Displaying 20 results from an estimated 1448 matches for "s0".
Did you mean:
ss0
2020 Feb 04
5
Relabel /usr directory
...done the following:
- Copy usr content with rsync to another partition:
rsync -av --partial --progress /usr/ /mnt
Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
the directory itself). But I've found that is bad labeled:
ls -Z /usr
unconfined_u:object_r:unlabeled_t:s0 bin
unconfined_u:object_r:unlabeled_t:s0 local
unconfined_u:object_r:unlabeled_t:s0 games
unconfined_u:object_r:unlabeled_t:s0 sbin
unconfined_u:object_r:unlabeled_t:s0 include
unconfined_u:object_r:unlabeled_t:s0 share
unconfined_u:object_r:unlabeled_t:s0 lib
unconfined_u:object_r:unlabeled_t:...
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...r/administrator
must ensure the directory has be given this requisite label. Likewise
physical block devices must be labelled system_u:object_r:virt_image_t.".
So did I:
[root at vpl2 ~]# ls -dlZ /home/aik/virtimg /var/lib/libvirt/images
drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /home/aik/virtimg
drwxr-xr-x. root root system_u:object_r:virt_image_t:s0 /var/lib/libvirt/images
[root at vpl2 ~]# ls -lZ /home/aik/virtimg /var/lib/libvirt/images
/home/aik/virtimg:
-rwxrwxrwx. root root system_u:object_r:virt_content_t:s0
Fedora-18-ppc64-DVD.iso
/var/lib/libvirt/images:
-rwxr...
2014 Apr 23
1
SELInux and POSTFIX
...module -i mypol.pp
grep 546AA6099F /var/log/audit/audit.log | audit2why
type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for
pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0
ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0
tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file
Was caused by:
Missing type enforcement (TE) allow rule.
You can use audit2allow to generate a loadable module to allow this access.
type=AVC msg=audit(1398199187.646:29333): avc: denied { read write } for
pid=23387 co...
2019 May 01
1
Brasero/cdrecord/growisofs with selinux users confined to staff_u
...ro to burn a disk, the burn operation fails.
/var/log/audit/audit.log contains the following:
type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for
pid=8296 comm="growisofs" name="devices" dev="proc" ino=4026532225
scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023
tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=0
type=AVC msg=audit(1556724762.446:1133341): avc: denied { read } for
pid=8296 comm="growisofs" name="meminfo" dev="proc" ino=4026532040
scontext=staff_u:staff_r:cdrecord_t:s0-s0:c0.c1023
tcont...
2013 Nov 16
1
(no subject)
[root at ipa tftpboot]# semanage fcontext -l | grep tftp
/tftpboot directory
system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files
system_u:object_r:tftpdir_t:s0
/usr/sbin/atftpd regular file
system_u:object_r:tftpd_exec_t:s0
/usr/sbin/in\.tftpd regular file
system_u:object_r:tftpd_exec_t:s0
/var/lib/tf...
2011 Nov 03
1
CentOS-5.7 + megaraid + SELinux : update problem
Hello,
After updating to CentOS-5.7, I have a (small) problem :
The context of /dev/megadev0 is now defined
(in /etc/selinux/targeted/contexts/files/file_contexts) as
system_u:object_r:removable_device_t:s0.
This cause smartmontools to fail :
avc: denied { read write } for pid=2847 comm="smartd"
name="megadev0" dev=tmpfs ino=8284
scontext=system_u:system_r:fsdaemon_t:s0
tcontext=system_u:object_r:removable_device_t:s0 tclass=chr_file
Changing the context (of megadev0)...
2017 Sep 21
0
CentOS 7, samba-4.4.4-14.el7_3 and openldap-2.4.40-13.el7 -- file permissions?
...ngs and somewhat working. There is a bit
of weirdness though. smbclient is only able to access *directories* and not
any of the files. Why is that? What am I missing?
Here is a log of a test run:
[heller at c764guest: ~]$ ls -lZAn
total 8424
-rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 30 Jan 10 2016 .bash_history
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 18 Nov 20 2015 .bash_logout
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 193 Nov 20 2015 .bash_profile
-rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000...
2012 Jan 13
1
SELinux and rsh+xauth
...But when SELinux is in enforcing mode on Server, the commands fail with
this message :
bash: /usr/bin/xauth: Permission denied
and /var/log/audit/audit.log shows the following errors :
type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process
type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=21744 scontext=system_u...
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
...ions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks (files in /dev) which attached to KVM guest has SELinux context
which inaccessible from context of smartd process.
[root at srv-1.home ~]# ls -laZ /dev/sd{a..f}
brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sda
brw-rw----. root disk system_u:object_r:fixed_disk_device_t:s0 /dev/sdb
brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdc
brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdd
brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675...
