search for: user_tmp_t

...$ mv /tmp/backup/* . $ find . -type d -exec chmod 0755 {} \; $ find . -type f -exec chmod 0644 {} \; When I wrote the article back in november 2017, this resulted in a classic "Forbidden" error, since the SELinux context of these files is not httpd_sys_content_t as it should be, but user_tmp_t. But when I try to repeat the experiment now, Apache shows no error. Which seems strange. Any idea what's going on ? Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : inf...

...me="TMPDIR" value="/var/tmp"/>\n </qemu:commandline>\n</domain>\n libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -Z /var/tmp/.guestfs-0 libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 . libguestfs: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .. libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 appliance.d libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 lock libguestfs: command: run: ls libguestfs: command: run: \ -a libgues...

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >

...when the guest is running, and we ought to try to keep them > updated if we can in v2v. There are various cases when, even of an enforcing system, labels are not kept up-to-date: $ getenforce Enforcing $ touch /tmp/test $ ls -lZ /tmp/test -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test $ mv /tmp/test ~/var/ $ ls -lZ ~/var/test -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test $ restorecon -v ~/var/test Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:ob...

...chedir = "/var/tmp" libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -R libguestfs: command: run: \ -Z /var/tmp/.guestfs-1001 libguestfs: /var/tmp/.guestfs-1001: libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 . libguestfs: drwxrwxrwt. root  root  system_u:object_r:tmp_t:s0       .. libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 appliance.d libguestfs: -rw-r--r--. stack stack unconfined_u:object_r:user_tmp_t:s0 lock libguestfs: -rw-rw-r--. stack stack unconfined_u:object_r:use...

v8: - split the big patch into several commits v7: - rebased because patch 1/3 has been pushed - changes to nsplit have been dropped (2/3) - addressed Richard's comments, notably the subfolder function was moved to mllib and renamed to subdirectory v6: - just rebase v5: - rebase, patches 1,3,5 were merged - 1/3: we still need to discuss whether to detect compressed discs - 2/3: -

..., 2020 at 12:39:02PM +0200, Pino Toscano wrote: ... > There are various cases when, even of an enforcing system, labels are > not kept up-to-date: > > $ getenforce > Enforcing > $ touch /tmp/test > $ ls -lZ /tmp/test > -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test > $ mv /tmp/test ~/var/ > $ ls -lZ ~/var/test > -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test > $ restorecon -v ~/var/test > Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tm...

...find . -type d -exec chmod 0755 {} \; > $ find . -type f -exec chmod 0644 {} \; > > When I wrote the article back in november 2017, this resulted in a > classic "Forbidden" error, since the SELinux context of these files is > not httpd_sys_content_t as it should be, but user_tmp_t. > > But when I try to repeat the experiment now, Apache shows no error. > Which seems strange. > > Any idea what's going on ? The tl;dr version of my last post is : Apache is not supposed to show static web pages with a user_tmp_t SELinux context. So why does it show them any...

...MASKLOG is not set # CONFIG_OCFS2_DEBUG_FS is not set CONFIG_OCFS2_FS_POSIX_ACL = y at least the attr (5) does not appear to work mount ....... dev/loop0 on / tmp/ocfs2 type ocfs2 (rw, user_xattr, acl, heartbeat = none) cd / tmp/ocfs2 touch xx setfattr-n security.selinux-v unconfined_u: object_r: user_tmp_t: s0 xx setfattr: xx: Operation not supported Thanks in advance -------------- next part -------------- An HTML attachment was scrubbed... URL: http://oss.oracle.com/pipermail/ocfs2-users/attachments/20100303/5dc81009/attachment.html

...mu:commandline>\n</domain>\n libguestfs: command: run: ls libguestfs: command: run: \ -a libguestfs: command: run: \ -l libguestfs: command: run: \ -R libguestfs: command: run: \ -Z /var/tmp/.guestfs-0 libguestfs: /var/tmp/.guestfs-0: libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 . libguestfs: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 .. libguestfs: drwxr-xr-x root root ? appliance.d libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 lock libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 qemu.devices libguestfs: -rw-r-...

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

..._t:s0 SRC/* ls -Z SRC -rw-r--r--. root root system_u:object_r:lib_t:s0 file lrwxrwxrwx. root root system_u:object_r:lib_t:s0 link -> file mkdir TGT rsync -aHAXx SRC/ TGT ls -Z TGT -rw-r--r--. root root system_u:object_r:lib_t:s0 file lrwxrwxrwx. root root unconfined_u:object_r:user_tmp_t:s0 link -> file This seems to have been a deliberate change in rsync: commit 9d6fe1a6f0233c7567dfb114835751aff85a578b Author: Wayne Davison <wayned at samba.org> Date: Mon Jan 3 11:07:47 2011 -0800 Avoid reading ACL/xattr info on filetypes not being copied. Make Linux avoid xa...

...est-tool pauses when you use --help option https://bugzilla.redhat.com/876579 mke2fs API does not apply block device naming translation to journaldevice optarg https://bugzilla.redhat.com/860235 SELinux policy ought to allow qemu to write to unconfined_u:object_r:user_tmp_t:s0 https://bugzilla.redhat.com/859949 RFE: inspect-list-applications does not return the architecture of RPM packages https://bugzilla.redhat.com/859885 inspect-list-applications does not list all installed RPM packages with same name and different versions...

I'm in a situation here at work where I'm trying to support a mixed network of OS X and RHEL desktop machines with a Postfix/Dovecot combination. - user account information is stored in LDAP - user credentials are in MIT Kerberos - server is running RHEL 6/Dovecot 2.0.9/Postfix 2.6.6 I am currently using the PAM passdb module to authenticate my users (I began to have trouble