search for: matchpathcon

the memory which is allocated by matchpathcon should be freed after it is useless Signed-off-by: Roy Li <rongqing.li at windriver.com> --- openbsd-compat/port-linux.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -217,8 +217,10 @@ ssh_selinux_setfsc...

...---------------- Summary: fix a memory leak for Openssh ---------------------------------------------------- Upstream Project Name: OpenSSH Upstream Project URL: anoncvs at anoncvs.mindrot.org:/cvs Applies to: anoncvs at anoncvs.mindrot.org:/cvs Brief Description: the memory which is allocated by matchpathcon should be freed after it is used Will Submit to: Damien Miller. <djm at openbsd.org> ; openssh-unix-dev at mindrot.org Origin of patch: Discovered by me Comments: --------- the memory which is allocated by matchpathcon should be freed after it is used Added Files: ------------ None. Re...

...ot permitted /bin/mknod: `/dev/fuse': Operation not permitted /sbin/start_udev: line 269: /proc/sys/kernel/hotplug: Read-only file system udevd[71]: file_contexts:  invalid context system_u:object_r:device_t:s0 udevd[71]: file_contexts:  invalid context system_u:object_r:device_t:s0 udevd[71]: matchpathcon(/dev/.udev/rules.d) failed udevd[71]: matchpathcon(/dev/.udev/rules.d) failed                                                            [  OK  ] Setting hostname vm1292ussac1-goagent1.cust.aops-eds.com:  [  OK  ] Checking filesystems                                                            [  O...

...d_t:s0 share unconfined_u:object_r:unlabeled_t:s0 lib unconfined_u:object_r:unlabeled_t:s0 src unconfined_u:object_r:unlabeled_t:s0 lib64 unconfined_u:object_r:unlabeled_t:s0 tmp How can I restore the default contexts? I've tried with restorecon and with fixfiles, but no luck, for example: matchpathcon -V /usr /usr error: No data available How can I fix this? Thanks in advance. -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org

The memory which is allocated by matchpathcon should be freed after it is used Signed-off-by: Roy Li <rongqing.li at windriver.com> --- openbsd-compat/port-linux.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/openbsd-compat/port-linux.c +++ b/openbsd-compat/port-linux.c @@ -217,8 +217,10 @@ ssh_selinux_setfscreate...

...nd the directory stayed with httpd_sys_content_t. I thought that the only way this could happen was if I used "semanage fcontext -a ...." so that a new line would be appended in: /etc/selinux//etc/selinux/targeted/contexts/files/file_contexts.local. Not only that, If I perform "matchpathcon /var/whatever" I still get var_t as its default type. Then again, why it kept the httpd_sys_content_t after the relabel? Thansk in advance, Jorge

...`/dev/fuse': Operation not permitted > /sbin/start_udev: line 269: /proc/sys/kernel/hotplug: Read-only file system > udevd[71]: file_contexts:  invalid context system_u:object_r:device_t:s0 > udevd[71]: file_contexts:  invalid context system_u:object_r:device_t:s0 > > udevd[71]: matchpathcon(/dev/.udev/rules.d) failed > udevd[71]: matchpathcon(/dev/.udev/rules.d) failed You don't want to have udevd running in any container. The /dev filesystem for a container is pre-populated by libvirt and udev will not have permission to create any further device nodes. So just disable udev...

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx

...As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load of its initial files also as unconfined_u, Puppet goes and resets them all to system_u which is what they should be when checking matchpathcon: The thing is, because the service is started as unconfined_u, any databases/tables that are created are going to inherit that, and puppet is going to be resetting them. For some more detail, I''ve written something which will set the mysqld_db_t selinux file_context on my data directo...

...etfscreatecon The Debian/Ubuntu OpenSSH packages are compiled with SELinux support, but SELinux isn't necessarily available at run-time. If it's unavailable, then ssh_selinux_setfscreatecon may crash because it does not either (a) check ssh_selinux_enabled or (b) check the return value of matchpathcon. I suspect it should do both, although I'm not sure whether any error message is necessary if matchpathcon fails - does this just mean that the configuration doesn't specify any particular context? (I'm not an SELinux expert.) Patch attached which at least clears up the crash. (BTW,...

