search for: home_root_t

...ion) and things and somewhat working. There is a bit of weirdness though. smbclient is only able to access *directories* and not any of the files. Why is that? What am I missing? Here is a log of a test run: [heller at c764guest: ~]$ ls -lZAn total 8424 -rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 30 Jan 10 2016 .bash_history -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 18 Nov 20 2015 .bash_logout -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 193 Nov 20 2015 .bash_profile -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1...

...partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid user_u:object_r:squid_cache_t . drwxr-xr-x squid squid system_u:object_r:home_root_t .. drwxr-x--- squid squid user_u:object_r:squid_cache_t 00 drwxr-x--- squid squid user_u:object_r:squid_cache_t 01 ... But when i want start it i get this: type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for pid=30924 comm="squid" name="/" dev=sd...

.... The message I'm now seeing in /var/log/audit/audit.log : type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) ses=9 comm="xauth" exe="...

...##### module local_postfix 1.0; require { type admin_home_t; type bin_t; type default_t; type dovecot_t; type dovecot_deliver_t; type dovecot_deliver_exec_t; type dovecot_var_log_t; type etc_runtime_t; type fs_t; type home_root_t; type httpd_config_t; type httpd_t; type initrc_t; type postfix_etc_t; type postfix_local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t;...

Hello, After a yum update last night, I had a CenOS 5.4 i386 system pull in the following selinux updates: Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch This machine has SELinux set to Enforcing. This morning, I see I got the following email from Cron: /etc/cron.daily/0logwatch: sendmail: warning:

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a...

...passwords=1 [mysql.server] user=mysql basedir=/home Now SELinux complains with Oct 10 22:04:27 intspare kernel: audit(1160481867.663:2): avc: denied { search } for pid=3073 comm="mysqld" name="/" dev=dm-1 ino=2 scontext=user_u:system_r:mysqld_t tcontext=system_u:object_r:home_root_t tclass=dir WHY is mysqld trying to read / when I told it to use /home/mysql ? BTW, here is the security contexts on /home/mysql # ls -laZ /home/ drwxr-xr-x mysql mysql system_u:object_r:mysqld_db_t mysql Can anyone please shed some light on this for me? What exactly is the avc messa...

...ng to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t nfs -o context=user_u:object_r:user_home_dir_t \ server001a:/vol/vol01/home /home $ ls -alZ /home drwxrwxr-x root root system_u:object_r:nfs_t . drwxr-xr-x root root system_u:object_r:r...

...u:object_r:httpd_user_content_t:s0 /usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- user_u:object_r:textrel_shlib_t:s0 /usr/local/[^/]* -d user_u:object_r:user_home_dir_t:s0 /usr/local/lost\+found/.* <<none>> /usr/local -d system_u:object_r:home_root_t:s0 /usr/local/\.journal <<none>> /usr/local/lost\+found -d system_u:object_r:lost_found_t:s0 I saw that /home and /root are there, since they are really home directories. But /usr/local shouldn't be there! And there's a fourth directory there, which is based on the nam...

...#9472; log &#9500;&#9472;&#9472; lost+found &#9492;&#9472;&#9472; pgpass -> .pgpass The questions I have are: What is an appropriate SELinux context for such a directory structure given it is used by a httpd service? Is the default user home setting of system_u:object_r:home_root_t acceptable? Is system_u:object_r:httpd_sys_content_t preferable instead? is some other SELinux context preferred for RoR web applications using Apache with mod-passenger? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca H...

...9;t it?) Is this maybe a SELinux setting problem? # tail /var/log/audit/audit.log (only at the new VM) type=AVC msg=audit(1303720863.712:53): avc: denied { search } for pid=6737 comm="smbd" name="/" dev=sda3 ino=2 scontext=user_u:system_r:smbd_t:s0 tcontext=system_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1303720863.712:53): arch=c000003e syscall=4 success=no exit=-13 a0=2b79380c9620 a1=7fff35dfe9f0 a2=7fff35dfe9f0 a3=ea items=0 ppid=6543 pid=6737 auid=500 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=2 comm="smbd" ex...

The context should be: system_u:object_r:dovecot_cert_t:s0 Try: restorecon -v /etc/pki/dovecot/private/mailserver.crt Bill On 10/8/2017 1:06 AM, SH Development wrote: > -rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > > >> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: >> >> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? >> >> Bill >> >> On 10/7/2017 7:30 PM, SH Dev...

I have a fesh install of CentOS release 6.6 on my laptop. I want to use a more secure config with /home crypted. But when this partition is mounted I cannot login anymore on my laptop. Only root can login. This occur at level 5 (graphic login) or 3 (text login). The message is "Cannot enter home directory. Using /." Logged as root I can create a new user (with useradd) and his home

...get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir { getattr search }; I changed the "dir" type to tmpfs_t and I could write with "\copy" but not with "copy". Anyway, what are the best practices to allow postgresql "copy to" a subdirectory of a home directory (without disabling selinux)? I'm runni...

Trying to get either avelsieve or server side filters to work with managesieve. Managesieve is running but whenever avelsieve or the server settings backend try to talk to it the same thing happens. So I guess it's really a problem with something about managesieve at this point. I hit the Message Filters option, it takes a long time for it to come back, though it finally just times out and

I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting: doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line

...ut it did not help. There were a lot of errors in the audit.log, however SELinux was already in permissive mode and switching it to disabled did no good. I created the following policy to get rid of all of the errors in the audit log: module local_postfix 1.0; require { type postfix_etc_t; type home_root_t; type apmd_t; type setrans_t; type port_t; type etc_mail_t; type snmpd_t; type tmp_t; type dovecot_deliver_t; type postfix_smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type...

"an error has occured. no valid devices were found on which to create a file system" this message is what I get installing a copy of fedroa6 on fedora6 using xen. now the instructions in fedora said either specify a file or partition. I made sure the file I created (called feddy6_xen) in my root/xenmachines directory had plenty of space..20gb left on that partition...so

Hello, I have asked on the postfix mailing list for a solution, how to encrypt incoming emails with public gpg key My original idea was to use a smtpd-milter, which would encrypt all incoming plaintext messages of given user, using the users public gpg key. This way, it would look as if the original sender has sent the message encrypted. Somebody suggested this might be better done in Dovecot,

Hi there, As you know, $HOME is generally located at "/home/$username" by default. I would like to re-locate all users' $HOME directories to something like "/export/home/$username" without having a hassle/trouble. Initially, I've thought of just copying them to the new directory (under /export/home/xxx), but guessed it might trouble for the normal use (I'm pretty