2017 Dec 04
0
Fwd: Qwery regarding Selinux Change Id context
Hi All,
Thanks for the information.
But after resetting the semanage User/login, and moving the targeted folder
to old one and then install the default target. then also its still showing
the
Id context as context=*system_u:system_r:unconfined_t:s0-s0:c0.c1023.*
*What I observed is after changing the permission using semanage command
also, its still showing the system_u:system_r. *
*Check the semanage login/User output :*
*semanage login -l*
*Login Name SELinux User MLS/MCS Range Service*
*__default__ un...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be related
> to Selinux.
> If it does not change yout problem, you may want to look
2013 Dec 19
1
quota and selinux on centos 6.5
...ol/cron/aquota.user , it reports that is no default context for that file.
[root at CentOS active]# touch /var/spool/cron/aquota.user
[root at CentOS active]# restorecon /var/spool/cron/
[root at CentOS active]# ls -lZ /var/spool/cron/
-rw-r--r--. root root unconfined_u:object_r:user_cron_spool_t:s0 aquota.user
[root at CentOS active]# restorecon /var/spool/cron/aquota.user
restorecon:? Warning no default label for /var/spool/cron/aquota.user
Semanage reports this
[root at CentOS active]#? semanage fcontext -l|grep quota
/a?quota\.(user|group)???????????????????????????? regular file?????...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
.../astdb.sqlite3
>
>
> [root at localhost ~]# tail -f /var/log/audit/audit.log
> type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file
> type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses...
2012 Aug 06
2
[LLVMdev] ARM eabi calling convention
When I compile this program
*$ cat vararg1-main.c
typedef struct {
double d;
} S0;
S0 g1;
void foo0(int a, ...);
int main(int argc, char **argv) {
S0 s0 = { 2.0 };
foo0(1, s0);
printf("%f\n", g1.d);
* * return 0;
}*
with this command,
*$ clang -target arm-none-linux-gnueabi-gcc -ccc-clang-archs armv7
-emit-llvm vararg1-main.c -S -o vararg1-main.ll -O...
2015 Jun 30
6
RPC server not available when windows client attempts to join samba AD
I am installing a new Samba 4.2 Active Directory server on CentOS 7. I
followed the Wiki instructions on how to create the server. I am using
sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but
I cannot get any windows client to successfully join the domain. Each
attempt returns the following error message "RPC Server in not available".
Below are the config file
2020 Apr 03
2
Samba 4.12 SELinux context /var/run
Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct
anymore:
```
root at files:~ # ls -la -Z /var/run/samba/
total 12
drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
20:42 .
drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
18:39 ..
drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 ncalrpc
drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 nmbd
-rw-r--r--. 1 root root system_u:obj...
2012 Mar 22
1
Does libvirt check MCS labels during hot-add disk image ?
...s addition of disk images of other guest running on the host.
Steps followed to create this scenario :
Started two VMs with following security configurations:
vm1:
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c219,c564</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c219,c564</imagelabel>
</seclabel>
vm2 :
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c122,c658</label>
&l...
2012 Aug 07
2
[LLVMdev] ARM eabi calling convention
...can figure out that "[2 x i32] %0" was
originally a structure consisting of a single double field. When I run llc,
it looks like "%0" is being passed in register r1 and r2.
*$ llc vararg1-main.ll -o -
ldr r0, .LCPI0_0
ldm r0, {r1, r2}
.LCPI0_0:
.long .Lmain.s0
...
.Lmain.s0:
.long 0 @ double 2.000000e+00
*
I am running tests to see if llc targeting mips can correctly compile a
bitcode file generated by clang-arm.
One of the tests is failing, and I was wondering whether this could be a
bug in arm-specific part of clang.
T...
2020 Jul 25
3
tmpfs / selinux issue
...all,
I have some AVC in the logs and wonder how to resolve this: Under
EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs.
# tail -1 /etc/fstab
tmpfs /var/lib/php/session tmpfs
defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0"
0 0
# df -a |grep php
tmpfs 16384 0 16384 0% /var/lib/php/session
# ls -laZ /var/lib/php/session
insgesamt 0
drwxrwx---. 2 root apache system_u:object_r:httpd_var_run_t:s0 40 24.
Jul 15:36 .
drwxr-xr-x. 6 root root system_u:object_r:httpd_var_lib_t:s0 68 7....
2007 May 30
2
Centos 5 OpenVPN / SElinux
...pletely it works fine.
Here are all the messages from /var/log/messages that are SElinux related:
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:10): avc:
denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs
ino=1396 scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=fd
May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:11): avc:
denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs
ino=1396 scontext=system_u:system_r:openvpn_t:s0
tcontext=system_u:system_r:pppd_t:s0 tclass=fd
May...