search for: getattr

...raded from 3.2.1. What is this? If a client try to access it, it freezes up. This is in log: [2011-08-17 12:29:43.108100] W [inode.c:1035:inode_path] 0-w-vol/inode: no dentry for non-root inode 1996985: b45eeb9d-5481-41f8-828a-2850c51e754c [2011-08-17 12:29:43.108135] W [fuse-bridge.c:508:fuse_getattr] 0-glusterfs-fuse: 35186424: GETATTR 139724065350900 (fuse_loc_fill() failed) [2011-08-17 12:29:45.149772] W [inode.c:1035:inode_path] 0-w-vol/inode: no dentry for non-root inode 1996985: b45eeb9d-5481-41f8-828a-2850c51e754c [2011-08-17 12:29:45.149825] W [fuse-bridge.c:508:fuse_getattr] 0-glust...

...he policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module puppet_passenger 1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto getattr setattr read write append ioctl lock rename link unlink };...

...; type mysqld_port_t; type initrc_var_run_t; type var_t; type postfix_qmgr_t; type postfix_pipe_t; type crond_t; class process ptrace; class unix_stream_socket connectto; class tcp_socket { name_bind name_connect }; class file { rename execute read lock create ioctl execute_no_trans write getattr link unlink }; class sock_file { setattr create write getattr unlink }; class lnk_file { read getattr }; class dir { search setattr read create write getattr remove_name add_name }; } #============= clamd_t ============== allow clamd_t proc_t:file { read getattr }; allow clamd_t sysctl_kernel_t...

...d them suddenly gets unavailable: # ls -lh ls: cannot access MyDir: No such file or directory total 107M d????????? ? ? ? ? ? MyDir ( long dir list, intentionally hidden ) At the logs i get a lot of messages like those ones: [2010-01-07 13:36:16] W [fuse-bridge.c:793:fuse_getattr] glusterfs-fuse: 270708: GETATTR 3057375160 (fuse_loc_fill() failed) [2010-01-07 13:36:16] W [fuse-bridge.c:793:fuse_getattr] glusterfs-fuse: 270735: GETATTR 3057375160 (fuse_loc_fill() failed) [2010-01-07 13:36:26] W [fuse-bridge.c:793:fuse_getattr] glusterfs-fuse: 270841: GETATTR 3057375160 (fuse...

...pid=1362 pid=1364 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) >>>> type=AVC msg=audit(1536457230.922:85): avc: denied { getattr } for pid=1364 comm="php-fpm" path="/etc/rsyslog.conf" dev=dm-0 ino=138287 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file >>>> >>>> >>>> My test PHP script can read /etc/sysctl.conf but not /et...

...: avc: denied { read } for pid=8296 comm="growisofs" name="meminfo" dev="proc" ino=4026532040 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0 type=AVC msg=audit(1556724763.464:1133343): avc: denied { getattr } for pid=8316 comm="growisofs" path="/dev/dm-1" dev="devtmpfs" ino=21192 scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=blk_file permissive=0 type=AVC msg=audit(1556724763.464:1133344): avc: denied { geta...

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

...restorecon -R -v /myrootfolder After that I can indeed create, write and update files anywhere in the share and its subfolders, I can also delete folders, but I cannot create or rename folders though! sesearch --allow -C | grep samba_export_all_rw: DT allow smbd_t noxattrfs : file { ioctl read getattr lock open } ; [ samba_export_all_rw ] DT allow smbd_t noxattrfs : dir { getattr search open } ; [ samba_export_all_rw ] DT allow smbd_t non_security_file_type : file { ioctl read write create getattr setattr lock append unlink link rename open } ; [ samba_export_all_rw ] DT allow smbd_t non_sec...

...sendmail_t; type sendmail_exec_t; type src_t; type tmp_t; type usr_t; type user_home_dir_t; type user_home_t; type var_log_t; class capability { sys_nice chown }; class file { append create execute execute_no_trans \ getattr ioctl link lock read rename setattr write unlink }; class dir { add_name getattr create read remove_name \ rename write search setattr rmdir }; class fifo_file { getattr write }; class filesystem getattr; class sock_file write; class unix_stream_soc...

...tems=0 ppid=1362 pid=1364 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null) >> type=AVC msg=audit(1536457230.922:85): avc: denied { getattr } for pid=1364 comm="php-fpm" path="/etc/rsyslog.conf" dev=dm-0 ino=138287 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:syslog_conf_t:s0 tclass=file >> >> >> My test PHP script can read /etc/sysctl.conf but not /etc/rsyslog.conf. For both...

