search for: public_content_t

...gs to correct: [root at VIRTCENT04:~]#cobbler check The following are potential configuration items that you may want to fix: 1 : you need to set some SELinux content rules to ensure cobbler serves content correctly in your SELinux environment, run the following: /usr/sbin/semanage fcontext -a -t public_content_t "/tftpboot/.*" && /usr/sbin/semanage fcontext -a -t public_content_t "/var/www/cobbler/images/.*" 2 : you need to set some SELinux rules if you want to use cobbler-web (an optional package), run the following: /usr/sbin/semanage fcontext -a -t httpd_sys_content_rw_t &quo...

...  <shareable/>           <address type='drive' controller='0' bus='1' target='0' unit='0'/>         </disk>         ... And this is what happens:     # ls -lZ Fedora-Live-Desktop-x86_64-19-1.iso     -r--r--r--. root root system_u:object_r:public_content_t:s0 Fedora-Live-Desktop-x86_64-19-1.iso     # virsh start test     Domain test started     # ls -lZ Fedora-Live-Desktop-x86_64-19-1.iso     -r--r--r--. qemu qemu system_u:object_r:public_content_t:s0 Fedora-Live-Desktop-x86_64-19-1.iso Adding <seclabel model='dac' relabel='no'...

Hi, I'm installing the operating system for my virtual machines from CD images and I would like for libvirtd to stop relabeling the corresponding files.  Since the installation media is no big secret, I have labeled the files with system_u:object_r:public_content_t:s0, but libvirtd keeps changing them to system_u:object_r:svirt_image_t:s0.  It also changes the ownership to qemu:qemu.  This means that I can not make the files immutable (chattr +i). The XML dump of the machine looks like this :     <disk type='file' device='cdrom'>      ...

...Ciupitu wrote: > Hi, > > I'm installing the operating system for my virtual machines from CD > images and I would like for libvirtd to stop relabeling the > corresponding files. Since the installation media is no big secret, I > have labeled the files with system_u:object_r:public_content_t:s0, but > libvirtd keeps changing them to system_u:object_r:svirt_image_t:s0. It > also changes the ownership to qemu:qemu. This means that I can not make > the files immutable (chattr +i). Caveat - this is not something I have tried myself, so try it out, and feel free to post back if...

...n enforcing mode. Most files didn't transfer, so I tried the example from rsync_selinux(8): Allow rsync servers to read the /var/rsync directory by adding the pub- lic_content_t file type to the directory and by restoring the file type. semanage fcontext -a -t public_content_t "/var/rsync(/.*)?" restorecon -F -R -v /var/rsync except I substituted /etc for /var/rsync. Big mistake. Most or all services with config files under /etc could no longer read their config files, including ssh. It looks like the selinux type was substituted rather than added?...

...man -k _selinux => will show you man pages for everything regarding selinux and domain/process/context </tip> => man tftpd_selinux => search for samba and : <quote> If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. </quote> But read the whole tftpd_selinux and samba_selinux man pages (and they sh...

----- Original Message ----- > From: Eric Blake <eblake@redhat.com> > To: Cristian Ciupitu <cristian.ciupitu@yahoo.com> > Cc: libvirt-users <libvirt-users@redhat.com> > Sent: Monday, August 19, 2013 11:24 PM > Subject: Re: [libvirt-users] Stop the relabeling of CD images > So maybe this would do it: > > <source file=...> >   <seclabel

...pages for everything regarding > selinux and domain/process/context > </tip> > > => man tftpd_selinux > => search for samba and : > <quote> > If you want to share files with multiple domains (Apache, FTP, rsync, > Samba), you can set a file context of public_content_t and > public_content_rw_t. These context allow any of the above domains to > read the content. > If you want a particular domain to write to the public_content_rw_t > domain, you must set the appropriate boolean. > </quote> > > But read the whole tftpd_selinux and sa...

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at