search for: user_home_t

Displaying 20 results from an estimated 34 matches for "user_home_t".

2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
...permissive (or turned off altogether). This problem does not evidence itself unless the account is chrooted. The output from audit2allow is this: sudo audit2allow -l -a #============= chroot_user_t ============== allow chroot_user_t cyphesis_port_t:tcp_socket name_connect; allow chroot_user_t user_home_t:chr_file open; #============= syslogd_t ============== #!!!! The source type 'syslogd_t' can write to a 'dir' of the following types: # var_log_t, var_run_t, syslogd_tmp_t, syslogd_var_lib_t, syslogd_var_run_t, innd_log_t, device_t, tmp_t, logfile, cluster_var_lib_t, cluster_var_ru...
2023 Mar 22
1
[libnbd PATCH v4 0/2] lib/utils: introduce async-signal-safe execvpe()
...ss for now by executing: > # ausearch -c 'bash' --raw | audit2allow -M my-bash > # semodule -X 300 -i my-bash.pp > > > Additional Information: > Source Context system_u:system_r:container_t:s0:c62,c364 > Target Context unconfined_u:object_r:user_home_t:s0 > Target Objects /usr/lib/libreadline.so.8.2 [ file ] > Source bash > Source Path /bin/bash > Port <Unknown> > Host <Unknown> > Source RPM Packages ba...
2023 Mar 22
1
[libnbd PATCH v4 0/2] lib/utils: introduce async-signal-safe execvpe()
On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal
2018 Jan 23
2
[Bug 13241] New: A problem with test for xattrs transfer
...e rsync -aiX --fake-super --link-dest=../chk . ../to with this result: --- omitted --- user.dir1="need to test directory xattrs too" user.dir2="another xattr" user.dir3="this is one last one for the moment" +user.rsync.security.selinux="unconfined_u:object_r:user_home_t:s0" --- omitted --- for basically every file. This only happens when the --fake-super option is on. For instance line rsync-3.1.2/rsync -aiX -H --super --link-dest=../chk . ../to is not affected. Looking at the xls() method in the test, it uses 'getfattr -d'. The original files...
2020 Jun 24
0
Re: [PATCH libguestfs-common 2/2] mlcustomize: Fall back to autorelabel if specfile does not exist (RHBZ#1828952).
...labels when selinux is set to either permissive or disabled. I wasn't able to find any definitive information on this, but testing by creating a new file in my home directory showed: SELINUX=enforcing: $ rm -f test $ touch test $ ls -lZ test -rw-rw-r--. 1 rjones rjones unconfined_u:object_r:user_home_t:s0 0 Jun 24 09:48 test permissive: -rw-rw-r--. 1 rjones rjones unconfined_u:object_r:user_home_t:s0 0 Jun 24 09:49 test disabled: -rw-rw-r-- 1 rjones rjones ? 0 Jun 24 09:54 test Anyway I think we at least need to treat enforcing and permissive the same way. Rich. -- Richard Jones, Virtualiza...
2014 Mar 14
3
[Bug 10496] New: --itemize-changes always reports xattr changes with --xattrs --fake-super
https://bugzilla.samba.org/show_bug.cgi?id=10496 Summary: --itemize-changes always reports xattr changes with --xattrs --fake-super Product: rsync Version: 3.1.1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P5 Component: core AssignedTo: wayned at
2008 Jun 06
1
SELinux error message on CentOS 5: "multiple same specifications"
...t+found or .journal there, so I guess those are really innocuous.) I dug in deeper and I found out that the source of the problem is most probably in this file: /etc/selinux/targeted/contexts/files/file_contexts.homedirs Among its contents are these lines: /usr/local/[^/]*/.+ user_u:object_r:user_home_t:s0 /usr/local/[^/]*/.*/plugins/nprhapengine\.so.* -- user_u:object_r:textrel_shlib_t:s0 /usr/local/[^/]*/.*/plugins/libflashplayer\.so.* -- user_u:object_r:textrel_shlib_t:s0 /usr/local/[^/]*/((www)|(web)|(public_html))(/.+)? user_u:object_r:httpd_user_content_t:s0 /usr/local/[^/]*/\.mozill...
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...ep 24 12:26 /tmp/test $ mv /tmp/test ~/var/ $ ls -lZ ~/var/test -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test $ restorecon -v ~/var/test Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:object_r:user_home_t:s0 $ ls -lZ ~/var/test -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_home_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test Considering that /tmp is a general location for temporary files, it's common that files may end with a tmp_t-alike label when moved back to the destination place...
2011 Apr 25
2
Samba can't access dir - SELinux problem?
...auid=500 uid=500 gid=0 euid=500 suid=0 fsuid=500 egid=500 sgid=0 fsgid=500 tty=(none) ses=2 comm="smbd" exe="/usr/sbin/smbd" subj=user_u:system_r:smbd_t:s0 key=(null) # ls -aldZ /home/afarber/src (same result at both old and new VMs) drwxrwxr-x afarber afarber user_u:object_r:user_home_t /home/afarber/src # ls -aldZ /home/afarber/ drwx------ afarber afarber user_u:object_r:user_home_dir_t /home/afarber/ Does anybody please know a magic command here? Thank you Alex
2020 May 18
2
Re: [PATCH libguestfs-common 2/2] mlcustomize: Fall back to autorelabel if specfile does not exist (RHBZ#1828952).
