search for: system_conf_t

...9.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t >> <no output> >> >> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf >> -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf >> -rw-r...

...at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce >>>> Enforcing >>>> >>>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >>>> <no output> >>>> >>>> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t >>>> <no output> >>>> >>>> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf >>>> -rw-r--r--. root root system_u:ob...

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:system_conf_t:s0 /etc/sysctl.conf #...

...chrieb Daniel Walsh <dwalsh at redhat.com>: >> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>> Any SElinux expert here - briefly: >>> >>> # getenforce >>> Enforcing >>> >>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >>> <no output> >>> >>> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t >>> <no output> >>> >>> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf >>> -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/r...

On 12/23/2015 11:12 PM, Ofer Hasson wrote: > [root at web-devel-local-1 ~]# /usr/lib/systemd/systemd-sysctl > [root at web-devel-local-1 ~]# cat /proc/sys/vm/swappiness > 10 So... you know that it works when you run it from a root shell, but not during boot. Is the file labeled properly? Anything in audit.log?

On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: > Any SElinux expert here - briefly: > > > # getenforce > Enforcing > > # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t > <no output> > > # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t > <no output> > > # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf > -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf > -rw-r--r--. root root system_u:object_r...

...et: Re: [CentOS] systemd-sysctl not running on boot > [root at web-devel-local-1 ~]# ll -Z /etc/ | grep sysctl > drwxr-xr-x. root root system_u:object_r:etc_t:s0 sysctl.d > > [root at web-devel-local-1 ~]# ll -Z /etc/sysctl.d/ > -rw-r--r--. root root unconfined_u:object_r:system_conf_t:s0 sysctl.conf > Is there a relationship with the new symlink created by the upgrade in my servers ? # ls -l /etc/sysctl.d/ total 0 lrwxrwxrwx. 1 root root 14 23 d?c. 18:11 99-sysctl.conf -> ../sysctl.conf # yum provides /etc/sysctl.d/99-sysctl.conf initscripts-9.49.30-1.el7.x86_64 : T...

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for...

...nything related in the audit log (I'm using audit2why). As for labeling: [root at web-devel-local-1 ~]# ll -Z /etc/ | grep sysctl drwxr-xr-x. root root system_u:object_r:etc_t:s0 sysctl.d [root at web-devel-local-1 ~]# ll -Z /etc/sysctl.d/ -rw-r--r--. root root unconfined_u:object_r:system_conf_t:s0 sysctl.conf On Thu, Dec 24, 2015 at 10:51 AM, Gordon Messmer <gordon.messmer at gmail.com> wrote: > On 12/23/2015 11:12 PM, Ofer Hasson wrote: > >> [root at web-devel-local-1 ~]# /usr/lib/systemd/systemd-sysctl >> [root at web-devel-local-1 ~]# cat /proc/sys/vm/swappine...

...ctl not running on boot > > > [root at web-devel-local-1 ~]# ll -Z /etc/ | grep sysctl > > drwxr-xr-x. root root system_u:object_r:etc_t:s0 sysctl.d > > > > [root at web-devel-local-1 ~]# ll -Z /etc/sysctl.d/ > > -rw-r--r--. root root unconfined_u:object_r:system_conf_t:s0 sysctl.conf > > > Is there a relationship with the new symlink created by the upgrade in my > servers ? > > # ls -l /etc/sysctl.d/ > total 0 > lrwxrwxrwx. 1 root root 14 23 d?c. 18:11 99-sysctl.conf -> > ../sysctl.conf > > # yum provides /etc/sysctl.d/99-s...

> The easy answer is yes .. glibc requires so many things to be restarted, > that is the best bet. Or certainly the easiest. > > Note: in CentOS 7, there is also a kernel update which is rated as > Important .. so you should boot to that anyway: > https://lists.centos.org/pipermail/centos-announce/2016-February/021705.html > > Here is a good link to figure out what to