search for: user_avc

How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=syst...

Centos 4.2 Dec 29 10:04:10 z9m9z dbus: Can't send to audit system: USER_AVC pid=1997 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Dec 29 10:04:45 z9m9z last message repeated 7 times Dec 29 10:05:50 z9m9z last message repeated 13 times Dec 29 10:06:55 z9m9z last message repeated 1...

...g/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t tcontext=root:object_r:root_t tclass=dir Nov 12 00:48:59 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 12 00:49:04 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user...

...workstation. Before anyone tells me off for installing everything, I have done this in order to get used to CentOS before using it on live servers. Anyway when I log into X (gnome, gdm) I start getting the following in /var/log/messages Nov 30 12:47:39 needme dbus: Can't send to audit system: USER_AVC pid=2916 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Nov 30 12:48:10 needme last message repeated 7 times Nov 30 12:48:12 needme gconfd (MYUSERNAME-3780): Resolved address "xml:readwrite:/ho...

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus- daemon-1 --system root 1...

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

....191:5): avc: denied { mount } for pid=14922 comm="mount" name="/" dev=configfs ino=70286 scontext=root:system_r:initrc_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem Also have some errors of form: Oct 13 18:03:49 dblinux1 dbus: Can't send to audit system: USER_AVC pid=2587 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus And this one: Oct 13 17:46:36 dblinux1 kernel: OCFS2 Node Manager 1.0.7 Wed Oct 12 13:18:42 PDT 2005 (build 6cb35edfedddf6b4d606b95f2579cb39)...

On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log

...gt; Thanks! I?m guessing I?m supposed to use ausearch to search for something, and > I don?t know what to search for. > > So far, lighttpd can not print and can not send emails (using MIME::Lite) unless > selinux is permissive. Using > > 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' > > , I only get > > > type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf > type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 syscall=open success=no exit=EACCE...

...search to search for something, and >>> I don?t know what to search for. >>> >>> So far, lighttpd can not print and can not send emails (using MIME::Lite) unless >>> selinux is permissive. Using >>> >>> 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' >>> >>> , I only get >>> >>> >>> type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf >>> type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559)...

...cb8a00425a048152113b7a7dc14f1b Thanks! I?m guessing I?m supposed to use ausearch to search for something, and I don?t know what to search for. So far, lighttpd can not print and can not send emails (using MIME::Lite) unless selinux is permissive. Using 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' , I only get type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64 syscall=open success=no exit=EACCES(Permission denied) a0=0x5...

I'm seeing this in /var/log/messages: Oct 7 20:46:25 centos dbus: Can't send to audit system: USER_AVC avc: received setenforce notice (enforcing=0) : exe="?" (sauid=81, hostname=?, addr=?, terminal=?) Some googling suggested this was due to a policy issue a year ago, but I'm seeing it with selinux-policy-targeted-2.4.6-30.el5. I've got a game server program (Enemy Territory Q...

The nVidia driver is running right, but now when I try to select some screensavers, like Anemotaxis, X restarts. /var/log/Xorg.0.log.old show it aborting on a signal 11... These 3 (now wrapped) lines show up in the system log... Apr 12 15:45:51 hack-f dbus: Can't send to audit system: USER_AVC pid=10939 uid=500 loginuid=-1 message=avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Apr 12 15:45:52 hack-f gdm[10665]: gdm_slave_xioerror_handler: Fatal X error - Restarting :0 Apr 12 15:45:52 hack-f gdm(pam_unix)[10665]: session closed for user dw49 Hmmm... time to dig fur...

...e ausearch to search for >> something, and >> I don?t know what to search for. >> >> So far, lighttpd can not print and can not send emails (using >> MIME::Lite) unless >> selinux is permissive. Using >> >> 'ausearch -c "httpd" -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -i' >> >> , I only get >> >> >> type=PROCTITLE msg=audit(09/21/2017 14:08:40.569:559) : >> proctitle=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf >> type=SYSCALL msg=audit(09/21/2017 14:08:40.569:559) : arch=x86_64...

...r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be getting hundreds of AVC's a day. > > ausearch -m avc,user_avc -ts today > > On 12/02/2014 05:08 AM, John Beranek wrote: > > I'll jump in here to say we'll try your suggestion, but I guess what's > not > > been mentioned is that we get the setroubleshoot abrt's only a few times > a > > day, but we're getting 10...

...John > > > > On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > > > >> Could you send me a copy of your audit.log. > >> > >> You should not be getting hundreds of AVC's a day. > >> > >> ausearch -m avc,user_avc -ts today > >> > >> On 12/02/2014 05:08 AM, John Beranek wrote: > >>> I'll jump in here to say we'll try your suggestion, but I guess what's > >> not > >>> been mentioned is that we get the setroubleshoot abrt's only a few > time...

Could you send me a copy of your audit.log. You should not be getting hundreds of AVC's a day. ausearch -m avc,user_avc -ts today On 12/02/2014 05:08 AM, John Beranek wrote: > I'll jump in here to say we'll try your suggestion, but I guess what's not > been mentioned is that we get the setroubleshoot abrt's only a few times a > day, but we're getting 10000s of setroubleshoot messages in...

...on to Dan. > > Cheers, > > John > > On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > >> Could you send me a copy of your audit.log. >> >> You should not be getting hundreds of AVC's a day. >> >> ausearch -m avc,user_avc -ts today >> >> On 12/02/2014 05:08 AM, John Beranek wrote: >>> I'll jump in here to say we'll try your suggestion, but I guess what's >> not >>> been mentioned is that we get the setroubleshoot abrt's only a few times >> a >>> day,...

I'll jump in here to say we'll try your suggestion, but I guess what's not been mentioned is that we get the setroubleshoot abrt's only a few times a day, but we're getting 10000s of setroubleshoot messages in /var/log/messages a day. e.g. Dec 2 10:03:55 server audispd: queue is full - dropping event Dec 2 10:04:00 server audispd: last message repeated 199 times Dec 2