search for: usr_t

Displaying 20 results from an estimated 21 matches for "usr_t".

2020 Feb 04
5
Relabel /usr directory
Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0
2011 Apr 12
1
virtmanager and selinux -- solved
...under KVM today and I've been getting a slew of message > that selinux is blocking virtmanager from reading the new image. This > doesn't seem to be doing any harm, but I wanted to check whether I should > simply run chcon on the image (if I can). > > Virtmanager show up as usr_t, as do my other vm images, but the new one is > svirt_image_t. > > The selinux error says it denied a read access to virtmanager but that it > is not expected that the access is required. > > I tried running restorecon as root, as suggested by the selinux error, but > I'm g...
2008 Mar 03
1
Unable open raw socket in CentOS 5 - SE Linux and kernel capability interaction?
...t,rawsox_exec_t,rawsox_t) ######################################## # Rawsox local policy # these two didn't help #corenet_raw_sendrecv_all_if( rawsox_t ); #corenet_raw_sendrecv_all_nodes( rawsox_t ); require { type lib_t; type ld_so_t; type ld_so_cache_t; type usr_t; type devpts_t; type rawsox_t; type etc_t; class lnk_file read; class dir search; class file { read getattr execute }; class chr_file { read write getattr }; class rawip_socket create; class capability net_raw; } #============= rawso...
2014 Dec 05
2
Postfix avc (SELinux)
...; > > #============= clamscan_t ============== > allow clamscan_t amavis_spool_t:dir read; In the latest rhel6 policies amavas_t and clamscan_t have been merged into antivirus_t? Is you selinux-policy up 2 date? > #============= logwatch_mail_t ============== > allow logwatch_mail_t usr_t:lnk_file read; > > #============= postfix_master_t ============== > allow postfix_master_t tmp_t:dir read; > > #============= postfix_postdrop_t ============== > allow postfix_postdrop_t tmp_t:dir read; > > #============= postfix_showq_t ============== > allow postfix_sho...
2008 Oct 04
2
ejabberd 2.0.2 vs SELinux vs CentOS 5
...Linux audit logs: type=AVC msg=audit(1223133076.770:102): avc: denied { execmod } for pid=3878 comm="beam.smp" path="/opt/ejabberd-2.0.2_2/lib/crypto-1.5.2/priv/linux-x86/lib/crypto_drv.so" dev=dm-0 ino=26738869 scontext=user_u:system_r:unconfined_t:s0 tcontext=user_u:object_r:usr_t:s0 tclass=file What do I need to do, for selinux to allow this? (Or should I take this question to an SELinux list?) FWIW, ejabberd seems to run fine while selinux is enabled. Its just when starting up, that it needs selinux to stay out of the way.
2011 Apr 12
0
virtmanager and selinux
I built a new VM under KVM today and I've been getting a slew of message that selinux is blocking virtmanager from reading the new image. This doesn't seem to be doing any harm, but I wanted to check whether I should simply run chcon on the image (if I can). Virtmanager show up as usr_t, as do my other vm images, but the new one is svirt_image_t. The selinux error says it denied a read access to virtmanager but that it is not expected that the access is required. I tried running restorecon as root, as suggested by the selinux error, but I'm getting a permission-denied error...
2012 Mar 06
0
NFS Selinux issues
...of a nfs directory. I'm specifying the security context as part of the mount command, yet the security context still shows nfs. The mount shows what the security context should be: [root at clienthost ~]# mount serverhost:/usr/local on /usr/local type nfs4 (rw,context="system_u:object_r:usr_t:s0",hard,intr,addr=serverhost,clientaddr=clienthost) yet the directory permissions show the security context of nfs: [root at clienthost ~]# ls -dZ /usr/local drwxr-xr-x. root root system_u:object_r:nfs_t:s0 /usr/local My /etc/fstab entry is: serverhost:/usr/local /usr/local nfs...
2016 Oct 17
3
SELinux context not applied
...t of the list.... [root@ local]# semanage fcontext -l | grep netdot ./netdot(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0 ... but does not appear on the directory itself: [root@ local]# ls -ldZ netdot/ drwxr-xr-x. root root unconfined_u:object_r:*usr_t*:s0 netdot/ I am expecting to see something like: drwxr-xr-x. root root unconfined_u:object_r:*httpd_sys_rw_content_t*:s0 netdot/ What am I doing wrong or do not understand? Thanks,
2015 May 12
2
appdynamics php agent prevented by SELinux
...Dynamics. But even after doing that the SELinux errors in the output of systemctl status httpd are still happening. And if I take a look at the SELinux permissions on that directory, this is what I have: [root at web1:~] #ls -lZ /opt/ | grep -i appd drwxr-xr-x. apache apache unconfined_u:object_r:usr_t:s0 AppDynamics [root at web1:~] #ls -lZ /opt/AppDynamics/ drwxrwxr-x. apache apache unconfined_u:object_r:usr_t:s0 appdynamics-php-agent drwxr-xr-x. apache apache unconfined_u:object_r:usr_t:s0 var Anyone have any ideas on how I can beat this problem? Thanks!! Tim On Mon, May 11, 2015 at 3:...
