Displaying 19 results from an estimated 19 matches for "nfs_t".
Did you mean:
fs_t
2008 Oct 30
1
nfs mounted /home and selinux
...$ ls -alZ /home
drwxr-xr-x root root system_u:object_r:home_root_t .
drwxr-xr-x root root system_u:object_r:root_t ..
$ mount -t nfs -o context=user_u:object_r:user_home_dir_t \
server001a:/vol/vol01/home /home
$ ls -alZ /home
drwxrwxr-x root root system_u:object_r:nfs_t .
drwxr-xr-x root root system_u:object_r:root_t ..
drwx------ fred users system_u:object_r:nfs_t fred
drwx------ mike users system_u:object_r:nfs_t mike
drwx------ alice users system_u:object_r:nfs_t alice
$ mo...
2016 Sep 16
0
SELinux module
...it would be
> the "quickest" route around this problem. On Sep 16, 2016 8:25 AM, Bernard
> Fay <bernard.fay at gmail.com> wrote:
> >
> > Hello everyone,
> >
> > I have a problem with oddjob_mkhomedir on a NFS mount point. The actual
> > context is nfs_t
> >
> > drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/
> >
> >
> > With this type, oddjob_mkhomedir cannot do is job of creating home user
> > directories.
> >
> > In the logs, I found about creating a new module with audi2allow and
>...
2016 Sep 16
2
SELinux module
Hello everyone,
I have a problem with oddjob_mkhomedir on a NFS mount point. The actual
context is nfs_t
drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/
With this type, oddjob_mkhomedir cannot do is job of creating home user
directories.
In the logs, I found about creating a new module with audi2allow and
semodule:
[root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598
X11 c...
2012 Feb 16
3
Baffled by selinux
...e_dirs=1. But I still
can't start httpd. Not sure what to make of the audit log:
type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" e...
2007 Dec 07
0
mounting nfs as httpd_sys_content_t under selinux
...that will allow
apache to access it.
But when I try the command they suggest:
[root at vm-37:~] mount -t nfs -o \
context=system_u:object_r:httpd_sys_content_t \
192.168.1.100:/data/test /mnt/test
It mounts, but when I do:
[root at vm-37:~]# ls -lZ /mnt
drwxr-xr-x 65534 65534 system_u:object_r:nfs_t test
It doesn't show the correct context.
(I don't know if it matters that I don't have a user with
UID 65534, only the remote NFS server has that.)
And sure enough, apache still can't serve from it. I see
this in /var/log/messages:
Dec 7 17:30:14 vm-37 kernel: audit(119706...
2019 Jul 19
2
SELinux settings for directory shared via NFS and samba?
Hi,
what do I need to do to share the same directory with both NFS and samba?
SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC
I can't set both at the same time on a directory.
2010 Oct 15
1
NFS4 + SELinux
All test machines are CentOS 5.5 (RHEL subscriptions purchased).
We've had NFS3 storage working fine and decided to try NFS4.
We can mount an NFS4 share on our KVM host, but the SELinux file context on the mountpoint directory is magically changed from virt_image_t to nfs_t. Restorecon refuses to change it back.
Adding the mount option context=system_u:object_r:virt_image_t on either server or client doesn't help (option not recognised).
What could we be doing wrong? Does NFS4 + KVM work?
Are there any 'best practices' references around for using NFS4 f...
2009 Oct 04
2
deliver stopped working
...reated the following policy
to get rid of all of the errors in the audit log:
module local_postfix 1.0;
require {
type postfix_etc_t;
type home_root_t;
type apmd_t;
type setrans_t;
type port_t;
type etc_mail_t;
type snmpd_t;
type tmp_t;
type dovecot_deliver_t;
type postfix_smtp_t;
type nfs_t;
type var_run_t;
type usr_t;
type httpd_t;
type audisp_t;
type postfix_cleanup_t;
type inetd_t;
type portmap_t;
type postfix_pickup_t;
type hald_t;
type getty_t;
type avahi_t;
type etc_t;
type sysctl_kernel_t;
type unconfined_t;
type init_t;
type auditd_t;
type lib_t;
type dovecot...
2015 Jun 20
2
puppet files denied by SELinux
...sg=audit(1434769414.956:562): avc: denied { open } for
pid=3558 comm="ruby"
path="/etc/puppet/environments/production/modules/bacula/files/monitor1/monitor1.mydomain.com.crt"
dev="vda1" ino=1842005 scontext=system_u:system_r:passenger_t:s0
tcontext=system_u:object_r:nfs_t:s0 tclass=file
And audit2allow told me this:
#grep puppet /var/log/audit/audit.log | audit2allow -M puppet
******************** IMPORTANT ***********************
To make this policy package active, execute:
semodule -i puppet.pp
But in installing the module I get an error I've never seen be...
