search for: port_t

...SELinux protection. SELINUXTYPE=targeted But during the boot i see selinux warnings and some software wan't start correctly: audit(1173699978.909:2): avc: denied { name_bind } for pid=2407 comm="piranha_gui" src=3636 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket audit(1173699978.943:3): avc: denied { append } for pid=2407 comm="piranha_gui" name="piranha-gui" dev=dm-0 ino=2338608 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:var_log_t tclass=file audit(1173699979.918:4): avc: denied { write } for...

...o allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module puppet_passenger 1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto getattr setattr re...

Using audit2allow, I was able to create a policy module for selinux: audit2allow -i /var/log/audit/audit.log -M mysqld (creates mysqld.pp and mysqld.te) I want to distribute this to all my puppet clients. I can easily put this file in /etc/selinux/targeted/modules/active/modules But even after reboot, although I can see the module listed: semodule -l ... it doesn''t seem to actually

...the audit.log, however SELinux was already in permissive mode and switching it to disabled did no good. I created the following policy to get rid of all of the errors in the audit log: module local_postfix 1.0; require { type postfix_etc_t; type home_root_t; type apmd_t; type setrans_t; type port_t; type etc_mail_t; type snmpd_t; type tmp_t; type dovecot_deliver_t; type postfix_smtp_t; type nfs_t; type var_run_t; type usr_t; type httpd_t; type audisp_t; type postfix_cleanup_t; type inetd_t; type portmap_t; type postfix_pickup_t; type hald_t; type getty_t; type avahi_t; type...

I''ve configured puppet to use storedconfigs and puppetDB, If I start the puppet master using the init script puppetmaster I get a permission denied error when a node connects: Master: [root@puppet ~]# service puppetmaster start Starting puppetmaster: [ OK ] Node: [root@puppet-slave ~]# puppet agent --test err: Could not retrieve catalog from remote