Displaying 10 results from an estimated 10 matches for "named_t".
2018 Oct 12
0
Restarting Named on CentOS-6 gives SE Error
...you should report this as a bug.
You can generate a local policy module to allow this access.
Do allow this access for now by executing:
# grep named /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context unconfined_u:system_r:named_t:s0
Target Context system_u:object_r:sysctl_vm_t:s0
Target Objects [ dir ]
Source named
Source Path /usr/sbin/named
Port <Unknown>
Host inet08.hamilton.harte-lyne.ca
Source...
2007 Aug 16
1
SELinux questions, upon restarting BIND
...stalled,
so 'setroubleshoot' isn't an option (unless there's a text equivalent).
Thanks in advance for any opinions/suggestions/enlightenments :)
~Ray
=============================================
Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
/usr/sbin/named (named_t) "getattr" access to /dev/random
(tmpfs_t). For complete SELinux messages. run sealert -l
1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a
=============================================
Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
/usr/sbin/named (named_t) "read" a...
2009 Aug 15
1
Confused about named, chroot, and tmp files.
...ing
configuration from '/etc/named.conf'
Aug 15 14:09:46 devserver21 named: named reload succeeded
Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:31): avc: denied {
write } for pid=5103 comm="named" name="named" dev=dm-0 ino=28148843
scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t
tclass=dir
Aug 15 14:09:46 devserver21 kernel: audit(1250359786.568:32): avc: denied {
add_name } for pid=5103 comm="named" name="tmp-XXXXtGN8y7"
scontext=user_u:system_r:named_t tcontext=system_u:object_r:named_zone_t
tclass=dir
Aug 15...
2017 Feb 12
3
Centos7 and old Bind bug
This is my new Centos7 DNS server.
In logwatch I am seeing:
**Unmatched Entries**
dispatch 0xb4378008: open_socket(0.0.0.0#5546) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4463008: open_socket(::#1935) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4464440: open_socket(::#8554) -> permission denied: continuing: 1 Time(s)
dispatch 0xb4464440:
2007 Aug 17
2
repost: SELinux questions, upon restarting BIND
...text equivalent).
> >
> > Thanks in advance for any opinions/suggestions/enlightenments :)
> >
> > ~Ray
> >
> > =============================================
> > Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
> > /usr/sbin/named (named_t) "getattr" access to /dev/random
> > (tmpfs_t). For complete SELinux messages. run sealert -l
> > 1ab129b8-9f9f-48ae-a67e-d52f63a5fb5a
> > =============================================
> > Aug 16 07:12:23 sunspot setroubleshoot: SELinux is preventing
>...
2006 Aug 25
1
SELinux targeted - named, portmap and syslogd errors
...name="libnsl-2.3.4.so" dev=dm-0 ino=48836 scontext=user_u:system_r:portmap_t
tcontext=system_u:object_r:file_t tclass=file
audit(1156518728.009:10): avc: denied { read } for pid=2411 comm="named"
name="liblwres.so.1.1.2" dev=dm-0 ino=462795
scontext=user_u:system_r:named_t tcontext=system_u:object_r:file_t
tclass=file
audit(1156518728.032:13): avc: denied { read } for pid=2411 comm="named"
name="libgssapi_krb5.so.2" dev=dm-0 ino=459694
scontext=user_u:system_r:named_t tcontext=system_u:object_r:file_t
tclass=lnk_file
==========================...
2017 Feb 12
0
Centos7 and old Bind bug
...s option in Bind?
It looks like that bug was assigned to the selinux-policy component,
where it was CLOSED NOTABUG, and then mistakenly marked CLOSED ERRATA.
The solution is probably to specify the allowed ports. However, I must
be reading something wrong, because on my system, it looks like named_t
is allowed to use those ports.
# sesearch -A -s named_t | grep port | grep bind
...indicates that named_t is allowed to bind to both unreserved
ports and ephemeral ports.
# semanage port -l | grep unreserved_port_t
unreserved_port_t tcp 61001-65535, 1024-32767
unreserved...
2017 Feb 12
2
Centos7 and old Bind bug
...ooks like that bug was assigned to the selinux-policy component,
> where it was CLOSED NOTABUG, and then mistakenly marked CLOSED ERRATA.
>
> The solution is probably to specify the allowed ports. However, I
> must be reading something wrong, because on my system, it looks like
> named_t is allowed to use those ports.
>
> # sesearch -A -s named_t | grep port | grep bind
>
> ...indicates that named_t is allowed to bind to both unreserved
> ports and ephemeral ports.
>
> # semanage port -l | grep unreserved_port_t
> unreserved_port_t tcp...
2015 Oct 27
0
CentOS-6.6 SELinux questions
...il_t ==============
#!!!! The source type 'mailman_mail_t' can write to a 'dir' of the
following types:
# mailman_log_t, mailman_data_t, mailman_lock_t, mailman_archive_t,
var_lock_t, tmp_t, mailman_mail_tmp_t, var_log_t, root_t
allow mailman_mail_t lib_t:dir write;
#============= named_t ==============
allow named_t sysctl_vm_t:dir search;
#============= postfix_postdrop_t ==============
allow postfix_postdrop_t fail2ban_tmp_t:file { read write };
#============= syslogd_t ==============
allow syslogd_t sysctl_vm_t:dir search;
Is there an epel/selinux forum to report these for re...
2012 Nov 26
0
Installation and Setup of Samba4 AD DC on CentOS6
...to produce a file for generating a
policy module
# ausearch -m avc -ts dd/mm/yy | audit2allow -m samba4local >
samba4local.te
I edited the samba4local.te file to remove the unwanted commentary. The
result looked like this:
---***---
module samba4local 1.0;
require {
type initrc_t;
type named_t;
type named_var_run_t;
type ntpd_t;
type ntpd_var_run_t;
type smbd_t;
type samba_unconfined_script_exec_t;
type urandom_device_t;
type var_lock_t;
class unix_stream_socket connectto;
class unix_dgram_socket sendto;
class sock_file write;
class chr_file wr...