search for: lib_t

We're forced to use Siteminder, by CA, who have no clue what they're doing in *nix. No packages, tarballs... Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all their binaries, including .so's, are in there, duh... I'm trying to set the .so's to lib_t. semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so" gives me the completely unexpected response of semanage: error: argument subcommand: invalid choice: 'lib_t' (choose from 'import', 'export', 'login', 'user', 'port'...

...main_entry_file(rawsox_t, rawsox_exec_t) domain_auto_trans(unconfined_t,rawsox_exec_t,rawsox_t) ######################################## # Rawsox local policy # these two didn't help #corenet_raw_sendrecv_all_if( rawsox_t ); #corenet_raw_sendrecv_all_nodes( rawsox_t ); require { type lib_t; type ld_so_t; type ld_so_cache_t; type usr_t; type devpts_t; type rawsox_t; type etc_t; class lnk_file read; class dir search; class file { read getattr execute }; class chr_file { read write getattr }; class r...

Warren Young wrote: > On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote: > >> semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so? > > [snip] > >> What am I doing wrong? >> <snip> > Also, I?m confused by the parens in your file path. Whether your shell > is or not is a different question. I'm following the manpage, semanage-fcontext, exampl...

...ted component (if applicable): rsync-3.0.8-1.fc14.x86_64 How reproducible: always Steps to Reproduce: Physical-2-Virtual conversion of a F14 installation: used rsync -aHAXx to duplicate file systems from physical to virtual host. Actual results: on source: lrwxrwxrwx. root root system_u:object_r:lib_t:s0 /lib64/libc.so.6 -> libc-2.13.so on target: lrwxrwxrwx. root root unconfined_u:object_r:file_t:s0 /lib64/libc.so.6 -> libc-2.13.so These changed security contexts for symlinks cause the boot of the newly created VM to fail unless boot parameter selinux=0 is used. Expected results:...

...,rawsox_t) >> >> ######################################## >> # Rawsox local policy >> >> # these two didn't help >> #corenet_raw_sendrecv_all_if( rawsox_t ); >> #corenet_raw_sendrecv_all_nodes( rawsox_t ); >> >> require { >> type lib_t; >> type ld_so_t; >> type ld_so_cache_t; >> type usr_t; >> type devpts_t; >> type rawsox_t; >> type etc_t; >> class lnk_file read; >> class dir search; >> class file { read getattr execute };...

...d /etc/httpd/modules/libphp5.so into server: libxml2.so.2: failed to map segment from shared object: Permission denied I turned off SELinux and was able to start httpd. But what went wrong? And how to fix it and turn SELinux back on? SElinux labels on libxml.so.2.6.26 are OK ( system_u:object_r:lib_t ) and "restorecon -n libxml.so.2.6.26" does not return anything. No recent AVC denied entries in /var/log/audit/audit.log or /var/log/messages. I googled the above error message but all I could find were web pages in Chinese advising to run restorecon on libxml2.so file or turn off SEli...

Warren Young wrote: > On May 8, 2019, at 11:04 AM, mark <m.roth at 5-cent.us> wrote: > >> >> semanage fcontext -m -t lib_t "/path/smwa/webagent/bin/*.so? > > Glob expansion doesn?t happen in double quotes. Not in Bash, anyway. Huh? I thought it didn't occur in single quotes, but did occur in quotes. Odd, I'm seeing it doesn't, at least in a basic test. On the other hand, from the example in th...

With rsync-3.0.7-3.fc14.x86_64, rsync -aX /lib/ /lib2 produced links with SELinux context, system_u:object_r:lib_t:s0 with rsync-3.0.8-1.fc14.x86_64, unconfined_u:object_r:lib_t:s0 Is this by design, or a regression? --Fred -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.samba.org/pipermail/rsync/attachments/20110415/c0163203/attachment.html>

...rmissions. # stat /usr/lib64/R/etc/ldpaths File: ?/usr/lib64/R/etc/ldpaths? Size: 611 Blocks: 8 IO Block: 4096 regular file Device: fd00h/64768d Inode: 13762870 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Context: unconfined_u:object_r:lib_t:s0 ... # chmod go+r /usr/lib64/R/etc/ldpaths $ R --quiet > I don't know how and why the root's group and others lost read access to that ldpaths file after R CMD javareconf-iguring, but at least the R session is back and that is enough for me. Sorry for the noise, if any.

