search for: restorecon

Add a new api restorecon to restore file(s) default SELinux security contexts. Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com> --- daemon/selinux.c | 69 + generator/actions.ml | 25 + gobject/Makefile.inc | 6 +- po/POTFILES | 2 + src/MAX_PROC_NR |...

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql So I did the following: semanage fcontext -d -t var_lib_t /var/lib/mysql It started to look better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql sy...

...st_rsa_key_4096 -rw-r--r--. root root unconfined_u:object_r:sshd_key_t:s0 ssh_host_rsa_key_4096.pub -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_rsa_key.pub As it seems odd, to me, that all the other files had a system_u user while the new had unconfined_u. So, I decided to run restorecon -v to presumably set the SELinux user correctly for the new keys: But that is not what happened: restorecon -v * restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 restorecon reset /etc/ssh/ssh_host_rsa_key_4096.pub con...

Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all files system_u:object_r:mysqld_db_t:s...

Package: xen-utils-common Version: 4.0.0-1 Severity: important After running modules_setup you need to have the following line: [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev/xen The reason is that the module load causes the kernel to create device nodes in the devtmpfs. This bypasses the udev code for labelling the device node and results in xenstored being unable to access /dev/xen/evtchn and therefore not working. In Squeeze+...

Hi, I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory. I have added the below to file_contexts.local : /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error : restorecon: lstat(/var/spool/postfix/private/dovecot-auth) failed: No such file or directory I cannot create the socket file in advance, because dovecot manages it, and if you "touch" the file, dovecot com...

https://bugzilla.mindrot.org/show_bug.cgi?id=1933 Bug #: 1933 Summary: restorecon typoed as "restorcon" in contrib/redhat/sshd.init Classification: Unclassified Product: Portable OpenSSH Version: 5.9p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2...

...centOS-4.4 on a really fast machine (16 GB memory, 8 Opteron CPU's, SATA drives). Then making an update by using the Centos-5 CD's. The start was fast, but during update, the installer spents a very, very long wallclock time during selinx updating: for about 1/2 hour the updater runs in a restorecon/find sequence. And at the end, before the MBR is written, it spents again a long time in "install". Can somebody explain this? Regards -- Joachim Backes <joachim.backes at rhrk.uni-kl.de> University of Kaiserslautern,Computer Center [RHRK], Systems and Operations, High Performa...

...ission denied quotacheck: Cannot initialize IO on new quotafile: Permission denied Indeed,? files in that directory has a context witch denies quotacheck process to write files. To became suitable fo quota, those files (aquota.user and aquota.group) must have quota_db_t type(in context). If I use restorecon /var/spool/cron/aquota.user , it reports that is no default context for that file. [root at CentOS active]# touch /var/spool/cron/aquota.user [root at CentOS active]# restorecon /var/spool/cron/ [root at CentOS active]# ls -lZ /var/spool/cron/ -rw-r--r--. root root unconfined_u:object_r:user_cron...

...---------- # sealert -b ........................................ Summary: SELinux is preventing postmaster (postgresql_t) "setattr" to ./db (etc_t). Allowing Access: Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for ./db, restorecon -v './db' If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug rep...

Hello, On CentOS-6.2, these two commands (on the same machine) give me different results : # restorecon -r /var/www/html/Centos/ # (as root) $ sudo restorecon -r /var/www/html/Centos/ # (as an unprivileged user) /var/www/html/Centos/ is a symlink to /mnt/packages/Centos/ In the first case, I get : # ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t 6 a...

...a..c85be15 100644 --- a/common-post.ks +++ b/common-post.ks @@ -131,6 +131,11 @@ sed -i 's/node\.session\.initial_login_retry_max.*/node.session.initial_login_re # root's bash profile cat >> /root/.bashrc <<EOF # aliases used for the temporary +function mod_vi() { + vi $@ + restorecon -v $@ +} +alias vi="mod_vi" alias ping='ping -c 3' EOF -- 1.6.0.6

After a manual fix I have that, too. Point is that for historic hosts this symlink doesn't exist. The upgrade fails due to dbus becoming unavailable. And the next reboot fails, too, because the symlink is not created automatically. Can you confirm this? Regards Harri

...clue what this "rear" subsystem is, or why madam would be trying to write to its log file. Can anyone enlighten me? thanks in advance! ------------------------- SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless. ***** Plugin restorecon (93.9 confidence) suggests ************************ If you want to fix the label. /var/log/rear/rear-fcshome.log.lockless default label should be var_log_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/log/rear/rear-fcshome.log.lockless ***** Plugin leaks (6.10 confidence) sugges...

> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote: > > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> So, I decided to run restorecon -v to >> ... >> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context >> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 >> ... >> There is no REQUIREMENT that a host key have a particular file name is >> there? The sshd_config provide...

...don't felt like trying it, because of the possibility of breaking my ZFS and nVIDIA stuff. So I decided to give the 7.3 in CR repo for a try. The upgrading was smooth. The only problem was that I had to reinstall nVIDIA proprietary drive because my nouveau blacklist was gone. I also had to run restorecon on /home because all labels were wrong. That broke Chrome and many other programs that need to access files in user home. I have no idea what's the cause yet. 3.10.0-514.2.2.el7.x86_64's support for Skylake is great. I see no difference between it and the previous 4.8 kernel I used. Then...

...t; Thanks, I managed to fix /var/lib/mysql > > # ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql > > To fix it, I tried: > semanage fcontext -d -e /var/lib/mysql > this command returned: > KeyError: /var/lib/mysql > I tried restorecon anyway: > restorecon -Rv /var/lib/mysql > But not better: > ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql > > So I did the following: > semanage fcontext -d -t var_lib_t /var/lib/mysql > It started to look better: > ls -l...

I am installing a new Samba 4.2 Active Directory server on CentOS 7. I followed the Wiki instructions on how to create the server. I am using sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but I cannot get any windows client to successfully join the domain. Each attempt returns the following error message "RPC Server in not available". Below are the config file

...c_t:s0 auth.conf.rpmnew -rw-r--r--. root root system_u:object_r:puppet_etc_t:s0 fileserver.conf drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 manifests drwxr-xr-x. root root system_u:object_r:puppet_etc_t:s0 modules -rw-r--r--. root root unconfined_u:object_r:puppet_etc_t:s0 puppet.conf restorecon sets all files in the subdirectories to unconfined_u. puppet master runs as root, so it should be able to modify the file labels. Anyone have any idea why these messages keep popping up? and how to fix the problem? Admittedly, I can just change the file labels manually, but that doesn''...

On 23 Oct 2017 5:26 pm, "Bernard Fay" <bernard.fay at gmail.com> wrote: Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all files system_u:object_r:mysqld_db_t:s...