search for: nfs_t

...$ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t nfs -o context=user_u:object_r:user_home_dir_t \ server001a:/vol/vol01/home /home $ ls -alZ /home drwxrwxr-x root root system_u:object_r:nfs_t . drwxr-xr-x root root system_u:object_r:root_t .. drwx------ fred users system_u:object_r:nfs_t fred drwx------ mike users system_u:object_r:nfs_t mike drwx------ alice users system_u:object_r:nfs_t alice $ mo...

...it would be > the "quickest" route around this problem. On Sep 16, 2016 8:25 AM, Bernard > Fay <bernard.fay at gmail.com> wrote: > > > > Hello everyone, > > > > I have a problem with oddjob_mkhomedir on a NFS mount point. The actual > > context is nfs_t > > > > drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/ > > > > > > With this type, oddjob_mkhomedir cannot do is job of creating home user > > directories. > > > > In the logs, I found about creating a new module with audi2allow and &gt...

Hello everyone, I have a problem with oddjob_mkhomedir on a NFS mount point. The actual context is nfs_t drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/ With this type, oddjob_mkhomedir cannot do is job of creating home user directories. In the logs, I found about creating a new module with audi2allow and semodule: [root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598 X11 c...

...e_dirs=1. But I still can't start httpd. Not sure what to make of the audit log: type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" e...

...that will allow apache to access it. But when I try the command they suggest: [root at vm-37:~] mount -t nfs -o \ context=system_u:object_r:httpd_sys_content_t \ 192.168.1.100:/data/test /mnt/test It mounts, but when I do: [root at vm-37:~]# ls -lZ /mnt drwxr-xr-x 65534 65534 system_u:object_r:nfs_t test It doesn't show the correct context. (I don't know if it matters that I don't have a user with UID 65534, only the remote NFS server has that.) And sure enough, apache still can't serve from it. I see this in /var/log/messages: Dec 7 17:30:14 vm-37 kernel: audit(119706...

Hi, what do I need to do to share the same directory with both NFS and samba? SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC I can't set both at the same time on a directory.

All test machines are CentOS 5.5 (RHEL subscriptions purchased). We've had NFS3 storage working fine and decided to try NFS4. We can mount an NFS4 share on our KVM host, but the SELinux file context on the mountpoint directory is magically changed from virt_image_t to nfs_t. Restorecon refuses to change it back. Adding the mount option context=system_u:object_r:virt_image_t on either server or client doesn't help (option not recognised). What could we be doing wrong? Does NFS4 + KVM work? Are there any 'best practices' references around for using NFS4 f...

...reated the following policy to get rid of all of the errors in the audit log: module local_postfix 1.0; require { type postfix_etc_t; type home_root_t; type apmd_t; type setrans_t; type port_t; type etc_mail_t; type snmpd_t; type tmp_t; type dovecot_deliver_t; type postfix_smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type hald_t; type getty_t; type avahi_t; type etc_t; type sysctl_kernel_t; type unconfined_t; type init_t; type auditd_t; type lib_t; type dovecot...

...sg=audit(1434769414.956:562): avc: denied { open } for pid=3558 comm="ruby" path="/etc/puppet/environments/production/modules/bacula/files/monitor1/monitor1.mydomain.com.crt" dev="vda1" ino=1842005 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file And audit2allow told me this: #grep puppet /var/log/audit/audit.log | audit2allow -M puppet ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i puppet.pp But in installing the module I get an error I've never seen be...

...Fauster via CentOS <centos at centos.org> wrote: > > Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>: >> Hi, >> >> what do I need to do to share the same directory with both NFS and samba? >> SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC >> I can't set both at the same time on a directory. > > Maybe samba_share_nfs boolean? (not tested) > > -- > LF > > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://...

Got a CentOS 7 box running motion. Selinux is complaining that one of the scripts motion runs is mislabeled. Here's what it is. system_u:object_r:nfs_t:s0 /home/motion/bin/on_move_end Now, ~motion is NFS mounted, and we've got use_nfs_home_dirs --> on, so what *would* the proper label be, or do I really need to create a policy for this? mark

Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>: > Hi, > > what do I need to do to share the same directory with both NFS and samba? > SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC > I can't set both at the same time on a directory. Maybe samba_share_nfs boolean? (not tested) -- LF

...mount serverhost:/usr/local on /usr/local type nfs4 (rw,context="system_u:object_r:usr_t:s0",hard,intr,addr=serverhost,clientaddr=clienthost) yet the directory permissions show the security context of nfs: [root at clienthost ~]# ls -dZ /usr/local drwxr-xr-x. root root system_u:object_r:nfs_t:s0 /usr/local My /etc/fstab entry is: serverhost:/usr/local /usr/local nfs context=system_u:object_r:usr_t:s0,rw,hard,intr 0 0 This is causing some issues with some of my scripts. Both the client and server are 6.2 servers. The client is a virtual image running on the server. Th...

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

I have no idea of the current dependency problem. I think your original problem was caused by mv'ing files from an nfs share to /etc which maintained the context. And SELinux prevented puppet from accessing nfs_t type. If you had just run restorecon on the object it would have set it back to the correct/default context. You might want to setup an alias mv "mv -Z" This changes the way mv works to set the context after mv rather then maintaining the source context. On 06/21/2015 02:05 PM, Tim Du...

...s follows ( I have to use root_squash for security > reasons. I'm sure it will work using no_root_squash but that option is > not an option here.): > > [root@mdskvm-p01 ~]# grep nfs /etc/fstab > # 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs > context=system_u:object_r:nfs_t:s0,soft,intr,rsize=8192,wsize=8192,noauto > 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs > soft,intr,rsize=8192,wsize=8192,noauto > [root@mdskvm-p01 ~]# > > [root@opennebula01 ~]# cat /etc/exports > /var/lib/one/ *(rw,sync,no_subtree_check,root_squash) > [root@opennebu...

On Mon, Apr 11, 2016 at 08:02:04PM -0400, TomK wrote: >Hey All, > >Wondering if anyone had any suggestions on this topic? > The only thing I can come up with is: '/var/lib/one//datastores/0/38/disk.1': Permission denied ... that don't have access to that file. Could you elaborate on that? I think it's either: a) you are running the domain as root or b) we

...use root_squash for security >> reasons. I'm sure it will work using no_root_squash but that option is >> not an option here.): >> >> [root@mdskvm-p01 ~]# grep nfs /etc/fstab >> # 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs >> context=system_u:object_r:nfs_t:s0,soft,intr,rsize=8192,wsize=8192,noauto >> 192.168.0.70:/var/lib/one/ /var/lib/one/ nfs >> soft,intr,rsize=8192,wsize=8192,noauto >> [root@mdskvm-p01 ~]# >> >> [root@opennebula01 ~]# cat /etc/exports >> /var/lib/one/ *(rw,sync,no_subtree_check,root_squash...

Hi all, Thanks for all your suggestions. Here's where I'm at with this. Can you give details about your puppetmasterd setup ? it seems that > you're using Foreman as puppet ENC. > Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using foreman, sorry I hadn't thought to mention it! > Foreman works fine with selinux enabled : that's what