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

...qM1 to use relocation as a workaround, until the library is fixed. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Allowing Access: If you trust /usr/lib/libGL.so.1.2.#prelink#.4GxqM1 to run correctly, you can change the file context to textrel_shlib_t. "chcon -t textrel_shlib_t '/usr/lib/libGL.so.1.2.#prelink#.4GxqM1'" You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t textrel_shlib_t '/usr/lib/libGL.so.1.2.#prelink#.4GxqM1'&q...

..._smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type hald_t; type getty_t; type avahi_t; type etc_t; type sysctl_kernel_t; type unconfined_t; type init_t; type auditd_t; type lib_t; type dovecot_auth_t; type syslogd_t; type hostname_exec_t; type postfix_smtpd_t; type var_spool_t; type system_dbusd_t; type mysqld_etc_t; type initrc_t; type proc_t; type restorecond_t; type etc_runtime_t; type postfix_bounce_t; type ntpd_t; type kernel_t; type postfix_master_t; t...

...earch; #============= mailman_mail_t ============== #!!!! The source type 'mailman_mail_t' can write to a 'dir' of the following types: # mailman_log_t, mailman_data_t, mailman_lock_t, mailman_archive_t, var_lock_t, tmp_t, mailman_mail_tmp_t, var_log_t, root_t allow mailman_mail_t lib_t:dir write; #============= named_t ============== allow named_t sysctl_vm_t:dir search; #============= postfix_postdrop_t ============== allow postfix_postdrop_t fail2ban_tmp_t:file { read write }; #============= syslogd_t ============== allow syslogd_t sysctl_vm_t:dir search; Is there an epel/s...

On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote: > > semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so? [snip] > What am I doing wrong? -fcontext isn?t an option, it?s a verb; drop the dash. Also, I?m confused by the parens in your file path. Whether your shell is or not is a different question.

On May 8, 2019, at 11:04 AM, mark <m.roth at 5-cent.us> wrote: > > semanage fcontext -m -t lib_t "/path/smwa/webagent/bin/*.so? Glob expansion doesn?t happen in double quotes. Not in Bash, anyway.

...@updates The missing part in the above logs is about a kernel update. May the_"Permission denied"_ error be related to SELinux ? Here're the contexts for R and ldpaths: $ ls -lhZ /usr/bin/R /usr/lib64/R/etc/ldpaths system_u:object_r:bin_t:s0 8.6K /usr/bin/R unconfined_u:object_r:lib_t:s0 574 /usr/lib64/R/etc/ldpaths Something weird is that RStudio keeps running as it used to do earlier when R on the command line was still _allowed_ to run. The root's shell gives no error, too. # R --version R version 3.2.3 (2015-12-10) -- "Wooden Christmas-Tree" The only R-relat...

...log | audit2why -w type=AVC msg=audit(1431305820.292:393420): avc: denied { write } for pid=27289 comm="java" path="/usr/lib/appdynamics-php5/logs/testfile1615417693000946121.tmp" dev="vda" ino=965852 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:lib_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. The part I am stuck on is using audit2allow to generate a loadable module that can allow this. Can anyone s...

...ealert said: > SELinux is preventing /bin/bash from read access on the file > /usr/lib/libreadline.so.8.2. > > ***** Plugin restorecon (99.5 confidence) suggests ************************ > > If you want to fix the label. > /usr/lib/libreadline.so.8.2 default label should be lib_t. > Then you can run restorecon. The access attempt may have been stopped > due to insufficient permissions to access a parent directory in which > case try to change the following command accordingly. > Do > # /sbin/restorecon -v /usr/lib/libreadline.so.8.2 > > ***** Plugin ca...

On Wed, 20 Apr 2016 20:50:57 +0000 "Ellen K" <keyes at pushyes.xyz> wrote: > From: "Ellen K" <keyes at pushyes.xyz> > To: cireyapmin at gmail.com > Subject: RE: [R-sig-Fedora] Cannot Run On The Command Line > Date: Wed, 20 Apr 2016 20:50:57 +0000 > X-Mailer: iPad Mail (12H143) > > Hi virgo, > > Thank you for your interest in the

On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal