Displaying 14 results from an estimated 14 matches for "user_tmp_t".
2019 Jan 30
2
SELinux policy vs. static web content
...$ mv /tmp/backup/* .
$ find . -type d -exec chmod 0755 {} \;
$ find . -type f -exec chmod 0644 {} \;
When I wrote the article back in november 2017, this resulted in a
classic "Forbidden" error, since the SELinux context of these files is
not httpd_sys_content_t as it should be, but user_tmp_t.
But when I try to repeat the experiment now, Apache shows no error.
Which seems strange.
Any idea what's going on ?
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'?glise - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : inf...
2015 Sep 11
1
libguestfs failure
...me="TMPDIR" value="/var/tmp"/>\n </qemu:commandline>\n</domain>\n
libguestfs: command: run: ls
libguestfs: command: run: \ -a
libguestfs: command: run: \ -l
libguestfs: command: run: \ -Z /var/tmp/.guestfs-0
libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 .
libguestfs: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 ..
libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0
appliance.d
libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 lock
libguestfs: command: run: ls
libguestfs: command: run: \ -a
libgues...
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote:
> Do not attempt to relabel a guest in case its SELinux enforcing mode is
> not "enforcing", as it is either pointless, or it may fail because of an
> invalid policy configured.
> ---
> mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++-
> 1 file changed, 25 insertions(+), 1 deletion(-)
>
2020 Sep 24
0
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
...when the guest is running, and we ought to try to keep them
> updated if we can in v2v.
There are various cases when, even of an enforcing system, labels are
not kept up-to-date:
$ getenforce
Enforcing
$ touch /tmp/test
$ ls -lZ /tmp/test
-rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test
$ mv /tmp/test ~/var/
$ ls -lZ ~/var/test
-rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test
$ restorecon -v ~/var/test
Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tmp_t:s0 to unconfined_u:ob...
2017 Oct 16
2
Elias Hickman's libguestfs dump
...chedir = "/var/tmp"
libguestfs: command: run: ls
libguestfs: command: run: \ -a
libguestfs: command: run: \ -l
libguestfs: command: run: \ -R
libguestfs: command: run: \ -Z /var/tmp/.guestfs-1001
libguestfs: /var/tmp/.guestfs-1001:
libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 .
libguestfs: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 ..
libguestfs: drwxr-xr-x. stack stack unconfined_u:object_r:user_tmp_t:s0 appliance.d
libguestfs: -rw-r--r--. stack stack unconfined_u:object_r:user_tmp_t:s0 lock
libguestfs: -rw-rw-r--. stack stack unconfined_u:object_r:use...
2017 Feb 04
8
[PATCH v8 0/4] Import directly from OVA tar archive if possible
v8:
- split the big patch into several commits
v7:
- rebased because patch 1/3 has been pushed
- changes to nsplit have been dropped (2/3)
- addressed Richard's comments, notably the subfolder function was moved to
mllib and renamed to subdirectory
v6:
- just rebase
v5:
- rebase, patches 1,3,5 were merged
- 1/3: we still need to discuss whether to detect compressed discs
- 2/3:
-
2020 Sep 24
2
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
..., 2020 at 12:39:02PM +0200, Pino Toscano wrote:
...
> There are various cases when, even of an enforcing system, labels are
> not kept up-to-date:
>
> $ getenforce
> Enforcing
> $ touch /tmp/test
> $ ls -lZ /tmp/test
> -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /tmp/test
> $ mv /tmp/test ~/var/
> $ ls -lZ ~/var/test
> -rw-rw-r--. 1 ptoscano ptoscano unconfined_u:object_r:user_tmp_t:s0 0 Sep 24 12:26 /home/ptoscano/var/test
> $ restorecon -v ~/var/test
> Relabeled /home/ptoscano/var/test from unconfined_u:object_r:user_tm...
2019 Jan 30
0
SELinux policy vs. static web content
...find . -type d -exec chmod 0755 {} \;
> $ find . -type f -exec chmod 0644 {} \;
>
> When I wrote the article back in november 2017, this resulted in a
> classic "Forbidden" error, since the SELinux context of these files is
> not httpd_sys_content_t as it should be, but user_tmp_t.
>
> But when I try to repeat the experiment now, Apache shows no error.
> Which seems strange.
>
> Any idea what's going on ?
The tl;dr version of my last post is : Apache is not supposed to show
static web pages with a user_tmp_t SELinux context. So why does it show
them any...
2010 Mar 03
1
support xattr, quota on RHEL5 of OCFS2 1.4
...MASKLOG is not set
# CONFIG_OCFS2_DEBUG_FS is not set
CONFIG_OCFS2_FS_POSIX_ACL = y
at least the attr (5) does not appear to work
mount
.......
dev/loop0 on / tmp/ocfs2 type ocfs2 (rw, user_xattr, acl, heartbeat = none)
cd / tmp/ocfs2
touch xx
setfattr-n security.selinux-v unconfined_u: object_r: user_tmp_t: s0 xx
setfattr: xx: Operation not supported
Thanks in advance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://oss.oracle.com/pipermail/ocfs2-users/attachments/20100303/5dc81009/attachment.html
2017 Dec 11
3
Libguestfs Hangs on CentOS 7.4
...mu:commandline>\n</domain>\n
libguestfs: command: run: ls
libguestfs: command: run: \ -a
libguestfs: command: run: \ -l
libguestfs: command: run: \ -R
libguestfs: command: run: \ -Z /var/tmp/.guestfs-0
libguestfs: /var/tmp/.guestfs-0:
libguestfs: drwxr-xr-x. root root unconfined_u:object_r:user_tmp_t:s0 .
libguestfs: drwxrwxrwt. root root system_u:object_r:tmp_t:s0 ..
libguestfs: drwxr-xr-x root root ?
appliance.d
libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0 lock
libguestfs: -rw-r--r--. root root unconfined_u:object_r:user_tmp_t:s0
qemu.devices
libguestfs: -rw-r-...
2013 Nov 25
2
ltsp & Selinux
Hello All,
I set up ltsp regulary, on Centos6 machines.
This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.
It only works after the command :
# echo 0 > /selinux/enforce
I tried this semanage command:
# semanage fcontext -a -t bin_t /usr/bin/xauth
but it makes no difference.
The message I'm now
2011 Jun 01
12
[Bug 8201] New: rsync 3.0.8 destroys SELinux security context of symbolic links
..._t:s0 SRC/*
ls -Z SRC
-rw-r--r--. root root system_u:object_r:lib_t:s0 file
lrwxrwxrwx. root root system_u:object_r:lib_t:s0 link -> file
mkdir TGT
rsync -aHAXx SRC/ TGT
ls -Z TGT
-rw-r--r--. root root system_u:object_r:lib_t:s0 file
lrwxrwxrwx. root root unconfined_u:object_r:user_tmp_t:s0 link -> file
This seems to have been a deliberate change in rsync:
commit 9d6fe1a6f0233c7567dfb114835751aff85a578b
Author: Wayne Davison <wayned at samba.org>
Date: Mon Jan 3 11:07:47 2011 -0800
Avoid reading ACL/xattr info on filetypes not being copied.
Make Linux avoid xa...
2012 Dec 13
0
ANNOUNCE: libguestfs 1.20 - tools for accessing and modifying virtual machine disk images
...est-tool pauses when you use --help option
https://bugzilla.redhat.com/876579
mke2fs API does not apply block device naming translation to
journaldevice optarg
https://bugzilla.redhat.com/860235
SELinux policy ought to allow qemu to write to
unconfined_u:object_r:user_tmp_t:s0
https://bugzilla.redhat.com/859949
RFE: inspect-list-applications does not return the architecture of
RPM packages
https://bugzilla.redhat.com/859885
inspect-list-applications does not list all installed RPM packages
with same name and different versions...
2012 Dec 10
3
Automatically Cleaning Kerberos Credential Cache Files
I'm in a situation here at work where I'm trying to support a mixed
network of OS X and RHEL desktop machines with a Postfix/Dovecot
combination.
- user account information is stored in LDAP
- user credentials are in MIT Kerberos
- server is running RHEL 6/Dovecot 2.0.9/Postfix 2.6.6
I am currently using the PAM passdb module to authenticate my users (I
began to have trouble