Hi all, I'm upgrading my old F9 mail server to Centos 7 and all is going well. However, I've got a problem with recently created users. I've rsync'd /home and /var/spool/mail after moving /etc/passwd and /etc/group I used the default locations on the old F9 server, i.e. mail delivered to /var/spool/mail/%u by EXIM and Dovecot using that as the inbox. Dovecot then used ~/mail/

OS: CentosOS 7 I have installed samba + openldap + smbldap-tools + pam by: yum --enablerepo=extras install -y epel-release yum install -y smbldap-tools yum install -y samba openldap openldap-clients openldap-servers migrationtools yum install -y nss-pam* I know that smbldap-tools is a dead project, but I'm interested in it and would like research on it. I create users and

...copying local->remote, check that the source file exists before opening an SFTP connection to the server. Based on GHPR#370 Portability ----------- * All: a number of build fixes for various platforms and configuration combinations. * sshd(8): provide a replacement for the SELinux matchpathcon() function, which is deprecated. * All: relax libcrypto version checks for OpenSSL >=3. Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only the library major must match instead of major and minor in earlier versions). bz#3548. * Tests: fix build problems for the...

...> > I edit /etc/samba/smb.conf: > > [data] > comment = data > path = /data > valid users = u1,u2 > write list = u1,u2 > create mask = 0777 > sync always = Yes > ; hide dot files = yes > ; writeable = no Out of curiosity, I ran: # matchpathcon /data /data system_u:object_r:etc_runtime_t:s0 I'm not sure why /data is labeled etc_runtime_t, but I suspect that's why you can't export its contents via Samba, SELinux is probably preventing it. I suggest following the directions here: https://wiki.centos.org/HowTos/SetUpSamba#head-...

...ed_t:s0 lib > unconfined_u:object_r:unlabeled_t:s0 src > unconfined_u:object_r:unlabeled_t:s0 lib64 > unconfined_u:object_r:unlabeled_t:s0 tmp > > How can I restore the default contexts? > > I've tried with restorecon and with fixfiles, but no luck, for example: > > matchpathcon -V /usr > /usr error: No data available > > How can I fix this? > > Thanks in advance. The -X option to rsync will copy all extended attributes from the old to the new filesystem. Nataraj

...copying local->remote, check that the source file exists before opening an SFTP connection to the server. Based on GHPR#370 Portability ----------- * All: a number of build fixes for various platforms and configuration combinations. * sshd(8): provide a replacement for the SELinux matchpathcon() function, which is deprecated. * All: relax libcrypto version checks for OpenSSL >=3. Beyond OpenSSL 3.0, the ABI compatibility guarantees are wider (only the library major must match instead of major and minor in earlier versions). bz#3548. * Tests: fix build problems for the...

??? Hi, I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here. I have decided to mount /var/spool/cron on a separate partition? and apply quota for regular users. But quotacheck replyes with a "permission denied" . quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied

...e > exists before opening an SFTP connection to the server. Based on > GHPR#370 > > Portability > ----------- > > * All: a number of build fixes for various platforms and > configuration combinations. > > * sshd(8): provide a replacement for the SELinux matchpathcon() > function, which is deprecated. > > * All: relax libcrypto version checks for OpenSSL >=3. Beyond > OpenSSL 3.0, the ABI compatibility guarantees are wider (only > the library major must match instead of major and minor in > earlier versions). bz#3548. &gt...

...ning BINARY mode data connection for rfc-index-latest (4042 bytes). *** glibc detected *** ftp: malloc(): memory corruption: 0x091645d0 *** ======= Backtrace: ========= /lib/libc.so.6[0x3c714c] /lib/libc.so.6(__libc_malloc+0x7e)[0x3c82ee] /lib/libc.so.6(__strdup+0x30)[0x3ccd20] /lib/libselinux.so.1(matchpathcon+0x11a)[0xe4568a] /usr/lib/libkrb5support.so.0[0x113abd] /usr/lib/libkrb5support.so.0(krb5int_labeled_fopen+0x37)[0x113dc7] ftp[0x327288] ftp[0x321dbf] ftp(main+0x48a)[0x32aaaa] /lib/libc.so.6(__libc_start_main+0xdc)[0x375dec] ftp[0x31c8c1] ======= Memory map: ======== 00110000-00118000 r-xp 0000000...

OpenSSH 5.7 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,