search for: var_lib_t

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

...t at localhost ~]# tail -f /var/log/audit/audit.log > type=AVC msg=audit(1489588773.253:1171): avc: denied { read } for pid=3838 comm="asterisk" name="astdb.sqlite3" dev="dm-0" ino=100884225 scontext=system_u:system_r:asterisk_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file > type=SYSCALL msg=audit(1489588773.253:1171): arch=c000003e syscall=2 success=no exit=-13 a0=aa5080 a1=80000 a2=1a4 a3=aa5080 items=0 ppid=1485 pid=3838 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="asterisk" exe...

...mounted the > LV > > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > > /var/lib/mysql.old to /var/lib/mysql. > > > > But then I got a selinux problem: > > # ls -ldZ mysql.old/ mysql > > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > > > I tried to changed the context on mysql with the following commands: > > > > # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?" > > # restorecon -R -v /...

...mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql So I did the following: semanage fcontext -d -t var_lib_t /var/lib/mysql It started to look better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql Then I ran restorecon restorecon -Rv /var/lib/mysql I got a lot of : restorecon res...

...l to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/ mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ I tried to changed the context on mysql with the following commands: # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?" # restorecon -R -v /var/lib/mysql But the /var/lib/mysql directory didn't...

...6 18:50:37, 0] nmbd/nmbd_serverlistdb.c:write_browse_list(339) Jan 6 18:50:37 user-0ccet6p kernel: audit(1168127437.054:524): avc: denied { search } for pid=13329 comm="nmbd" name="lib" dev=dm-0 ino=72220674 scontext=root:system_r:nmbd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:var_lib_t:s0 tclass=dir Jan 6 18:50:37 user-0ccet6p nmbd[13329]: write_browse_list: Can't open file /var/lib/samba/browse.dat.. Error was Permission denied Jan 6 18:50:57 user-0ccet6p nmbd[13329]: [2007/01/06 18:50:57, 0] nmbd/nmbd_serverlistdb.c:write_browse_list(339) Jan 6 18:50:57 user-0ccet6p kernel:...

...m (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow postfix_postdrop_t rpm_var_lib_t:file { read write }; allow postfix_postdrop_t user_home_t:file { getattr append }; allow postfix_postdrop_t var_lib_t:file write; allow system_mail_t rpm_t:tcp_socket { read write }; allow system_mail_t rpm_var_lib_t:file { read write }; allow system_mail_t var_lib_t:file write; I've been get...

...mounted the > LV > > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > > /var/lib/mysql.old to /var/lib/mysql. > > > > But then I got a selinux problem: > > # ls -ldZ mysql.old/ mysql > > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > > > I tried to changed the context on mysql with the following commands: > > > > # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?" > > # restorecon -R -v /...

...ysql > > To fix it, I tried: > semanage fcontext -d -e /var/lib/mysql > this command returned: > KeyError: /var/lib/mysql > I tried restorecon anyway: > restorecon -Rv /var/lib/mysql > But not better: > ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql > > So I did the following: > semanage fcontext -d -t var_lib_t /var/lib/mysql > It started to look better: > ls -ldZ /var/lib/mysql > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 /var/lib/mysql > Then I ran restorecon > restorecon -Rv /var/li...

...st move /var/lib/mysql to /home/mysql and symlink it. SELinux complains with Oct 10 21:21:59 intspare kernel: audit(1160479319.080:2): avc: denied { read } for pid=15784 comm="mysqld" name="mysql" dev=dm-0 ino=1230340 scontext=root:system_r:mysqld_t tcontext=root:object_r:var_lib_t tclass=lnk_file Ok, I guess it doesnt like following symlinks so instead I edited /etc/my.cnf to [mysqld] datadir=/home/mysql socket=/home/mysql/mysql.sock # Default to using old password format for compatibility with mysql 3.x # clients (those using the mysqlclient10 compatibility package). old...

