search for: initrc_t

...ication is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context system_u:system_r:initrc_t:s0 Target Context system_u:system_r:initrc_t:s0 Target Objects None [ capability2 ] Source chcon Source Path /usr/bin/chcon Port <Unknown> Host <Unknown> Source RPM P...

...ct 13 17:02:56 dblinux1 kernel: SELinux: initialized (dev configfs, type configfs), not configured for labeling Oct 13 17:02:56 dblinux1 kernel: audit(1129237376.191:5): avc: denied { mount } for pid=14922 comm="mount" name="/" dev=configfs ino=70286 scontext=root:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Also have some errors of form: Oct 13 18:03:49 dblinux1 dbus: Can't send to audit system: USER_AVC pid=2587 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:init...

...d have thought of this earlier. My custom SELinux policy disables networking for unconfined_t, so it puts ssh into sshd_t (which allows networking). But it only puts ssh into sshd_t when started by root; there was no transition specified in my policy that ssh should go into sshd_t when started by initrc_t. A couple of lines in my domains/program/ssh.te fixed it: role initrc_t types sshd_t; domain_auto_trans(initrc_t, sshd_exec_t, sshd_t) So, the network was in fact up but I was shooting myself in the foot. This is definitely not a Xen-related issue. Thanks for your responses; I appreciate the h...

...with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir search unconfined_u:system_r:initrc_t:s0 denied 1928 It happens when Passenger v3 tries to determine memory stats with "ps". There is an Apache directive to turn it of ( http://www.modrails.com/doc...

...5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=unix_stream_socket type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { write } for pid=11767 comm=httpd name=BackupPC.sock dev=md0 ino=39813253 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:var_log_t:s0 tclass=sock_file Is there an easy way to fix this, lik...

...ting from that post: module local 1.0; require { type traceroute_port_t; type amavis_t; type postfix_spool_t; type clamd_t; type amavis_var_lib_t; type sysctl_kernel_t; type var_t; type postfix_smtpd_t; type initrc_t; type proc_t; class unix_stream_socket connectto; class file { read getattr }; class sock_file write; class lnk_file { read create unlink getattr }; class udp_socket name_bind; class dir { read search }; } #============= amavis_...

Centos 4.2 Dec 29 10:04:10 z9m9z dbus: Can't send to audit system: USER_AVC pid=1997 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Dec 29 10:04:45 z9m9z last message repeated 7 times Dec 29 10:05:50 z9m9z last message repeated 13 times Dec 29 10:06:55 z9m9z last message repeated 13 times Dec 29 10:07:56 z9m9z last message repeated 12 times I get this entry a lot.

...p" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t tcontext=root:object_r:root_t tclass=dir Nov 12 00:48:59 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 12 00:49:04 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 12 00:49:05 srv1 mysqld: Starting MySQL: failed hints? Craig...

...ers. Anyway when I log into X (gnome, gdm) I start getting the following in /var/log/messages Nov 30 12:47:39 needme dbus: Can't send to audit system: USER_AVC pid=2916 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 30 12:48:10 needme last message repeated 7 times Nov 30 12:48:12 needme gconfd (MYUSERNAME-3780): Resolved address "xml:readwrite:/home/MYUSERNAME/.gconf" to a writable configuration source at position 0 Nov 30 12:48:15 needme dbus: Can't send to audit system: USER_...

...ot;grep -e 'httpd\|passenger'" but it seems like too much allowance module passenger 1.0; require { type unconfined_t; type semanage_t; type init_t; type system_cronjob_t; type mysqld_t; type syslogd_t; type apmd_t; type initrc_t; type postfix_local_t; type puppet_etc_t; type setfiles_t; type rpm_t; type unlabeled_t; type var_run_t; type kernel_t; type puppet_var_run_t; type puppet_var_lib_t; type auditd_t; type httpd_t; type rpm...

...p_t; type hald_t; type getty_t; type avahi_t; type etc_t; type sysctl_kernel_t; type unconfined_t; type init_t; type auditd_t; type lib_t; type dovecot_auth_t; type syslogd_t; type hostname_exec_t; type postfix_smtpd_t; type var_spool_t; type system_dbusd_t; type mysqld_etc_t; type initrc_t; type proc_t; type restorecond_t; type etc_runtime_t; type postfix_bounce_t; type ntpd_t; type kernel_t; type postfix_master_t; type rpcd_t; type dovecot_t; type klogd_t; type udev_t; type clamd_t; type mysqld_port_t; type initrc_var_run_t; type var_t; type postfix_qmgr_t; type pos...

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus- daemon-1 --system root 17173 0.0 0.1 3748 668 pts/2 S+ 12:22 0:00 grep 2839 but I'm wondering how do I fix selinux so that it doesn't 'deny...

...type bin_t; type default_t; type dovecot_t; type dovecot_deliver_t; type dovecot_deliver_exec_t; type dovecot_var_log_t; type etc_runtime_t; type fs_t; type home_root_t; type httpd_config_t; type httpd_t; type initrc_t; type postfix_etc_t; type postfix_local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t; type sendmail_t; type sendmail_exec_t; type src_t;...

...n used audit2allow to produce a file for generating a policy module # ausearch -m avc -ts dd/mm/yy | audit2allow -m samba4local > samba4local.te I edited the samba4local.te file to remove the unwanted commentary. The result looked like this: ---***--- module samba4local 1.0; require { type initrc_t; type named_t; type named_var_run_t; type ntpd_t; type ntpd_var_run_t; type smbd_t; type samba_unconfined_script_exec_t; type urandom_device_t; type var_lock_t; class unix_stream_socket connectto; class unix_dgram_socket sendto; class sock_file write;...

I regret the delay in replying to this topic but I am a digest subscriber so I only see list traffic once every 24 hours. When I moved from RHES3 to CentOS4 back in April/May of this year I was bitten by the SELinux gnat as well, and the temptation to swat a distracting irritation by killing it in its bed nearly proved irresistible. However, taking to heart the advice given to me here and

On centos 4 (i386 chroot on an x86_64) it just prompts me for a password. Any suggesstion on where to start looking? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Principal Consultant 10 West 24th Street #100 - - +1 (443)

Ok, so there is not a problem with SElinux and Samba. But it is a pain to set up so it will work right. I finally figured out how to set up SE and Samba so you can be able to write and delete files. I found in one of that man pages "man samba_selinux", you can just disable SE for samba. I am sure there are other ways also but this is what I have found so far. I tried to just

At the risk of angering the crash Gods, my sustem has NOT crashed again since I downgraded the kernel from 2.6.18-1.2239.fc5 to 2.6.18-1.2200.fc5. Given that newfound stability, and my lack of time, I'm going to put on hold any further diagnostics, until the next kernel revision is released. I have submitted a report at bugzilla.redhat.com (bug 218128). (Ah, nuts; accidentally created a

Hello, Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages ( <http://enterprisesamba.com/> http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? I tried to find any information about this subject, but googleing doesn't help me. The standard Samba package (3.0.10EL) of RHEL4 doesn't communicate with a W2k3 server

Hi list, I''ve got an issue at the moment, which isn''t really a big problem, but an untidy annoyance really, and I''d just like to understand what the best practice might be when dealing with the issue. As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load