search for: unconfined_u

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0 games unconfined_u:object_r:unlabeled_t:s0 sbin unconfined_u:object_r:unlabeled_t:s0 include unconfined_u:object_r:unlabeled_t:s0 share unconfined_u:object_r:unlabeled_t:s0 lib unconfined...

...audit.log | audit2allow -M mypol # semodule -i mypol.pp grep 546AA6099F /var/log/audit/audit.log | audit2why type=AVC msg=audit(1398199187.646:29332): avc: denied { getattr } for pid=23387 comm="smtp" path="/var/spool/postfix/active/546AA6099F" dev=dm-0 ino=395679 scontext=unconfined_u:system_r:postfix_smtp_t:s0 tcontext=unconfined_u:object_r:postfix_spool_maildrop_t:s0 tclass=file Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1398199187.646:29333): avc: denied { re...

...nldap for authentifcation) and things and somewhat working. There is a bit of weirdness though. smbclient is only able to access *directories* and not any of the files. Why is that? What am I missing? Here is a log of a test run: [heller at c764guest: ~]$ ls -lZAn total 8424 -rw-------. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 30 Jan 10 2016 .bash_history -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 18 Nov 20 2015 .bash_logout -rw-r--r--. 1 unconfined_u:object_r:home_root_t:s0 1000 1000 193 Nov 20 2015 .bash_profile -rw-r--r--. 1 unconfined_u:object_r:...

.... root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_rsa_key -rw-------. root root unconfined_u:object_r:sshd_key_t:s0 ssh_host_rsa_key_4096 -rw-r--r--. root root unconfined_u:object_r:sshd_key_t:s0 ssh_host_rsa_key_4096.pub -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_rsa_key.pub As it seems odd, to me, that all the other files had a system_u user while the new had unconf...

.../usr/share/zoneinfo/Africa/Bissau but on server side: rsync: rsync_xal_clear: lremovexattr("usr/share/zoneinfo/Africa/.Bissau.WaE4wj","security.selinux") failed: Permission denied (13) and server# ls -laZ /BACKUP/usr/share/zoneinfo/Africa/Bissau -rw-r--r--. root root unconfined_u:object_r:locale_t:s0 usr/share/zoneinfo/Africa/Bissau the local (server) destination is mounted like: server# cat /proc/mounts |grep BACKUP /dev/sdc1 /BACKUP ext3 rw,seclabel,nosuid,nodev,noatime,nodiratime,errors=continue,acl,barrier=1,data=ordered 0 0 this partition comes from the former syst...

...e following: > - Copy usr content with rsync to another partition: > > rsync -av --partial --progress /usr/ /mnt > > Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not > the directory itself). But I've found that is bad labeled: > > ls -Z /usr > unconfined_u:object_r:unlabeled_t:s0 bin > unconfined_u:object_r:unlabeled_t:s0 local > unconfined_u:object_r:unlabeled_t:s0 games > unconfined_u:object_r:unlabeled_t:s0 sbin > unconfined_u:object_r:unlabeled_t:s0 include > unconfined_u:object_r:unlabeled_t:s0 share > unconfined_u:object_r:...

Hello, can any tell me the correct selinux Settings for the Maildir Setting ? in the Moment I have this setting Jan 8 15:04:52 2017 from 192.168.100.100 [root at mx03 ~]# ls -Z /srv/vmail drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 eu-example.at drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example1.com -rw-rw----. vmail vmail unconf...

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 dir search u...

...html and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still can't start httpd. Not sure what to make of the audit log: type=AVC msg=audit(1329395502.678:61926): avc: denied { search } for pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL msg=audit(1329395502.678:61926): arch=c000003e syscall=4 success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 s...

Am 24.10.2016 um 23:44 schrieb Gordon Messmer <gordon.messmer at gmail.com>: > On 10/24/2016 09:53 AM, Leon Fauster wrote: >> Any suggestions to avoid the default labeling "unconfined_u:object_r:locale_t:s0"? > > > Not off the top of my head. I think you need to either a) not try to preserve the labels or b) run the backup as a user which can manage labels. What is the rsync command you are currently using, and what user does rsync run as on the backup server?...

...r When I restarts smartd next messages appears in audit.log: [root at srv-1.home ~]# tail -F /var/log/audit/audit.log | grep type=AVC type=AVC msg=audit(1357993548.964:8529): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdc" dev=devtmpfs ino=6327 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c281,c675 tclass=blk_file type=AVC msg=audit(1357993548.965:8530): avc: denied { getattr } for pid=21321 comm="smartd" path="/dev/sdd" dev=devtmpfs ino=6321 scontext=unconfined_u:system_r:fsdaemon_t:s0 tcontex...

...mand: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now seeing in /var/log/audit/audit.log : type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 scontext=unconfined_u:unconfined_r:xauth_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:home_root_t:s0 tclass=dir type=SYSCALL msg=audit(1385112688.399:67769): arch=c000003e syscall=2 success=no exit=-13 a0=7fffdecf5c60 a1=c1 a2=180 a3=8 items=0 ppid=8217 pid=8218 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500...

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

...e3 > > > [root at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=&quot...

...noticed this in /var/log/secure -------------------- Nov 1 15:06:58 host httpd: PAM audit_open() failed: Permission denied This is the entry from the audit log... ---------------- type=AVC msg=audit(1320178016.209:919): avc: denied { create } for pid=22689 comm="unix_chkpwd" scontext=unconfined_u:system_r:httpd_t:s0 tcontext=unconfined_u:system_r:httpd_t:s0 tclass=netlink_audit_socket type=SYSCALL msg=audit(1320178016.209:919): arch=c000003e syscall=41 success=no exit=-13 a0=10 a1=3 a2=9 a3=7fff23386470 items=0 ppid=20102 pid=22689 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgi...

...the file and everything seems normal. I then checked audit2why and got this: audit2allow: error: no such option: -- [root at inet08 opendkim]# audit2why -l -a type=AVC msg=audit(1399898848.286:2317): avc: denied { dac_read_search } for pid=15213 comm="opendkim" capability=2 scontext=unconfined_u:system_r:dkim_milter_t:s0 tcontext=unconfined_u:system_r:dkim_milter_t:s0 tclass=capability Was caused by: Missing type enforcement (TE) allow rule. You can use audit2allow to generate a loadable module to allow this access. type=AVC msg=audit(1399898848.286:2317): avc: denied { dac_overri...

...he moment, which isn''t really a big problem, but an untidy annoyance really, and I''d just like to understand what the best practice might be when dealing with the issue. As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load of its initial files also as unconfined_u, Puppet goes and resets them all to system_u which is what they should be when checking matchpathcon: The thing is, because the service is started as unconfined_u, any databases/tables that are created are g...

On 02/09/2015 11:14 AM, James B. Byrne wrote: > So, I decided to run restorecon -v to > presumably set the SELinux user correctly for the new keys: But that > is not what happened: > > restorecon -v * > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096.pub context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > As you can see, not only did the user not get set to system_u but the > type was c...

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at prio...

...:35 ./ drw-------. 6 user group 35864Jun 10 03:35 ../ drw-------. 6 user group 4096 Jun 10 03:35 2004/ -rw-------. 6 user group 155296 Jun 10 03:35 2014_10_Jun_learned_spam -rw-------. 6 user group 996584 Jun 10 03:35 2014_10_Jun_learned_ham also as root: ls -laZlearned drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0. drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s0.. drw-------. 6 user group unconfined_u:object_r:mail_spool_t:s02004 -rw-------. 6 user group system_u:object_r:mail_spool_t:s02014_10_Jun_learned_spam -rw-------. 6 user group system_u:object_r:mail_spool_t:s0...