
Centos7 and old Bind bug
On 02/12/2017 10:40 AM, Gordon Messmer wrote: > I'm not seeing those errors logged, either, so maybe your system > differs from mine. If I'm misreading, hopefully someone will chime in > to clarify. ... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd need to enable debugging (semodule -DB, and later use semodule -B to
2018 May 05
0
Samba HOWTO wiki bug: chcon samba_share_t
...gt; /path/to/share > > > > What is "noise" exactly? I don't get errors from that command: > > The full message is: > > usage: semanage [-h] > > {import,export,login,user,port,interface,module,node, > fcontext,boolean,permissive,dontaudit} > ... > semanage: error: unrecognized arguments: samba_share_t > '/path/to/share(/.*)?' You can check the labels using seinfo -t, below is what I had for samba samba_etc_t samba_initrc_exec_t samba_log_t samba_net_exec_t samba_net_t sam...
2019 May 08
2
Issues trying to change the selinux context
...bcommand: invalid choice: 'lib_t' (choose from 'import', 'export', 'login', 'user', 'port', 'ibpkey', 'ibendport', 'interface', 'module', 'node', 'fcontext', 'boolean', 'permissive', 'dontaudit') What am I doing wrong? mark
2018 May 04
4
Samba HOWTO wiki bug: chcon samba_share_t
In this wiki article: https://wiki.centos.org/HowTos/SetUpSamba ?there is a command down in section 2 that gives an error here on CentOS 7: $ sudo semanage fcontext ?at samba_share_t /path/to/share ?noise noise noise? semanage: error: unrecognized arguments: samba_share_t /path/to/share That and the following restorecon command can be replaced by a single shorter command, which
2014 Jun 20
2
mail delivery question
I've built a new mail system with Centos 6.5, and I'm running fetchmail - sendmail - procmail to maildir. I have all of this working at the moment.(I know, postfix was the default, but for lots of other reasons, I switched, and that isn't an issue, I don't think). I am using dovecot as an imap server. Procmail won't update indexes during email delivery, so I'm having some
2010 Mar 25
3
httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
Hi. CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly httpd fails to start up, getting an error message like: Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: failed to map segment from shared object: Permission denied I turned off SELinux and was able to start httpd. But what went
2018 Mar 04
3
sqlinux weirdness
...***** Plugin leaks (6.10 confidence) suggests ***************************** If you want to ignore mdadm trying to write access the rear-fcshome.log.lockless file, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # ausearch -x /usr/sbin/mdadm --raw | audit2allow -D -M my-mdadm # semodule -i my-mdadm.pp ***** Plugin catchall (1.43 confidence) suggests ************************** If you believe that mdadm should be allowed write access on the rear-fcshome.log.lockless file by default. Then...
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
...y. ***** Plugin leaks (86.2 confidence) suggests ****************************** If you want to ignore sendmail.postfix trying to read access the inotify directory, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/sbin/sendmail.postfix /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests *************************** If you believe that sendmail.postfix should be allowed read access on the inotify directory by...
2007 May 30
2
Centos 5 OpenVPN / SElinux
Hi, I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from Dag Wieers Repo. When OpenVPN is started during boot-up it just shows an SElinux related error message. When I start OpenVPN manually after the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel:
2018 Aug 21
5
selinux question
I have a web application which uses sudo to invoke python scripts as the user under which the application runs (NO root access).? Is there any reason why sudo would would require sys_ptrace access for this?? I only get this violation intermittenly, and not with every call to sudo.? Here's the violation: Summary: SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>
2014 Jun 30
0
Login failure with SElinux enforcing + Sqlite user DB
I am having a very strange issue with Dovecot + Sqlite + SELinux in enforcing. I am able to log in via IMAPS if SELinux is in permissive, but not able to do so when in enforcing. I do not see any SELinux denials even with dontaudit's enabled. I am running Centos 5 on x86_64 with a customized kernel build and SElinux Strict policy. The log dumps below are in the following order:? 1. My syslog output when SElinux is enforcing 2. My mail client's protocol log (using Sylpheed) 3. My syslog output when SElinux is permissiv...