Ok, so there is not a problem with SElinux and Samba. But it is a pain to set up so it will work right. I finally figured out how to set up SE and Samba so you can be able to write and delete files. I found in one of that man pages "man samba_selinux", you can just disable SE for samba. I am sure there are other ways also but this is what I have found so far. I tried to just

...cot: imap(mailadmin): Debug: fs: root=/var/mail/mailadmin, index=, indexpvt=, control=, inbox=, alt= audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=0 name="/var/lib/maildb/" inode=3735776 dev=fb:02 mode=040775 ouid=0 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=PATH msg=audit(1404145638.097:46407): item=1 name="/var/lib/maildb/users.db-journal" inode=3735779 dev=fb:02 mode=0100600 ouid=8 ogid=12 rdev=00:00 obj=system_u:object_r:var_lib_t:s0 audispd: node=myhost.somewhere type=EOE msg=audit(1404145638.097:46...

...quot; type=AVC_PATH msg=audit(1120675555.415:78677): path="/var/lib/shorewall/nat" type=AVC msg=audit(1120675555.415:78677): avc: denied { read } for pid=2430 comm="ip" name="nat" dev=hda2 ino=4406613 scontext=system_u:system_r:ifconfig_t tcontext=system_u:object_r:var_lib_t tclass=file type=AVC msg=audit(1120675556.084:95462): avc: denied { write } for pid=2641 comm="ip" name="flush" dev=proc ino=-268435296 scontext=system_u:system_r:ifconfig_t tcontext=system_u:object_r:sysctl_net_t tclass=file type=PATH msg=audit(1120675555.879:90329): item=...

...permissive mode) complains. First, I changed the context to cert_t, and *now* it complains that ksh93 wants write, etc access on the directory. grep ssh-x509-auth /var/log/audit/audit.log | audit2allow offers me this: #============= sshd_t ============== allow sshd_t cert_t:dir write; allow sshd_t var_lib_t:file { write getattr create open ioctl }; So: first, is this an expected behavior; second, is that the correct fcontext, and, finally, is it safe for me to create this as a local policy? Thanks in advance. mark

...reated a new dir /var/lib/mysql and mounted the LV > on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in > /var/lib/mysql.old to /var/lib/mysql. > > But then I got a selinux problem: > # ls -ldZ mysql.old/ mysql > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0 mysql > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 mysql.old/ > > I tried to changed the context on mysql with the following commands: > > # semanage fcontext -a -t mysqld_db_t "/var/lib/mysql(/.*)?" > # restorecon -R -v /var/lib/mysql > > But th...

...rite }; class file { create execute execute_no_trans getattr lock read rename unlink write }; class filesystem getattr; class lnk_file read; type amavis_t; type fs_t; type mqueue_spool_t; type sbin_t; type sendmail_exec_t; type var_lib_t; role system_r; }; allow amavis_t fs_t:filesystem getattr; allow amavis_t mqueue_spool_t:dir { add_name getattr read remove_name search write }; allow amavis_t mqueue_spool_t:file { create getattr lock read rename unlink write }; allow amavis_t sbin_t:lnk_file read; allow amavis_t sendmail...

...apply partial context to unlabeled file /var/lib/puppet ; change from absent to object_r failed: Execution of ''/usr/bin/chcon -h -r object_r /var/lib/puppet'' returned 1: /usr/bin/chcon: can''t apply partial context to unlabeled file /var/lib/puppet ; change from absent to var_lib_t failed: Execution of ''/usr/bin/chcon -h -t var_lib_t /var/lib/puppet'' returned 1: /usr/bin/chcon: can''t apply partial context to unlabeled file /var/lib/puppet ; change from absent to s0 failed: Execution of ''/usr/bin/chcon -h -l s0 /var/lib/puppet'' retu...

Hello, Can somebody of the Samba team explain me the difference of Fedora packages or Enterprise packages ( <http://enterprisesamba.com/> http://enterprisesamba.com/) of Samba on Red Hat Enterprise Linux 4? I tried to find any information about this subject, but googleing doesn't help me. The standard Samba package (3.0.10EL) of RHEL4 doesn't communicate with a W2k3 server

I am running xapian and omega on a Centos 6.4 SELinux enabled box. When I do a search I get the following message: Exception: Couldn't read format template `query' (Permission denied) If I disable SELinux the search executes correctly. I have enabled the httpd_enable_cgi boolean but that still does not allow the permissions needed. What else do I need to configure in SELinux for xapian

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now