Displaying 20 results from an estimated 20 matches for "home_root_t".
2017 Sep 21
0
CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?
...ion) and things and somewhat working. There is a bit
of weirdness though. smbclient is only able to access *directories* and not
any of the files. Why is that? What am I missing?
Here is a log of a test run:
[heller at c764guest: ~]$ ls -lZAn
total 8424
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 30 Jan 10 2016 .bash_history
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 18 Nov 20 2015 .bash_logout
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 193 Nov 20 2015 .bash_profile
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1...
2011 Jan 31
1
Squid and SELinux
...partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid user_u:object_r:squid_cache_t .
drwxr-xr-x squid squid system_u:object_r:home_root_t ..
drwxr-x--- squid squid user_u:object_r:squid_cache_t 00
drwxr-x--- squid squid user_u:object_r:squid_cache_t 01
...
But when i want start it i get this:
type=AVC msg=audit(1296442326.932:739661): avc: denied { search } for
pid=30924 comm="squid" name="/" dev=sd...
2013 Nov 25
2
ltsp & Selinux
....
The message I'm now seeing in /var/log/audit/audit.log :
type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for
pid=8218 comm="xauth" name="caw" dev=md1 ino=262145
scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2
success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217
pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500
sgid=500 fsgid=500 tty=(none) ses=9 comm="xauth" exe="...
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
...#####
module local_postfix 1.0;
require {
type admin_home_t;
type bin_t;
type default_t;
type dovecot_t;
type dovecot_deliver_t;
type dovecot_deliver_exec_t;
type dovecot_var_log_t;
type etc_runtime_t;
type fs_t;
type home_root_t;
type httpd_config_t;
type httpd_t;
type initrc_t;
type postfix_etc_t;
type postfix_local_t;
type postfix_master_t;
type postfix_postdrop_t;
type postfix_postqueue_exec_t;
type postfix_public_t;
type postfix_pipe_t;...
2010 Jan 08
6
New selinux-policy breaks logwatch emails?
Hello,
After a yum update last night, I had a CenOS 5.4 i386 system pull in the
following selinux updates:
Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch
Jan 07 21:39:31 Updated:
selinux-policy-targeted-2.4.6-255.el5_4.3.noarch
This machine has SELinux set to Enforcing.
This morning, I see I got the following email from Cron:
/etc/cron.daily/0logwatch:
sendmail: warning:
2017 Oct 08
2
Permission denied error on private key...
-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>
> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say?
>
> Bill
>
> On 10/7/2017 7:30 PM, SH Development wrote:
>> I have a...
2006 Oct 10
2
Moving Mysql data directory denied by selinux?
...passwords=1
[mysql.server]
user=mysql
basedir=/home
Now SELinux complains with
Oct 10 22:04:27 intspare kernel: audit(1160481867.663:2): avc: denied
{ search } for pid=3073 comm="mysqld" name="/" dev=dm-1 ino=2
scontext=user_u:system_r:mysqld_t tcontext=system_u:object_r:home_root_t
tclass=dir
WHY is mysqld trying to read / when I told it to use /home/mysql ?
BTW, here is the security contexts on /home/mysql
# ls -laZ /home/
drwxr-xr-x mysql mysql system_u:object_r:mysqld_db_t mysql
Can anyone please shed some light on this for me?
What exactly is the avc messa...
2008 Oct 30
1
nfs mounted /home and selinux
...ng to set the context on an nfs mounted /home. I believe
exactly like in Redhat's Deployment Guide at
http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html
On my system running CentOS 5.2:
$ ls -alZ /home
drwxr-xr-x root root system_u:object_r:home_root_t .
drwxr-xr-x root root system_u:object_r:root_t ..
$ mount -t nfs -o context=user_u:object_r:user_home_dir_t \
server001a:/vol/vol01/home /home
$ ls -alZ /home
drwxrwxr-x root root system_u:object_r:nfs_t .
drwxr-xr-x root root system_u:object_r:r...
2008 Jun 06
1
SELinux error message on CentOS 5: "multiple same specifications"
...u:object_r:httpd_user_content_t:s0
/usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.* --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]* -d user_u:object_r:user_home_dir_t:s0
/usr/local/lost\+found/.* <<none>>
/usr/local -d system_u:object_r:home_root_t:s0
/usr/local/\.journal <<none>>
/usr/local/lost\+found -d system_u:object_r:lost_found_t:s0
I saw that /home and /root are there, since they are really home
directories. But /usr/local shouldn't be there! And there's a fourth
directory there, which is based on the nam...
2014 Jun 27
1
SELinux context for web application directories
...#9472; log
├── lost+found
└── pgpass -> .pgpass
The questions I have are: What is an appropriate SELinux context for such a
directory structure given it is used by a httpd service? Is the default user
home setting of system_u:object_r:home_root_t acceptable? Is
system_u:object_r:httpd_sys_content_t preferable instead? is some other
SELinux context preferred for RoR web applications using Apache with
mod-passenger?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
H...