...5 10:46 AM, Alessio Cecchi wrote: > Hi, > > in this tipical setup (Dovecot/Director thate share Maildir via NFS) on > your NFS Server you have (about) 90% of read operations and only 10% of > write operations. > > If you see detailed stats for NFS operations you have 40-50% of GETATTR, > this means that NFS/Dovecot clients are caching data (mainly dovecot > index files) but they have to revalidate the cache frequently asking to > the NFS Server if the file is changed (via GETATTR) but the file never > change because only this client opens it. > > So the NFS Ser...

...u can generate a local policy module to allow this access. Do allow this access for now by executing: # grep smtp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You...

...x_t ); #corenet_raw_sendrecv_all_nodes( rawsox_t ); require { type lib_t; type ld_so_t; type ld_so_cache_t; type usr_t; type devpts_t; type rawsox_t; type etc_t; class lnk_file read; class dir search; class file { read getattr execute }; class chr_file { read write getattr }; class rawip_socket create; class capability net_raw; } #============= rawsox_t ============== allow rawsox_t devpts_t:chr_file { read write getattr }; allow rawsox_t etc_t:dir search; allow rawsox_t ld_so_cache_t:file { read getatt...

Hi all, It seems that getAttr doesn't return "names" attribute properly as in getAttrib(x, R_NamesSymbol)); If you look at section 4.7.4 in "Writing R Extensions", the second example of SEXP out(SEXP, SEXP) returns NULL for the names attribute of the outer product. This is true for R 1.7.0 on both W...

...FAS3250 on a CentOS KVM guest. this doesn't work, the mount doesn't complete and hangs. mount command is: /bin/mount -v -t nfs -s -o vers=4.1,sec=sys 10.110.96.90:/home /home/cir what i'm seeing in tcpdump is: 08:36:48.875019 IP 10.110.96.112.2456702824 > 10.110.96.90.2049: 212 getattr fh 0,1/53 08:36:48.875355 IP 10.110.96.90.2049 > 10.110.96.112.2456702824: reply ok 96 getattr ERROR: Request couldn't be completed in time server: 10.110.96.90 client: 10.110.96.112 status of nfs services: nfslock: running rpcbind: running rpcidmapd: stopped this happens with a centos...

Hi list, I've knocked up a contribution on SELinux here: http://wiki.centos.org/HowTos/SELinux I've tried to pitch it as an introduction for those not already familiar with SELinux but also hopefully a useful reference. I'm relatively new to SELinux and have covered pretty much everything I know to the limits of my limited knowledge. If folks think other material needs to be

Hi, I got the same problem as Juergen, My volume is a simple replicated volume with 2 host and GlusterFS 3.2.0 Volume Name: poolsave Type: Replicate Status: Started Number of Bricks: 2 Transport-type: tcp Bricks: Brick1: ylal2950:/soft/gluster-data Brick2: ylal2960:/soft/gluster-data Options Reconfigured: diagnostics.brick-log-level: DEBUG network.ping-timeout: 20 performance.cache-size: 512MB

...t; type postfix_spool_t; type clamd_t; type amavis_var_lib_t; type sysctl_kernel_t; type var_t; type postfix_smtpd_t; type initrc_t; type proc_t; class unix_stream_socket connectto; class file { read getattr }; class sock_file write; class lnk_file { read create unlink getattr }; class udp_socket name_bind; class dir { read search }; } #============= amavis_t ============== allow amavis_t amavis_var_lib_t:lnk_file { read create unlink getattr }; allow amavis_t t...

...versa? There's already a number of rules in the default policy which allow ftp access to samba shares and smb/nmb access to files labelled with tftpdir_rw_t. Eg # sesearch --allow -t samba_share_t | grep samba_share_t | grep ftp allow ftpd_t samba_share_t : file { ioctl read write create getattr setattr lock append unlink link rename open } ; allow ftpd_t samba_share_t : dir { ioctl read write create getattr setattr lock unlink link rename add_name remove_name reparent search rmdir open } ; allow ftpd_t samba_share_t : lnk_file { ioctl read write create getattr setattr lock app...

...everallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) <root> allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom relabelto))) neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil: 13121 (neverallow...