search for: unconfined_r

...nage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now seeing in /var/log/audit/audit.log : type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sg...

...roblem appears on a modified CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and I'm not able to understand them. From audit2why : type=AVC msg=audit(1343724164.898:298772): avc: denied { mac_admin } for pid=12399 comm="restore" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 ... and from audit2allow : #============= unconfined_t ============== allow unconfined_t self:capability2 mac_admin; I don't know what triggers these records in /var/log/audit (everyt...

...n you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep wine-preloader /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:wine_t:s0-s0:c0.c1023 Target Objects [ memprotect ] Source wine-preloader Source Path wine-preloader Port <Unknown> Host...

...beling MLS/ MLS/ SELinux User Prefix MCS Level MCS Range SELinux Roles git_shell_u user s0 s0 git_shell_r guest_u user s0 s0 guest_r root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r sysadm_u user s0 s0-s0:c0.c1023 sysadm_r system_u user s0 s0-s0:c0.c1023 system_r unconfined_r unconfined_u user s0 s0-s0:c0.c1023...

...** *semanage user -l* * Labeling MLS/ MLS/ * *SELinux User Prefix MCS Level MCS Range SELinux Roles* *guest_u user s0 s0 guest_r* *root user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *staff_u user s0 s0-s0:c0.c1023 staff_r sysadm_r system_r unconfined_r* *sysadm_u user s0 s0-s0:c0.c1023 sysadm_r* *system_u user s0 s0-s0:c0.c1023 system_r unconfined_r* *unconfined_u user s0 s0-s0:c0.c1023 syste...

...Thanks Daniel! One note, when I first ran that (using sudo), I received the following SELinux denials: type=AVC msg=audit(1374507059.429:625): avc: denied { transition } for pid=8600 comm="virsh" path="/usr/bin/bash" dev="dm-3" ino=1842877 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1374507059.429:625): arch=x86_64 syscall=execve success=no exit=EACCES a0=7f87443a7a30 a1=7f87444287e0 a2=7fff38cd3c40 a3=8 items=0 ppid=0 pid=8600 auid=1000 uid=0 gid=0 euid=...

...12049 [root at centos6-paas-dev ~]# netstat -pnaevZ Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name Security Context ... tcp 0 0 10.10.10.205:12049 0.0.0.0:* LISTEN 505 224898 9331/gotour fined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [appengine at centos6-paas-dev gotour]$ getenforce Permissive Any ideas? -- - EJR

Hello everyone, I have a question about logging. I need to find out whether it is possible to see user id/session id inside logs or somewhere else. It is not passed in structured across the network, so where should I look to find out, which user (which session) is currently performing the actions?

...t; id : 1 > connection_time: 2018-04-12 09:53:46+0200 > transport : unix > readonly : no > unix_user_id : 1000 > unix_user_name : eskultet > unix_group_id : 1001 > unix_group_name: eskultet > unix_process_id: 19053 > selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > Regards, > Erik >

...0, with PID 5831 21:48:08.345: 5830: debug : virCommandRun:1870 : Result status 0, stdout: '(null)' stderr: '(null)' --------------------------------- [eucalyptus at hp-a ~]$ id uid=501(eucalyptus) gid=501(eucalyptus) groups=501(eucalyptus),0(root),502(libvirt) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ------------------------------------------------------------- Thanks John -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20120309/65f7330c/attachment.htm>

Warning - I'm fairly new to libvirt, lxc and systemd so there is a good chance I'm doing something terribly wrong here. However, instead of continuing to struggle, I figured I would mail the list for some advice. What I'm trying to accomplish is a libvirt-lxc, systemd-based container running on my system (Fedora 19). I've read that sharing the underlying OS filesystem with

...-admin client-info --server libvirtd --client 1 id : 1 connection_time: 2018-04-12 09:53:46+0200 transport : unix readonly : no unix_user_id : 1000 unix_user_name : eskultet unix_group_id : 1001 unix_group_name: eskultet unix_process_id: 19053 selinux_context: unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 Regards, Erik

These commands let you set and get the SELinux context of the daemon and all operations in the API and processes run from the daemon: $ ./fish/guestfish --ro -a /dev/mapper/vg_trick-F11x64 \ selinux 1 : \ run : \ mount /dev/vg_f11x64/lv_root / : \ sh "/usr/sbin/load_policy" : \ getcon : \ setcon "system_u:system_r:unconfined_t:s0" : \ getcon

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

...x86_64 x86_64 GNU/Linux CentOS Linux release 7.4.1708 (Core) I'm not sure if its valid to ask CFEngine questions on this mailing list, but as far as I'm running on CentOS I hope that it is okay. I'm logged in as user # id uid=0(root) gid=0(root) Gruppen=0(root) Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 and working on directory # pwd /var/cfengine/inputs with software # cf-agent -V CFEngine Core 3.10.2 and the configuration file # cat ./info.cf bundle agent info { vars: any:: "info_list" slist => { "includes.dir .............

...se 7.4.1708 (Core) > > I'm not sure if its valid to ask CFEngine questions on this mailing list, but > as far as I'm running on CentOS I hope that it is okay. > > I'm logged in as user > > # id > uid=0(root) gid=0(root) Gruppen=0(root) > Kontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 > > and working on directory > > # pwd > /var/cfengine/inputs > > with software > > # cf-agent -V > CFEngine Core 3.10.2 > > and the configuration file > > # cat ./info.cf > bundle agent info > { > vars: > any::...

...e% Mounted on //rhce1/samba 11G 4.5G 5.8G 44% /mnt/samba [user2 at server2 samba]$ touch file [user2 at server2 samba]$ ls -al file -rw-rw----. 1 *user3* samba 0 May 22 15:52 file [user2 at server2 samba]$ id uid=2010(user2) gid=2010(user2) groups=2010(user2),6666(samba) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [user2 at server2 samba]$ any ideas? regards, Jason

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the

...properly before had SELinux disabled. When I look at the audit log this is what I found: type=AVC msg=audit(1450562436.438:2148162): avc: denied { entrypoint } for pid=17881 comm="sshd" path="/usr/sbin/mkhomedir_helper" dev="vda1" ino=1048040 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:oddjob_mkhomedir_exec_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. So I just created the selinu...