search for: passwd_file_t

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

...st, which means the guest has to reboot once during its first boot. Recap: SELinux file labels -------------------------- SELinux requires that files have labels. Access to a file is controlled by the label on that file. For example: $ ls -lZ /etc/passwd -rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/passwd <----------- label -----------> The SELinux policy allows (eg) /usr/sbin/passwd to write to this file, based on the process label and the target file label. (The path "/etc/passwd" is not considered.) On a running system, files created from sc...

...entOS 7.7.1908 I've got the following error message: unix_chkpwd[1026]: could not obtain user info (root) I dont' know why... There are no SELinux errors, and the permissions of relevant files are: ls -Z /etc/shadow /etc/passwd /usr/sbin/unix_chkpwd -rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/passwd ----------. root root system_u:object_r:shadow_t:s0 /etc/shadow -rwsr-xr-x. root root system_u:object_r:chkpwd_exec_t:s0 /usr/sbin/unix_chkpwd Any idea? Thanks in advance! -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org