2019 Jul 19
1
SELinux settings for directory shared via NFS and samba?
...Fauster via CentOS <centos at centos.org> wrote:
>
> Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>:
>> Hi,
>>
>> what do I need to do to share the same directory with both NFS and samba?
>> SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC
>> I can't set both at the same time on a directory.
>
> Maybe samba_share_nfs boolean? (not tested)
>
> --
> LF
>
>
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://...
2018 Apr 12
0
motion
Got a CentOS 7 box running motion. Selinux is complaining that one of the
scripts motion runs is mislabeled. Here's what it is.
system_u:object_r:nfs_t:s0 /home/motion/bin/on_move_end
Now, ~motion is NFS mounted, and we've got use_nfs_home_dirs --> on, so
what *would* the proper label be, or do I really need to create a policy
for this?
mark
2019 Jul 19
0
SELinux settings for directory shared via NFS and samba?
Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>:
> Hi,
>
> what do I need to do to share the same directory with both NFS and samba?
> SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC
> I can't set both at the same time on a directory.
Maybe samba_share_nfs boolean? (not tested)
--
LF
2012 Mar 06
0
NFS Selinux issues
...mount
serverhost:/usr/local on /usr/local type nfs4
(rw,context="system_u:object_r:usr_t:s0",hard,intr,addr=serverhost,clientaddr=clienthost)
yet the directory permissions show the security context of nfs:
[root at clienthost ~]# ls -dZ /usr/local
drwxr-xr-x. root root system_u:object_r:nfs_t:s0 /usr/local
My /etc/fstab entry is:
serverhost:/usr/local /usr/local nfs
context=system_u:object_r:usr_t:s0,rw,hard,intr 0 0
This is causing some issues with some of my scripts.
Both the client and server are 6.2 servers. The client is a virtual image
running on the server.
Th...
2013 Nov 25
2
ltsp & Selinux
Hello All,
I set up ltsp regulary, on Centos6 machines.
This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.
It only works after the command :
# echo 0 > /selinux/enforce
I tried this semanage command:
# semanage fcontext -a -t bin_t /usr/bin/xauth
but it makes no difference.
The message I'm now
2015 Jun 29
1
puppet files denied by SELinux
I have no idea of the current dependency problem. I think your original
problem was caused by mv'ing files from an nfs share to /etc which
maintained the context. And SELinux prevented puppet from accessing
nfs_t type. If you had just run restorecon on the object it would have
set it back to the correct/default context.
You might want to setup an alias mv "mv -Z"
This changes the way mv works to set the context after mv rather then
maintaining the source context.
On 06/21/2015 02:05 PM, Tim Du...
2016 Apr 12
2
Re: [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path
...s follows ( I have to use root_squash for security
> reasons. I'm sure it will work using no_root_squash but that option is
> not an option here.):
>
> [root@mdskvm-p01 ~]# grep nfs /etc/fstab
> # 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs
> context=system_u:object_r:nfs_t:s0,soft,intr,rsize=8192,wsize=8192,noauto
> 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs
> soft,intr,rsize=8192,wsize=8192,noauto
> [root@mdskvm-p01 ~]#
>
> [root@opennebula01 ~]# cat /etc/exports
> /var/lib/one/ *(rw,sync,no_subtree_check,root_squash)
> [root@opennebu...
2016 Apr 12
2
Re: [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path
On Mon, Apr 11, 2016 at 08:02:04PM -0400, TomK wrote:
>Hey All,
>
>Wondering if anyone had any suggestions on this topic?
>
The only thing I can come up with is:
'/var/lib/one//datastores/0/38/disk.1': Permission denied
... that don't have access to that file. Could you elaborate on that?
I think it's either:
a) you are running the domain as root or
b) we
2016 Apr 12
0
Re: [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path
...use root_squash for security
>> reasons. I'm sure it will work using no_root_squash but that option is
>> not an option here.):
>>
>> [root@mdskvm-p01 ~]# grep nfs /etc/fstab
>> # 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs
>> context=system_u:object_r:nfs_t:s0,soft,intr,rsize=8192,wsize=8192,noauto
>> 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs
>> soft,intr,rsize=8192,wsize=8192,noauto
>> [root@mdskvm-p01 ~]#
>>
>> [root@opennebula01 ~]# cat /etc/exports
>> /var/lib/one/ *(rw,sync,no_subtree_check,root_squash...
2015 Jun 21
2
puppet files denied by SELinux
Hi all,
Thanks for all your suggestions. Here's where I'm at with this.
Can you give details about your puppetmasterd setup ? it seems that
> you're using Foreman as puppet ENC.
>
Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using
foreman, sorry I hadn't thought to mention it!
> Foreman works fine with selinux enabled : that's what