search for: var_log_t

...ccess for now by executing: # ausearch -c '7370616D64206368696C64' --raw | audit2allow -M my-7370616D64206368696C64 # semodule -i my-7370616D64206368696C64.pp Additional Information: Source Context system_u:system_r:spamd_t:s0 Target Context system_u:object_r:var_log_t:s0 Target Objects /var/log/spamassassin/.spamassassin/bayes_toks [ file ] Source 7370616D64206368696C64 Source Path /usr/bin/perl Port <Unknown> Host <Unknown> Source...

...-------------- SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless. ***** Plugin restorecon (93.9 confidence) suggests ************************ If you want to fix the label. /var/log/rear/rear-fcshome.log.lockless default label should be var_log_t. Then you can run restorecon. Do # /sbin/restorecon -v /var/log/rear/rear-fcshome.log.lockless ***** Plugin leaks (6.10 confidence) suggests ***************************** If you want to ignore mdadm trying to write access the rear-fcshome.log.lockless file, because you believe it should not ne...

...context=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0 tclass=unix_stream_socket type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { write } for pid=11767 comm=httpd name=BackupPC.sock dev=md0 ino=39813253 scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:object_r:var_log_t:s0 tclass=sock_file Is there an easy way to fix this, like setting the BackupPC.sock file universally writeable? I don't know SE Linux and right now my objective is to get BackupPC up and running. I've turned SE Linux off for now, but that's temporary until I get a more targeted fix....

...context to unlabeled file /var/log/puppet (RuntimeError) ; change from absent to object_r failed: Execution of ''/usr/bin/chcon -h -r object_r /var/log/puppet'' returned 1: /usr/bin/chcon: can''t apply partial context to unlabeled file /var/log/puppet ; change from absent to var_log_t failed: Execution of ''/usr/bin/chcon -h -t var_log_t /var/log/puppet'' returned 1: /usr/bin/chcon: can''t apply partial context to unlabeled file /var/log/puppet ; change from absent to s0 failed: Execution of ''/usr/bin/chcon -h -l s0 /var/log/puppet'' retu...

...src=3636 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:port_t tclass=tcp_socket audit(1173699978.943:3): avc: denied { append } for pid=2407 comm="piranha_gui" name="piranha-gui" dev=dm-0 ino=2338608 scontext=user_u:system_r:httpd_t tcontext=system_u:object_r:var_log_t tclass=file audit(1173699979.918:4): avc: denied { write } for pid=2408 comm="piranha_gui" name="apache_runtime_status" dev=dm-0 ino=2338680 scontext=user_u:system_r:httpd_t tcontext=user_u:object_r:httpd_log_t tclass=file How can i see if selinux is really disable? Th...

...4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/spooler, log->rotateCount is 4 dateext suffix '-20181111' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/cron to /var/log/cron-20181111 creating new /var/log/cron mode = 0600 uid = 0 gid = 0 fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/maillog to /var/log/maillog-20181111 creating new /var/log/maillog mode = 0600 uid = 0 gid = 0 fscreate context set to...

...############################################################################ module local_postfix 1.0; require { type admin_home_t; type bin_t; type default_t; type dovecot_t; type dovecot_deliver_t; type dovecot_deliver_exec_t; type dovecot_var_log_t; type etc_runtime_t; type fs_t; type home_root_t; type httpd_config_t; type httpd_t; type initrc_t; type postfix_etc_t; type postfix_local_t; type postfix_master_t; type postfix_postdrop_t; type postfix_postqueu...

...w -l -a #============= chroot_user_t ============== allow chroot_user_t cyphesis_port_t:tcp_socket name_connect; allow chroot_user_t user_home_t:chr_file open; #============= syslogd_t ============== #!!!! The source type 'syslogd_t' can write to a 'dir' of the following types: # var_log_t, var_run_t, syslogd_tmp_t, syslogd_var_lib_t, syslogd_var_run_t, innd_log_t, device_t, tmp_t, logfile, cluster_var_lib_t, cluster_var_run_t, root_t, krb5_host_rcache_t, cluster_conf_t, tmp_t allow syslogd_t user_home_t:dir write; My questions are: Do SE booleans settings exist that permit chroo...

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/ * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/ * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening

...======== allow clamd_t sysctl_vm_t:dir search; #============= mailman_mail_t ============== #!!!! The source type 'mailman_mail_t' can write to a 'dir' of the following types: # mailman_log_t, mailman_data_t, mailman_lock_t, mailman_archive_t, var_lock_t, tmp_t, mailman_mail_tmp_t, var_log_t, root_t allow mailman_mail_t lib_t:dir write; #============= named_t ============== allow named_t sysctl_vm_t:dir search; #============= postfix_postdrop_t ============== allow postfix_postdrop_t fail2ban_tmp_t:file { read write }; #============= syslogd_t ============== allow syslogd_t sysctl_...

...activated (Enforcing). > ... > SELinux is preventing /usr/bin/perl from 'read, write' accesses on the > file /var/log/spamassassin/.spamassassin/bayes_toks. > ... > Source Context system_u:system_r:spamd_t:s0 > Target Context system_u:object_r:var_log_t:s0 You may have had a custom context set on /var/log/spamassassin or a sub-path in the past, overwritten by a recent update.? That's a normal occurrence if you set context using chcon rather than "semanage fcontext".? The latter is persistent; the former is not. Spamassassin can...

...madam would be trying to write to its log > file. ReaR is Relax-and-Recover tool: http://relax-and-recover.org/ It creates a bootable CD/DVD with all backup content to restore your system. > If you want to fix the label. > /var/log/rear/rear-fcshome.log.lockless default label should be var_log_t. > Then you can run restorecon. > Do > # /sbin/restorecon -v /var/log/rear/rear-fcshome.log.lockless Try to restore SELinux label to see if that would help.

...------ SELinux is preventing mdadm from 'read, open' accesses on the file /var/log/rear/rear-fcshome.log.lockless. ***** Plugin restorecon (99.5 confidence) suggests ************************ If you want to fix the label. /var/log/rear/rear-fcshome.log.lockless default label should be var_log_t. Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly. Do # /sbin/restorecon -v /var/log/rear/rear-fcshome.log.lockless ***** Plugin catchall (1.49 confidenc...

I have one centos 4.0 server which /var/log/messages was always empty (0 bytes). I wonder what has been blocking the syslog to write the log. Other (syslog) log files are fine, only messages. /etc/syslog.conf: # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;spampd.none -/var/log/messages .thanks

v1 -> v2: - Add simple test of the setfiles API. - Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel). - Small fixes. Rich.