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6 virtual guest: ---- time->Thu Dec 4 12:14:58 2014 type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2 success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698 pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2784 comm="trivial-rewrite"
2008 Mar 07
1
Unable open raw socket in CentOS 5 - SE Linux and kernelcapability interaction?
...al policy >> >> # these two didn't help >> #corenet_raw_sendrecv_all_if( rawsox_t ); >> #corenet_raw_sendrecv_all_nodes( rawsox_t ); >> >> require { >> type lib_t; >> type ld_so_t; >> type ld_so_cache_t; >> type usr_t; >> type devpts_t; >> type rawsox_t; >> type etc_t; >> class lnk_file read; >> class dir search; >> class file { read getattr execute }; >> class chr_file { read write getattr }; >> class rawip_socket cr...
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
...type postfix_local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueue_exec_t; type postfix_public_t; type postfix_pipe_t; type sendmail_t; type sendmail_exec_t; type src_t; type tmp_t; type usr_t; type user_home_dir_t; type user_home_t; type var_log_t; class capability { sys_nice chown }; class file { append create execute execute_no_trans \ getattr ioctl link lock read rename setattr write unlink }; class dir { add_name getattr crea...
2015 May 11
3
appdynamics php agent prevented by SELinux
> > If rpm is configured for _that_ location of log files, I would remove the > repository this rpm comes from from configuration and will remember to > never-never ever use that repository for anything. > > Just my $0.02 > Yeah I completely get where you're coming from there. However it's not an RPM from a repo. I downloaded the rpm from the appdynamics site itself.
2014 Dec 04
0
Postfix avc (SELinux)
...udit/audit.log | audit2allow #============= amavis_t ============== allow amavis_t shell_exec_t:file execute; allow amavis_t sysfs_t:dir search; #============= clamscan_t ============== allow clamscan_t amavis_spool_t:dir read; #============= logwatch_mail_t ============== allow logwatch_mail_t usr_t:lnk_file read; #============= postfix_master_t ============== allow postfix_master_t tmp_t:dir read; #============= postfix_postdrop_t ============== allow postfix_postdrop_t tmp_t:dir read; #============= postfix_showq_t ============== allow postfix_showq_t tmp_t:dir read; #============= postf...
2014 Dec 05
0
Postfix avc (SELinux)
...no unapplied fixes for software provided through the official CentOS-6 repositories. Does this change apply only to 7 or has it been backported? Both amavisd-new and clamav are provided via the epel repository. >> #============= logwatch_mail_t ============== >> allow logwatch_mail_t usr_t:lnk_file read; >> >> #============= postfix_master_t ============== >> allow postfix_master_t tmp_t:dir read; >> >> #============= postfix_postdrop_t ============== >> allow postfix_postdrop_t tmp_t:dir read; >> >> #============= postfix_showq_t =====...
2015 Jun 02
0
Try II: selinux, xfs, and CentOS 6 and 5 issue
...raproject.org/mailman/listinfo/selinux SELinux on RHEL5 did not have a MLS field in the label, so the directory can not be used by both rhel5 and RHEL6 easily. If all of the content on the device is going to be labeled the same, then just use a context mount option context="system_u:object_r:usr_t:s0" for example.
2015 Jun 03
0
Try II: selinux, xfs, and CentOS 6 and 5 issue [SOLVED]
...ried /.autorelabel and > rebooted, and we still get a ton of errors: Jun 1 17:01:32 <server> kernel: > inode_doinit_with_dentry: > context_to_sid(unconfined_u:object_r:file_t:s0) returned 22 for dev=sdd1 ino=2151541032 Dan's recommendation to add context="system_u:object_r:usr_t:s0" to the mount options in fastab does indeed seem to have solve the problem. Thanks muchly, Dan. mark
2007 Jan 26
0
Dovecot POP3 fails to chdir under FC6
...s had the right selinux security context, but the root of the disk holding those home directories (/branch is a separate disk drive) had a security context (system_u:object_r:mnt_t) that Fedora's selinux rules for dovecot did not allow. I changed the context of /branch to system_u:object_r:usr_t, and dovecot POP3 access worked for all users.
2006 Sep 08
0
SELinux targeted + httpd + suexec
...mm="suexec" scontext=root:system_r:httpd_suexec_t tcontext=root:system_r:httpd_suexec_t tclass=netlink_route_socket avc: denied { read } for pid=17995 comm="suexec" name="cert.pem" dev=dm-0 ino=520402 scontext=root:system_r:httpd_suexec_t tcontext=system_u:object_r:usr_t tclass=lnk_file %-------------------------- This is independent of the script being perl or sh, and despite the errors the cgi executes correctly. 'sestatus' reports: httpd_builtin_scripting active httpd_disable_trans inactive httpd_enable_cgi active httpd_enable_homedirs in...
2015 Jun 02
3
Try II: selinux, xfs, and CentOS 6 and 5 issue
Tried just the selinux list yesterday, no answers, so I'm trying again. I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS 6 system, which has selinux in permissive mode. I then moved the drive to a CentOS 5 system. When we run a copy (it mirror-copies from another system), we get a ton of errors. I discovered that the CentOS 5 system was enforcing. I changed it to