Displaying 11 results from an estimated 11 matches for "var_run_t".
2020 Apr 03
2
Samba 4.12 SELinux context /var/run
Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct
anymore:
```
root at files:~ # ls -la -Z /var/run/samba/
total 12
drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
20:42 .
drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
18:39 ..
drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 ncalrpc
drwxr-xr-x. 2 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 nmbd
-rw-r--r--. 1 root root system_u:...
2020 Apr 04
1
Samba 4.12 SELinux context /var/run
...On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote:
>> Hi, since 4.12 Samba SELinux context for /var/run/samba is not
>> correct anymore:
>>
>> ```
>> root at files:~ # ls -la -Z /var/run/samba/
>> total 12
>> drwxr-xr-x.? 5 root root system_u:object_r:var_run_t:s0? 160 Apr 3
>> 20:42 .
>> drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
>> 18:39 ..
>> drwxr-xr-x.? 3 root root system_u:object_r:var_run_t:s0?? 60 Apr 3
>> 18:39 ncalrpc
>> drwxr-xr-x.? 2 root root system_u:object_r:var_run_t:s0?? 60 Ap...
2015 Jun 30
6
RPC server not available when windows client attempts to join samba AD
I am installing a new Samba 4.2 Active Directory server on CentOS 7. I
followed the Wiki instructions on how to create the server. I am using
sernet-samba 4.2 binaries. Everything seems to be OK on the Linux side but
I cannot get any windows client to successfully join the domain. Each
attempt returns the following error message "RPC Server in not available".
Below are the config file
2012 Apr 24
0
About audit2allow generated rules
HI
I have something in /var/log/audit/audit.log like:
avc: denied { write } for pid=23739 comm="httpd" name="renderd.sock"
dev=dm-0 ino=1183752 scontext=unconfined_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:var_run_t:s0 tclass=sock_file
use audit2allow it generates something like this:
allow httpd_t var_run_t:sock_file write;
Is the rule too liberal? that means httpd_t can write any var_run_t 's
sock_file?
Or I miss-understand something?
Should it only allow httpd_t to write this specific render.sock...
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the following AVC message in audit.log:
type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2009 Oct 04
2
deliver stopped working
...llowing policy
to get rid of all of the errors in the audit log:
module local_postfix 1.0;
require {
type postfix_etc_t;
type home_root_t;
type apmd_t;
type setrans_t;
type port_t;
type etc_mail_t;
type snmpd_t;
type tmp_t;
type dovecot_deliver_t;
type postfix_smtp_t;
type nfs_t;
type var_run_t;
type usr_t;
type httpd_t;
type audisp_t;
type postfix_cleanup_t;
type inetd_t;
type portmap_t;
type postfix_pickup_t;
type hald_t;
type getty_t;
type avahi_t;
type etc_t;
type sysctl_kernel_t;
type unconfined_t;
type init_t;
type auditd_t;
type lib_t;
type dovecot_auth_t;
type sy...
2009 Feb 06
1
...apply
partial context to unlabeled file /var/run/puppet
; change from absent to object_r failed: Execution of ''/usr/bin/chcon -h
-r object_r /var/run/puppet'' returned 1: /usr/bin/chcon: can''t apply
partial context to unlabeled file /var/run/puppet
; change from absent to var_run_t failed: Execution of ''/usr/bin/chcon -h
-t var_run_t /var/run/puppet'' returned 1: /usr/bin/chcon: can''t apply
partial context to unlabeled file /var/run/puppet
; change from absent to s0 failed: Execution of ''/usr/bin/chcon -h -l s0
/var/run/puppet'' retu...
2012 Jun 15
1
Puppet + Passenger SELinux issues
...ype semanage_t;
type init_t;
type system_cronjob_t;
type mysqld_t;
type syslogd_t;
type apmd_t;
type initrc_t;
type postfix_local_t;
type puppet_etc_t;
type setfiles_t;
type rpm_t;
type unlabeled_t;
type var_run_t;
type kernel_t;
type puppet_var_run_t;
type puppet_var_lib_t;
type auditd_t;
type httpd_t;
type rpm_var_lib_t;
type postfix_cleanup_t;
type postfix_master_t;
type inetd_t;
type udev_t;
type mysqld_safe_t;...
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
...============= chroot_user_t ==============
allow chroot_user_t cyphesis_port_t:tcp_socket name_connect;
allow chroot_user_t user_home_t:chr_file open;
#============= syslogd_t ==============
#!!!! The source type 'syslogd_t' can write to a 'dir' of the
following types:
# var_log_t, var_run_t, syslogd_tmp_t, syslogd_var_lib_t,
syslogd_var_run_t, innd_log_t, device_t, tmp_t, logfile,
cluster_var_lib_t, cluster_var_run_t, root_t, krb5_host_rcache_t,
cluster_conf_t, tmp_t
allow syslogd_t user_home_t:dir write;
My questions are:
Do SE booleans settings exist that permit chrooted ssh acc...
2005 Jan 18
2
auth samba+squid+ntlm
...ror from log when a user run its web browser and ask for a
user/password:
Jan 18 12:12:16 brain kernel: audit(1106071936.271:0): avc: denied
{ getattr } for pid=17126 exe=/usr/bin/ntlm_auth path=/var/run/winbindd/pipe
dev=hda7 ino=108681 scontext=root:system_r:squid_t
tcontext=root:object_r:var_run_t tclass=sock_file
this are the permissions on the /var/cache/samba:
-rw------- 1 root root 8192 ene 13 00:02 account_policy.tdb
-rw-r--r-- 1 root root 8192 ene 17 08:52 brlock.tdb
-rw-r--r-- 1 root root 695 ene 18 12:13 browse.dat
-rw-r--r-- 1 root root 16384 ene 14 08:00 connections.td...
2016 Feb 29
0
Odd selinux complaints on new, fully updated CentOS 7
...e) suggests
*******************
If you want to allow systemd-readahe to have add_name access on the
.readahead.new directory
Then you need to change the label on .readahead.new
Do
# semanage fcontext -a -t FILE_TYPE '.readahead.new'
where FILE_TYPE is one of the following: device_t, init_var_run_t,
readahead_var_lib_t, readahead_var_run_t, root_t, var_run_t.
Then execute:
restorecon -v '.readahead.new'
***** Plugin catchall (17.1 confidence) suggests
**************************
If you believe that systemd-readahe should be allowed add_name access on
the .readahead.new directory...