2011 Apr 25
2
Samba can't access dir - SELinux problem?
...9;t it?)
Is this maybe a SELinux setting problem?
# tail /var/log/audit/audit.log (only at the new VM)
type=AVC msg=audit(1303720863.712:53): avc: denied { search } for
pid=6737 comm="smbd" name="/" dev=sda3 ino=2
scontext=user_u:system_r:smbd_t:s0
tcontext=system_u:object_r:home_root_t:s0 tclass=dir
type=SYSCALL msg=audit(1303720863.712:53): arch=c000003e syscall=4
success=no exit=-13 a0=2b79380c9620 a1=7fff35dfe9f0 a2=7fff35dfe9f0
a3=ea items=0 ppid=6543 pid=6737 auid=500 uid=500 gid=0 euid=500
suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=2
comm="smbd" ex...
2017 Oct 08
0
Permission denied error on private key...
The context should be:
system_u:object_r:dovecot_cert_t:s0
Try:
restorecon -v /etc/pki/dovecot/private/mailserver.crt
Bill
On 10/8/2017 1:06 AM, SH Development wrote:
> -rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt
>
>
>> On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote:
>>
>> What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say?
>>
>> Bill
>>
>> On 10/7/2017 7:30 PM, SH Dev...
2014 Nov 11
1
login fail on crypted /home
I have a fesh install of CentOS release 6.6 on my laptop. I want to use
a more secure config with /home crypted. But when this partition is
mounted I cannot login anymore on my laptop. Only root can login. This
occur at level 5 (graphic login) or 3 (text login). The message is
"Cannot enter home directory. Using /."
Logged as root I can create a new user (with useradd) and his home
2010 Jul 23
1
postgresql copy to and selinux
...get
permission denied. Filesystem dir modes are ok and I get no event
logged in audit.log, but if I setenforce 0, I can do the copy. This
explains auditd silence:
# sesearch --audit |egrep postgres.*home
dontaudit postgresql_t user_home_dir_t : dir { getattr search };
dontaudit postgresql_t home_root_t : dir { getattr search };
I changed the "dir" type to tmpfs_t and I could write with "\copy" but
not with "copy".
Anyway, what are the best practices to allow postgresql "copy to" a
subdirectory of a home directory (without disabling selinux)? I'm
runni...
2016 Jul 19
2
Managesieve problem
Trying to get either avelsieve or server side filters to work with managesieve. Managesieve is running but whenever avelsieve or the server settings backend try to talk to it the same thing happens. So I guess it's really a problem with something about managesieve at this point. I hit the Message Filters option, it takes a long time for it to come back, though it finally just times out and
2017 Oct 07
2
Permission denied error on private key...
I have a working dovecot/postfix/mysql server running and was trying to set up another one for replication purposes. If I copy my certificates from the working server, everything works fine. However, I purchased another updated certificate for the replication server, and I cannot get dovecot to start up. Keep getting:
doveconf: Fatal: Error in configuration file /etc/dovecot/dovecot.conf line
2009 Oct 04
2
deliver stopped working
...ut it did not
help. There were a lot of errors in the audit.log, however SELinux was already in
permissive mode and switching it to disabled did no good. I created the following policy
to get rid of all of the errors in the audit log:
module local_postfix 1.0;
require {
type postfix_etc_t;
type home_root_t;
type apmd_t;
type setrans_t;
type port_t;
type etc_mail_t;
type snmpd_t;
type tmp_t;
type dovecot_deliver_t;
type postfix_smtp_t;
type nfs_t;
type var_run_t;
type usr_t;
type httpd_t;
type audisp_t;
type postfix_cleanup_t;
type inetd_t;
type portmap_t;
type postfix_pickup_t;
type...
2007 Feb 06
3
please explain this xen error message to me (newbie here)
"an error has occured. no valid devices were found on which to create a file
system"
this message is what I get installing a copy of fedroa6 on fedora6 using
xen. now the instructions in fedora said either specify a file or
partition. I made sure the file I created (called feddy6_xen) in my
root/xenmachines directory had plenty of space..20gb left on that
partition...so
2019 Oct 30
2
encrypt incoming emails with public gpg key before they are stored to maildir
Hello,
I have asked on the postfix mailing list for a solution, how to encrypt
incoming emails with public gpg key
My original idea was to use a smtpd-milter, which would encrypt all
incoming plaintext messages of given user, using the users public gpg
key. This way, it would look as if the original sender has sent the
message encrypted.
Somebody suggested this might be better done in Dovecot,
2011 Jan 30
5
How to relocate $HOME directory
Hi there,
As you know, $HOME is generally located at "/home/$username" by default.
I would like to re-locate all users' $HOME directories to something like
"/export/home/$username" without having a hassle/trouble.
Initially, I've thought of just copying them to the new directory (under
/export/home/xxx), but guessed it might trouble for the normal use (I'm
pretty