search for: dwalsh

...ow access by executing: # setsebool -P allow_ypbind 1 --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanhorn at wright.edu On 6/6/17, 9:29 AM, "Daniel Walsh" <dwalsh at redhat.com> wrote: If you run this avc though audit2why what does it say?

On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: >I am asking if you run it again, does it change. If the boolean is set >the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then...

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>&gt...

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >>...

Indeed, thanks Dan - it doesn't get us to a completely clean running that would allow us to run our Node app as we are under Passenger with SELinux enforcing, but it at least has stopped the excessive amount of AVCs we were getting. John On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote: > Looks like turning on three booleans will solve most of the problem. > > httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write > > > On 12/03/2014 03:55 AM, John Beranek wrote: > > Mark: Labels look OK, restorecon has nothing to do, and: &gt...

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t

Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be getting hundreds of AVC's a day. > > ausearch -m avc,user_avc -ts today > > On 12/02/2014 05:08 AM, John Beranek wrote: > > I'll jump in here to say we'll try your su...

On Thursday, August 21, 2014 12:00:03 centos-request at centos.org wrote: > Re: [CentOS] SELinux vs. logwatch and virsh > From: Daniel J Walsh <dwalsh at redhat.com> > To: CentOS mailing list <centos at centos.org> > > On 08/18/2014 02:13 PM, Bill Gee wrote: > > Hi Dan - > > > > "ausearch -m avc -ts recent" produces no output. If I run it as "ausearch > > -f virsh" then it produces...

...ing to do, and: > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > I'll send the audit log on to Dan. > > Cheers, > > John > > On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > >> Could you send me a copy of your audit.log. >> >> You should not be getting hundreds of AVC's a day. >> >> ausearch -m avc,user_avc -ts today >> >> On 12/02/2014 05:08 AM, John Beranek wrote: >>> I'll jump i...

...9540-18c4040be03c Dec 2 10:04:06 server setroubleshoot: last message repeated 2 times Dec 2 10:04:06 server sedispatch: AVC Message for setroubleshoot, dropping message Dec 2 10:04:06 server sedispatch: last message repeated 3 times Cheers, John On 1 December 2014 at 17:19, Daniel J Walsh <dwalsh at redhat.com> wrote: > > On 12/01/2014 10:39 AM, Gary Smithson wrote: > > We are currently running libxml2-2.7.6-14.el6_5.2.x86_64 > > > > How far back would you suggest we go? would > libxml2-2.7.6-14.el6_5.1.x86_64 be sufficient > Ok might not be related. One o...

..., phracek@redhat.com, Michael Mraka <mmraka@redhat.com>, alikins@redhat.com, awood <awood@redhat.com>, bkearney@redhat.com, tla@rasmil.dk, thomas.moschny@gmx.de, nhorman@redhat.com, jfilak@redhat.com, michal.toman@gmail.com, mkrizek@redhat.com, wwoods@redhat.com, mgrepl@redhat.com, dwalsh@redhat.com, sgallagh@redhat.com, twoerner@redhat.com, rjones@redhat.com, nav007@gmail.com, anish.developer@gmail.com, psatpute@redhat.com, pnemade@redhat.com Subject: DNF-2-0 - release candidate Dear administrator of components that requires DNF, As a member of DNF team I would like to inform...

Hello, Im trying to find some good info on building RPMs that set the correct SELinux contexts for the installed packages. Any ideas? Thanks, Andrew

I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow

...1 > > --- > Mike VanHorn > Senior Computer Systems Administrator > College of Engineering and Computer Science > Wright State University > 265 Russ Engineering Center > 937-775-5157 > michael.vanhorn at wright.edu > > On 6/6/17, 9:29 AM, "Daniel Walsh" <dwalsh at redhat.com> wrote: > > If you run this avc though audit2why what does it say? > > > I am asking if you run it again, does it change. If the boolean is set the audit2why should say that the AVC is allowed.

On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: > On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: > >> I am asking if you run it again, does it change. If the boolean is set >> the audit2why should say that the AVC is allowed. > Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow...

Is there an xguest package for CentOS? I've been googling, but haven't found one yet. mark

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi folks, Im trying to get the sealert browser to show up on my desktop, but I cant get it to work. I have installed all setroubleshoot packages, which provides sealert and im running sealert -b from the command line over a GUI session on gnome and nothing happens. Any ideas? Jeronimo Calvo jeronimocalvop at hush.com -----BEGIN PGP

Hi list, any working selinux policy for nginx on centos 6.3 ? this is not working on centos: http://sourceforge.net/projects/selinuxnginx/ -- Eero

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps

On Mon, Nov 17, 2014 at 7:21 PM, Negative <negativebinomial at gmail.com> wrote: On Mon, Nov 17, 2014 at 11:10 AM, Daniel J Walsh <dwalsh at redhat.com> wrote: On 11/12/2014 10:54 PM, Peter wrote: > On 11/13/2014 12:10 PM, Negative wrote: >> I have a Brother MFC 7360N, and it is refusing to print. > I have a DCP-540CN which is a similar but I think older network printer. >...