On Tuesday, 5 May 2020 17:44:15 CEST Richard W.M. Jones wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c2 I think we need to do a different approach than this patch. The biggest thing is that currently we check only SELINUXTYPE for the actual policy, however we do not check SELINUX in case SELinux is in enforcing mode at all. IMHO we rather need to read
2020 Sep 24
2
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...; $ mv /tmp/test ~/var/ > $ ls -lZ ~/var/test > -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test > $ restorecon -v ~/var/test > Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:object_r:user_home_t:s0 > $ ls -lZ ~/var/test > -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_home_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test That's definitely a weird thing. Bug maybe? > Considering that /tmp is a general location for temporary files, it's > common that files may...
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
...master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t; type sendmail_t; type sendmail_exec_t; type src_t; type tmp_t; type usr_t; type user_home_dir_t; type user_home_t; type var_log_t; class capability { sys_nice chown }; class file { append create execute execute_no_trans \ getattr ioctl link lock read rename setattr write unlink }; class dir { add_name getattr create read remove_name \ rename write search seta...
2014 Jan 02
12
[Bug 10357] New: make check fails for xattr tests
https://bugzilla.samba.org/show_bug.cgi?id=10357 Summary: make check fails for xattr tests Product: rsync Version: 3.0.9 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: core AssignedTo: wayned at samba.org ReportedBy: psimerda at redhat.com
2019 Oct 25
0
ls permissions format changed in CentOS 8
...00:02 foo [adalloz at centos8 ~]$ LANG=C stat foo File: foo Size: 0 Blocks: 0 IO Block: 4096 regular empty file Device: fd02h/64770d Inode: 788575 Links: 1 Access: (0600/-rw-------) Uid: ( 1000/ adalloz) Gid: ( 1000/ adalloz) Context: unconfined_u:object_r:user_home_t:s0 Access: 2019-10-26 00:02:37.707079231 +0200 Modify: 2019-10-26 00:02:37.707079231 +0200 Change: 2019-10-26 00:04:26.920196480 +0200 Birth: - Not sure what you were doing. Alexander
2007 Jun 10
1
Problems with UserDir directive on CentOS 5
Hi, I'm currently setting up a local LAMP server to test various apps. Starting from the out-of-the-box configuration of Apache, I test it, and it's OK: http://localhost shows Apache's default page OK in Firefox. Now I edit /etc/httpd/conf/httpd.conf and replace 'UserDir disabled' by 'UserDir public_html'. I restart Apache. Then, as a normal user (kikinovak): $
2019 Jun 06
1
memory leak in vhost_net_ioctl
...> udit: type=1400 audit(1559768703.229:36): avc: denied { map } for > pid=7116 comm="syz-executor330" path="/root/syz-executor330334897" > dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > executing program > executing program > BUG: memory leak > unreferenced object 0xffff88812421fe40 (size 64): > comm "syz-executor330", pid 7117, jiffies 4294949245 (age 13.030s) > hex dump (first 32 bytes): > 01 00 00 00 20 69...
2019 Jun 06
1
memory leak in vhost_net_ioctl
...> udit: type=1400 audit(1559768703.229:36): avc: denied { map } for > pid=7116 comm="syz-executor330" path="/root/syz-executor330334897" > dev="sda1" ino=16461 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 > executing program > executing program > BUG: memory leak > unreferenced object 0xffff88812421fe40 (size 64): > comm "syz-executor330", pid 7117, jiffies 4294949245 (age 13.030s) > hex dump (first 32 bytes): > 01 00 00 00 20 69...
2016 Jan 13
0
Re: [libvirt] Quantifying libvirt errors in launching the libguestfs appliance
...any operation from now on fails, we need to ask the caller to * restore labels. Which is right after selinux labels are set on VM startup. This is then easy to reproduce with: virsh start kernel1 (sleeps) virsh start kernel2 && virsh destroy kernel2 The shared vmlinuz is reset to user_home_t after kernel2 is shut down, so kernel1 fails to start after the patch's timeout When we detect similar issues with <disk> devices, like when the media already has the expected label, we encode 'relabel=no' in the disk XML, which tells libvirt not to run restorecon on the disks pa...
2018 Mar 19
0
get_user_pages returning 0 (was Re: kernel BUG at drivers/vhost/vhost.c:LINE!)
..._t:s0 tclass=file permissive=1 audit: type=1400 audit(1521377077.866:7): avc: denied { map } for pid=4228 comm="syzkaller050160" path="/root/syzkaller050160487" dev="sda1" ino=16481 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 ------------[ cut here ]------------ kernel BUG at drivers/vhost/vhost.c:1655! invalid opcode: 0000 [#1] SMP KASAN Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: CPU: 1 PID: 4228 Comm: syzkaller050160 Not tainted 4.16.0-rc5+ #357 Hardware name: Google...