search for: system_r

Displaying 20 results from an estimated 279 matches for "system_r".

Did you mean: system_u
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...m git ("eebbb23 qemu: support URI syntax for NBD"). More detailed output is below, this is all from the host system. What do I miss? Thank you. [root at vpl2 ~]# tail /var/log/messages Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.sepol_context_to_sid: could not convert system_u:system_r:svirt_t:s0:c263,c837 to sid Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_record: user system_u is not defined Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_record: could not create context structure Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_str...
2007 May 30
2
Centos 5 OpenVPN / SElinux
...tem has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:10): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:pppd_t:s0 tclass=fd May 28 21:39:15 srsblnfw01 kernel: audit(1180381151.395:11): avc: denied { use } for pid=3012 comm="openvpn" name="null" dev=tmpfs ino=1396 scontext=system_u:system_r:openvpn_t:s0 tcontext=system_u:system_r:pppd_t:s0...
2014 Apr 23
1
SELInux and POSTFIX
...udit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1398199187.646:29333): avc: denied { read write...
2017 Apr 28
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...you confirm that you've > found one (or a minimal combination) of rules that is causing dovecot > to crash and log a backtrace. Here are the messages I got: type=AVC msg=audit(1493361695.041:49205): avc: denied { rlimitinh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0 tclass=process permissive=1 type=AVC msg=audit(1493361695.041:49205): avc: denied { siginh } for pid=3047 comm="cleanup" scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_cleanup_t:s0...
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
...39 /var/lib/asterisk/astdb.sqlite3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0...
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need
2012 Jan 13
1
SELinux and rsh+xauth
.../xauth nmerge - But when SELinux is in enforcing mode on Server, the commands fail with this message : bash: /usr/bin/xauth: Permission denied and /var/log/audit/audit.log shows the following errors : type=SELINUX_ERR msg=audit(1326381080.364:610): security_compute_sid: invalid context system_u:system_r:xauth_t:s0-s0:c0.c1023 for scontext=system_u:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xauth_exec_t:s0 tclass=process type=AVC msg=audit(1326381080.364:610): avc: denied { write } for pid=3487 comm="xauth" path="pipe:[21744]" dev=pipefs ino=21744 sconte...
2013 Apr 25
0
libvirt_lxc start problem when selinux enbale
Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6? 1. When selinux is Permissive?lxc start is ok The result of ?Ps auxZ? is? system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19219 0.3 0.0 19276 1532 ? Ss 15:26 0:00 /sbin/init system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19406 0.0 0.0 177444 1332 ?...
2013 Apr 25
0
答复: libvirt_lxc start problem when selinux enbale
...libvirt_lxc start problem when selinux enbale Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6? 1. When selinux is Permissive?lxc start is ok The result of ?Ps auxZ? is? system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19219 0.3 0.0 19276 1532 ? Ss 15:26 0:00 /sbin/init system_u:system_r:svirt_lxc_net_t:s0:c192,c392 root 19406 0.0 0.0 177444 1332 ?...
2006 Jun 07
1
Apache php and exim
Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159 comm="sendmail" capability=7 scontext=root:system_r:ht tpd_sys_script_t tcontext=root:system_r:httpd_sys_script_...
2008 Feb 29
1
error creating Centos 5.1 x32 dum_U instance on CentOS 5.1 x64
...mbli ~]# virsh start vm03 libvir: Xen Daemon error : POST operation failed: (xend.err "Error creating domain: Boot loader didn't return any data!") error: Failed to start domain vm03 /var/log/messages got filled with the following messages: stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: denied { sys_resource } for pid=2445 comm="xenstored" capability=24 scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59...
2017 Dec 17
0
Centos 7: avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" ....
How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service exe="/usr/lib/systemd/systemd" sauid=0 hostname=...
2013 Mar 27
1
silencing Passenger "ps" SELinux errors
Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir search unconfined...
2018 Oct 14
3
Centos7 & Selinux & Tor
...msg=audit(1539540150.692:60570): arch=c000003e syscall=2 success=no exit=-13 a0=562d3767da80 a1=20000 a2=0 a3=1 items=1 ppid=1 pid=18283 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="tor" exe="/usr/bin/tor" subj=system_u:system_r:tor_t:s0 key=(null) type=AVC msg=audit(1539540150.692:60570): avc: denied { dac_read_search } for pid=18283 comm="tor" capability=2 scontext=system_u:system_r:tor_t:s0 tcontext=system_u:system_r:tor_t:s0 tclass=capability type=AVC msg=audit(1539540150.692:60570): avc: denied { dac...
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
...c675 /dev/sdc brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdd brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sde brw-rw----. qemu qemu system_u:object_r:svirt_image_t:s0:c281,c675 /dev/sdf [root at srv-1.home ~]# ps axwZ | grep smart[d] system_u:system_r:fsdaemon_t:s0 1762 ? S 0:00 /usr/sbin/smartd -q never When I restarts smartd next messages appears in audit.log: [root at srv-1.home ~]# tail -F /var/log/audit/audit.log | grep type=AVC type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for pid=21321 comm="smar...
2009 Apr 16
0
SELinux errors on my CentOS 5.3 (32 bit) Desktop after upgrade from 5.2
...requested by nm-system-setti. It is not expected that this access is required by nm-system-setti and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Source Context:??system_u:system_r:system_dbusd_tTarget Context: system_u:system_r:system_dbusd_tTarget Objects:??None [ process ]Source:??nm-system-settiSource Path: /usr/sbin/nm-system-settingsPort:??<Unknown>Host: dell2400.homelanSource RPM Packages: NetworkManager-0.7.0-4.el5_3Target RPM Packages:??Policy RPM: selinux-poli...
2012 Mar 22
1
Does libvirt check MCS labels during hot-add disk image ?
...s. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c219,c564</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c219,c564</imagelabel> </seclabel> vm2 : <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c122,c658</labe...
2017 Sep 22
2
selinux prevents lighttpd from printing
...ss=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root suid=root fsuid=root egid=lighttpd sgid=lighttpd fsgid=lighttpd tty=(none) ses=unset comm=sendmail exe=/usr/sbin/exim subj=system_u:system_r:httpd_sys_script_t:s0 key=(null) type=AVC msg=audit(09/22/2017 12:08:29.911:1023) : avc: denied { setgid } for pid=19418 comm=sendmail capability=setgid scontext=system_u:system_r:httpd_sys_script_t:s0 tcontext=system_u:system_r:httpd_sys_script_t:s0 tclass=capability type=SYSCALL msg=audit(09...
2012 Feb 16
3
Baffled by selinux
...llowed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log: type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsg...