search for: unlabeled_t

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0 games unconfined_u:object_r:unlabeled_t:s0 sbin unconfined_u:object_r:unlabeled_t:s0 include unconfined_u:object_r:unlabeled_t:s0 share unconfined_u:object_r:unlabeled_t:s0 lib unconfined_u:object_r:unlabeled...

...py usr content with rsync to another partition: > > rsync -av --partial --progress /usr/ /mnt > > Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not > the directory itself). But I've found that is bad labeled: > > ls -Z /usr > unconfined_u:object_r:unlabeled_t:s0 bin > unconfined_u:object_r:unlabeled_t:s0 local > unconfined_u:object_r:unlabeled_t:s0 games > unconfined_u:object_r:unlabeled_t:s0 sbin > unconfined_u:object_r:unlabeled_t:s0 include > unconfined_u:object_r:unlabeled_t:s0 share > unconfined_u:object_r:unlabeled_t:s0 lib &g...

...root system_u:object_r:consoletype_exec_t:s0 monthly.0/f/sbin/consoletype -rwxr-xr-x. root root system_u:object_r:consoletype_exec_t:s0 monthly.1/f/sbin/consoletype -rwxr-xr-x. root root system_u:object_r:consoletype_exec_t:s0 monthly.1.new/f/sbin/consoletype -rwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 weekly.3/f/sbin/consoletype -rwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 weekly.3.new/f/sbin/consoletype # rm -f weekly.3.new/f/sbin/consoletype # rsync -aiSPHAX --link-dest $PWD/weekly.3/f/sbin/ weekly.3/f/sbin/ weekly.3.new/f/sbin/ # ls -li */f/sbin/consoletype 705305954 -rwxr-xr-x....

...nux: initialized (dev configfs, type configfs), not configured for labeling Oct 13 17:02:56 dblinux1 kernel: audit(1129237376.191:5): avc: denied { mount } for pid=14922 comm="mount" name="/" dev=configfs ino=70286 scontext=root:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Also have some errors of form: Oct 13 18:03:49 dblinux1 dbus: Can't send to audit system: USER_AVC pid=2587 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus And this one: Oct 13...

https://bugzilla.samba.org/show_bug.cgi?id=6546 Summary: lremovexattr problems Product: rsync Version: 3.0.6 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org ReportedBy: Dave@Yost.com QAContact:

I'm setting up a test VM network for myself. Is this a good forum for questions? For instance, I've just stumbled over SElinux type of /etc/machine-info. Type was unlabeled_t, not hostname_etc_t. I probably broke it by running virt-customize --hostname myhost.example.com without adding the option --selinux-relabel. Is this the kind of thing I can ping this mailing list about? Many thanks, Nick -- Nick Hardiman, RHCE Senior Consultant Red Hat <https://www.redha...

...rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED] src=10.10.10.1 dst=4.28.99.164 sport=69 dport=2071 mark=0 secctx=system_u:object_r:unlabeled_t:s0 use=2 But it appears that the replies from the client are still being blocked, e.g.: Oct 16 10:17:34 inferno kernel: [1841301.871809] Shorewall:dmz2loc:REJECT:IN=em2 OUT=em1 MAC=00:b0:d0:df:e3:1e:00:22:19:1d:0c:a4:08:00 SRC=4.28.99.164 DST=10.10.10.1 LEN=32 TOS=0x00 PREC=0x00 TTL=19 ID=17 P...

...ility to label files with labels which > > the kernel doesn't know about affects libguestfs negatively too. Is there > > some reason why it's bad? > > Well we could add a label to libguestfs to allow these labels. From > the running kernel point of view you end up with unlabeled_t. I think it's more complex with libguestfs because of the appliance, and because libguestfs normally runs with SELinux disabled inside the appliance. [Note to peanut gallery: libguestfs uses and endorses SELinux and sVirt to implement containment of qemu *in the host*. The above applie...

...pe unconfined_t; type semanage_t; type init_t; type system_cronjob_t; type mysqld_t; type syslogd_t; type apmd_t; type initrc_t; type postfix_local_t; type puppet_etc_t; type setfiles_t; type rpm_t; type unlabeled_t; type var_run_t; type kernel_t; type puppet_var_run_t; type puppet_var_lib_t; type auditd_t; type httpd_t; type rpm_var_lib_t; type postfix_cleanup_t; type postfix_master_t; type inetd_t; type udev_t; ty...

...ptables and ebtables), but one in particular prevents dhcp from getting an IP address: audit[509]: AVC avc: denied { read } for pid=509 comm="dhclient" name="ld.so.cache" dev="vda4" ino=4513574 scontext=system_u:system_r:dhcpc_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=0 I'm guessing that redoing the OS install of the image with updates enabled will fix this (and most/all of the other AVCs) 2) The virt-builder images are created using virt-install ..... --nographic which means that no video device is present during the OS i...

...f you want to fix the label. /etc/ssh/moduli default label should be etc_t. Then you can run restorecon. Do # /sbin/restorecon -v /etc/ssh/moduli <...> Additional Information: Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023 Target Context system_u:object_r:unlabeled_t:s0 Target Objects /etc/ssh/moduli [ file ] Source sshd Source Path /usr/sbin/sshd --------- Except: ls -laFZ /etc/ssh/moduli -rw-r--r--. root root system:object_r:etc_t:s0 /etc/ssh/moduli ls -laFZ /usr/sbin/sshd -rwxr-xr-x. root root...

...nprivileged user) /var/www/html/Centos/ is a symlink to /mnt/packages/Centos/ In the first case, I get : # ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t 6 and in the second case : $ ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:unlabeled_t:s0 6 Is this the expected behavior, or is there something I have missed ? -- Philippe Naudin UMR MISTEA : Math?matiques, Informatique et STatistique pour l'Environnement et l'Agronomie INRA, b?timent 29 - 2 place Viala - 34060 Montpellier cedex 2 t?l: 04.99.61.26.34, fax: 04.99...

...iby/MishnahBerurah-2015-12-18.amr File: ?biby/MishnahBerurah-2015-12-18.amr? Size: 2290374 Blocks: 4480 IO Block: 4096 regular file Device: 803h/2051d Inode: 136295 Links: 1 Access: (0664/-rw-rw-r--) Uid: ( 1000/ rgm) Gid: ( 1000/ rgm) Context: system_u:object_r:unlabeled_t:s0 Access: 2015-12-18 06:54:01.000000000 -0500 Modify: 2015-12-18 06:54:01.000000000 -0500 Change: 2015-12-23 13:56:57.273824913 -0500 Birth: - Notice the difference with Context. Wiaht is this httpd_user_content_t? Why on files I create on this system and not those I cp from a USB drive?...

This patch set adds XSM security labels to useful debugging output locations, and fixes some assumptions that all interrupts behaved like GSI interrupts (which had useful non-dynamic IDs). It also cleans up the policy build process and adds an example of how to use the user field in the security context. Debug output: [PATCH 01/10] xsm: Add security labels to event-channel dump [PATCH 02/10] xsm:

...s libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -R libguestfs: command: run: \ -Z /var/tmp/.guestfs-0 libguestfs: /var/tmp/.guestfs-0: libguestfs: drwxr-xr-x root root ? . libguestfs: drwxrwxrwt. root root system_u:object_r:unlabeled_t:s0 .. libguestfs: drwxr-xr-x root root ? appliance.d libguestfs: -rw-r--r-- root root ? lock libguestfs: libguestfs: /var/tmp/.guestfs-0/appliance.d: libguestfs: drwxr-xr-x root root ? . libguestfs: drwx...