search for: semodul

...ly that, reassign port contexts, in the past without encountering this situation. So it has to be a recent development. I am not against SELinux. We use it extensively. But this is not security it is simply BS. It is stuff like this that causes people to say just turn selinux off altogether. semodule -r apache libsepol.print_missing_requirements: awstats's global requirements were not met: type/attribute httpd_log_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! semodule -r awstats semodule -r apache li...

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp *semodule: Failed on myzabbix.pp!* I also tried: [root at monitor2:~] #semodule -i my_zabbix semodule: Failed on my_zabbix! And [root at monitor2:~] #semodule -i my-zabbix semodule: Failed on my-zabbi...

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory). libsemanag...

hi guys I've just gotten a bunch of updates via yum and something weird seems to be going on after the update. System has: selinux-policy-3.13.1-268.el7_9.2.noarch selinux-policy-targeted-3.13.1-268.el7_9.2.noarch actually three different boxes, all the same: $ semodule -l No modules. and an attempt to install modules fails: $ semodule -i openvpn.pp Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/pe-openvpn/cil:1 semodule:? Failed! Does above "usual" work for you? many thanks, L.

> > What turns up in myzabbix.te? Same deal. :( #semodule -i myzabbix.te semodule: Failed on myzabbix.te! sigh... but thanks any other clues? On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote: > On 17/06/15 16:29, Tim Dunphy wrote: > >> That's because there's already a zabbix module loaded (the mess...

...{ add_name getattr read remove_name search write }; allow amavis_t mqueue_spool_t:file { create getattr lock read rename unlink write }; allow amavis_t sbin_t:lnk_file read; allow amavis_t sendmail_exec_t:file { execute execute_no_trans read }; allow amavis_t var_lib_t:dir search; - now I do 'semodule -i amavis.pp' to load the module- but instead of working I instead get this error: libsepol.print_missing_requirements: amavis's global requirements were not met: type/attribute amavis_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Anyone know the next step...

...hat's because there's already a zabbix module loaded (the message isn't >> very informative!). I forgot that the received wisdom is to insert "my" in >> front of ones own modules i.e.: >> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix >> semodule -i myzabbix.pp > > > Hmm no luck there either: > > [root at monitor2:~] #semodule -i myzabbix.pp > *semodule: Failed on myzabbix.pp!* > > I also tried: > > [root at monitor2:~] #semodule -i my_zabbix > semodule: Failed on my_zabbix! > > And > > [root...

...n the disable file by default. >> Then you should report this as a bug. >> You can generate a local policy module to allow this access. >> Do >> allow this access for now by executing: >> # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver >> # semodule -i my-f2bserver.pp >> Weirdly enough, when I follow this suggestion and then empty audit.log and restart my server, I still get the exact same error again. > > I reinstalled this server from scratch and took some notes. This time I was successful, though I don't know exactly what...

...elieve that python2.7 should be allowed read access on the disable file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'f2b/server' --raw | audit2allow -M my-f2bserver # semodule -i my-f2bserver.pp Weirdly enough, when I follow this suggestion and then empty audit.log and restart my server, I still get the exact same error again. Which makes Fail2ban unusable with SELinux in enforcing mode in the current state. Any suggestions ? Niki -- Microlinux - Solutions inform...

File a bug!!! On 2 April 2015 at 16:20, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > On Wed, April 1, 2015 16:09, Andrew Holway wrote: > > I used the command: semanage port -m -t http_port_t -p tcp 8000 > > to relabel a port. perhaps you could try: > > "semanage port -m -t unconfined_t -p tcp 8000" > > Failing that; would it work to run your

...I'm not seeing those errors logged, either, so maybe your system > differs from mine. If I'm misreading, hopefully someone will chime in > to clarify. ... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd need to enable debugging (semodule -DB, and later use semodule -B to disable debugging) to get them. While in debugging mode, audit.log should contain confirmation that SELinux is blocking the port use. That log entry should tell us more about how to address the problem.

...ve just gotten a bunch of updates via yum and something > weird seems to be going on after the update. > System has: > > selinux-policy-3.13.1-268.el7_9.2.noarch > selinux-policy-targeted-3.13.1-268.el7_9.2.noarch > > actually three different boxes, all the same: > > $ semodule -l > No modules. > > and an attempt to install modules fails: > > $ semodule -i openvpn.pp > Failed to resolve typeattributeset statement at > /etc/selinux/targeted/tmp/modules/400/pe-openvpn/cil:1 > semodule: Failed! I have a smilar issue after the latest CentOS 7 upda...

I need to run a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir

...believe that python2.7 should be allowed read access on the disable file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'f2b/f.sshd' --raw | audit2allow -M my-f2bfsshd # semodule -i my-f2bfsshd.pp ... As far as I can tell - and please correct me if I'm wrong - if a package doesn't play well with SELinux in the default configuration, this should be considered as a bug. In that case, the appropriate reaction would be to file a bug on the EPEL mailing list, since...

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

...t; ino=1842005 scontext=system_u:system_r:passenger_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=file And audit2allow told me this: #grep puppet /var/log/audit/audit.log | audit2allow -M puppet ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i puppet.pp But in installing the module I get an error I've never seen before: #semodule -i puppet.pp libsepol.print_missing_requirements: foreman's global requirements were not met: type/attribute puppet_var_lib_t (No such file or directory). libsemanage.semanage_link_sandbox: Link pa...

Hey guys,. I have a centos 7 machine I'm using as a zabbix server. And I noticed that apache won't start, with this complaint in the error log: (13)Permission denied: AH00091: httpd: could not open error log file /var/log/zabbix_error_log. AH00015: Unable to open logs I tried having a look at audit2allow and this is the response I get back: [root at monitor2:/etc/httpd] #grep http

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

On Wed, April 1, 2015 16:09, Andrew Holway wrote: > I used the command: semanage port -m -t http_port_t -p tcp 8000 > to relabel a port. perhaps you could try: > "semanage port -m -t unconfined_t -p tcp 8000" > Failing that; would it work to run your application in the httpd_t > domain? > I ended up having to create a custom policy to allow the other application to