search for: user_home_dir_t

....redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t nfs -o context=user_u:object_r:user_home_dir_t \ server001a:/vol/vol01/home /home $ ls -alZ /home drwxrwxr-x root root system_u:object_r:nfs_t . drwxr-xr-x root root system_u:object_r:root_t .. drwx------ fred users system_u:object_r:nfs_t fred drwx------ mike users s...

...on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert: Summary SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t) "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t). Detailed Description SELinux denied access requested by /usr/libexec/dovecot/deliver. It is not expected that this access is required by /usr/libexec/dovecot/deliver and this access may signal an intrusion attempt. It is also possible that the specific version or configuration...

...ivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all files system_u:object_r:mysqld_db_t:s0 /var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0 SELinux Local fcontext Equivalence ./mysql = ./mysql.old /var/lib/mysql = /var/lib/mysql.old mysql = ./mys...

...player\.so.* -- user_u:object_r:textrel_shlib_t:s0 /usr/local/[^/]*/((www)|(web)|(public_html))(/.+)? user_u:object_r:httpd_user_content_t:s0 /usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.* -- user_u:object_r:textrel_shlib_t:s0 /usr/local/[^/]* -d user_u:object_r:user_home_dir_t:s0 /usr/local/lost\+found/.* <<none>> /usr/local -d system_u:object_r:home_root_t:s0 /usr/local/\.journal <<none>> /usr/local/lost\+found -d system_u:object_r:lost_found_t:s0 I saw that /home and /root are there, since they are really home directori...

...d" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0 key=(null) # ls -aldZ /home/afarber/src (same result at both old and new VMs) drwxrwxr-x afarber afarber user_u:object_r:user_home_t /home/afarber/src # ls -aldZ /home/afarber/ drwx------ afarber afarber user_u:object_r:user_home_dir_t /home/afarber/ Does anybody please know a magic command here? Thank you Alex

...local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t; type sendmail_t; type sendmail_exec_t; type src_t; type tmp_t; type usr_t; type user_home_dir_t; type user_home_t; type var_log_t; class capability { sys_nice chown }; class file { append create execute execute_no_trans \ getattr ioctl link lock read rename setattr write unlink }; class dir { add_name getattr create read remove_name \...

I have a fesh install of CentOS release 6.6 on my laptop. I want to use a more secure config with /home crypted. But when this partition is mounted I cannot login anymore on my laptop. Only root can login. This occur at level 5 (graphic login) or 3 (text login). The message is "Cannot enter home directory. Using /." Logged as root I can create a new user (with useradd) and his home

...a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir { getattr search }; I changed the "dir" type to tmpfs_t and I could write with "\copy" but not with "copy". Anyway, what are the best practices to allow postgresql "copy to" a subdirector...

...ivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all files system_u:object_r:mysqld_db_t:s0 /var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0 SELinux Local fcontext Equivalence ./mysql = ./mysql.old /var/lib/mysql = /var/lib/mysql.old mysql = ./mys...

Hi, I have set-up dovecot on a F17 box and am encountering weirdnesses with SELinux (who isn't??). Again, I am trying to refrain from disabling SWLinux all together, however tempting, but am stuck in troubleshooting and hope for some ideas... With SELinux set to permissive, I can connect to dovecot and log in to access my mail as expected. With SELinux enforcing, I can connect to dovecot,

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

Hello to everyone on the list, I have upgraded my RHEL4 to RHEL5.1 yesterday (all updates have been applied to it as well). I used to have dovecot v0.99.11 on the old system. Everything was working fine. Now I have 5.1 and its respective dovecot v1.0.rc15. Upon upgrading to RHEL5.1, dovecot no longer works correctly. The first thing I did after rewriting the config file for the updated version,

Trying to get either avelsieve or server side filters to work with managesieve. Managesieve is running but whenever avelsieve or the server settings backend try to talk to it the same thing happens. So I guess it's really a problem with something about managesieve at this point. I hit the Message Filters option, it takes a long time for it to come back, though it finally just times out and

.../var/lib/mysql. Obviously not! semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql I still have the following equivalence: # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all files system_u:object_r:mysqld_db_t:s0 /var/lib/mysql(/.*)? all files system_u:object_r:mysqld_db_t:s0 SELinux Local fcontext Equivalence ./mysql = ./mysql.old mysql = ./mysql.old Should I be worried about t...

Hello, A server was configured in /var/lib/myslq in the root fs. I added a LV specifically for mysql. I stopped myql and renamed /var/lib/mysql to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/

Hello, I have asked on the postfix mailing list for a solution, how to encrypt incoming emails with public gpg key My original idea was to use a smtpd-milter, which would encrypt all incoming plaintext messages of given user, using the users public gpg key. This way, it would look as if the original sender has sent the message encrypted. Somebody suggested this might be better done in Dovecot,