search for: shadow_t

...we need, doesn't require us to run loadpolicy, and should work independent of guest policy. Luckily for us ... it works! $ virt-builder fedora-20 $ guestfish -a fedora-20.img -i ><fs> getxattrs /etc/shadow [0] = { attrname: security.selinux attrval: system_u:object_r:shadow_t:s0\x00 } ><fs> cp /etc/shadow /etc/shadow.copy ><fs> setxattr security.selinux system_u:object_r:shadow_t:s0 29 /etc/shadow.copy ><fs> getxattrs /etc/shadow.copy [0] = { attrname: security.selinux attrval: system_u:object_r:shadow_t:s0 } Is this expect...

...ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t; type shadow_t; type chkpwd_exec_t; class file { read execute }; class netlink_audit_socket create; } #============= pppd_t ============== allow pppd_t chkpwd_exec_t:file execute; allow pppd_t self:netlink_audit_socket create; allow pppd_t shadow_t:file read; However, I am unable to loa...

...inally, but I recently > enabled it, and selinux > is blocking this pppd service. > > "audit2allow -M" has generated the following policy based on AVC > denial messages: > > > module fixdialinserver 1.0; > > require { > ? ? ? ?type pppd_t; > ? ? ? ?type shadow_t; > ? ? ? ?type chkpwd_exec_t; > ? ? ? ?class file { read execute }; > ? ? ? ?class netlink_audit_socket create; > } > > #============= pppd_t ============== > allow pppd_t chkpwd_exec_t:file execute; > allow pppd_t self:netlink_audit_socket create; > allow pppd_t shadow_t...

...ver. I can deal with that via a local policy. But I found dovecot tried to open /etc/shadow: type=AVC msg=audit(1291490764.101:670): avc: denied { read } for pid=16130 comm="auth" name="shadow" dev=md2 ino=96335 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file type=AVC msg=audit(1291500097.318:818): avc: denied { getattr } for pid=17350 comm="auth" path="/etc/shadow" dev=md2 ino=95396 scontext=user_u:system_r:dovecot_t:s0 tcontext=system_u:object_r:shadow_t:s0 tclass=file even it is configured for pam passdb: # dove...

...1026]: could not obtain user info (root) I dont' know why... There are no SELinux errors, and the permissions of relevant files are: ls -Z /etc/shadow /etc/passwd /usr/sbin/unix_chkpwd -rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/passwd ----------. root root system_u:object_r:shadow_t:s0 /etc/shadow -rwsr-xr-x. root root system_u:object_r:chkpwd_exec_t:s0 /usr/sbin/unix_chkpwd Any idea? Thanks in advance! -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org

Hi. I have a VM with CentOs6.2 on KVM. I mount an image of the VM when it's not working with guestmount: root at diehard:~# guestmount -a named-centos.img -i tmp vi /etc/shadow insert comment line into the file (esc yy p 0 i # esc :wq!), save changes, unmount the image, turn on the VM, and I cannot login. I cannot login even if I recover the shadow file. root at diehard:~# guestmount

On Wed, 2015-02-04 at 14:55 -0700, Warren Young wrote: > > On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to

..._page(mfn), v->domain)) { + goto bad_cr3; + } + old_base_mfn = pagetable_get_pfn(v->arch.guest_table); + v->arch.guest_table = pagetable_from_pfn(mfn); + if (old_base_mfn) + put_page(mfn_to_page(old_base_mfn)); + /* + * arch.shadow_table should now hold the next CR3 for shadow + */ + v->arch.hvm_vmx.cpu_cr3 = c->cr3; + } + + skip_cr3: +#if defined(__x86_64__) + if (vmx_long_mode_enabled(v)) { + unsigned long vm_entry_value; + vm_entry_value = __vmread(VM_ENTRY_CONTROLS); + vm_entr...

...fedora-btrfs.img.tmp.$$"); + $g->add_drive ("fedora-btrfs.img-t"); $g->launch (); $g->part_init ('/dev/sda', 'mbr'); @@ -206,15 +206,15 @@ $g->chmod (0, '/etc/shadow'); $g->lsetxattr ('security.selinux', "system_u:object_r:shadow_t:s0\0", 30, '/etc/shadow'); -$g->upload ("fstab.tmp.$$", '/etc/fstab'); +$g->upload ("fedora.fstab", '/etc/fstab'); $g->write ('/etc/motd', "Welcome to Fedora release 14 (Phony)\n"); $g->write ('/e...

This patch series contains a set of patches making minios rather easier to use, from an application development point of view. Overview of patches: 1 Command line argument parsing support, from Xen. 2 Weak console handler function. 3 Build system tweaks for application directories. 4 Trailing whitespace cleanup. (because it is very messy) Patch 4 is likely to be more controversial than