search for: var_t

...gios's global requirements were not met: type/attribute nagios_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! # cat nagios.te module nagios 1.0; require { type nagios_t; type sbin_t; type ping_t; type initrc_var_run_t; type var_t; type httpd_nagios_script_t; class dir { read write search add_name remove_name }; class fifo_file { write getattr read create }; class file { rename setattr read create write getattr unlink }; } #============= httpd_nagios_script_t ============== allow httpd_nagios...

...ng is not finding any real help. Hi, I?ve got some ? tweaking ? here (using postgresql, obviously) so that dovecot runs properly with SELinux enabled, HTH, Laurent. module mydovecot 1.0; require { type dovecot_auth_t; type postgresql_port_t; type dovecot_t; type var_t; type postfix_virtual_tmp_t; class tcp_socket name_connect; class file { rename read lock create write getattr link unlink open append }; class dir { read write create add_name remove_name }; } #============= dovecot_auth_t ============== #!!!! This avc is allowed...

Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/whatever/ My question is...Shouldn't a relabeling of the filesystem change the type of this dire...

...nly Nginx (the nginx package from EPEL). I manually created the /var/www directory and put a handful of static websites in there to play around with. Curiously enough, I got a SELinux alert. I took a peek in /var/www, and here's what the SELinux context looks like: unconfined_u:object_r:var_t:s0 Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only applied if the httpd package is installed? How else can I explain this strange behavior? Any suggestions? Niki -- Microlinux - Solutions informatiques durables 7, place de l'?glise - 30730 Montpezat Site : https:...

...ng ? here (using postgresql, obviously) so that > dovecot runs properly with SELinux enabled, > > HTH, > Laurent. > > module mydovecot 1.0; > > require { > type dovecot_auth_t; > type postgresql_port_t; > type dovecot_t; > type var_t; > type postfix_virtual_tmp_t; > class tcp_socket name_connect; > class file { rename read lock create write getattr link unlink > open append }; > class dir { read write create add_name remove_name }; > } > > #============= dovecot_auth_t...

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but the context is always reset to: system_u:object_r:var_t What am I missing? Best Regards Marcus

...ntos.org/pipermail/centos/2008-August/062296.html Quoting from that post: module local 1.0; require { type traceroute_port_t; type amavis_t; type postfix_spool_t; type clamd_t; type amavis_var_lib_t; type sysctl_kernel_t; type var_t; type postfix_smtpd_t; type initrc_t; type proc_t; class unix_stream_socket connectto; class file { read getattr }; class sock_file write; class lnk_file { read create unlink getattr }; class udp_socket name_bind;...

We have a user who deleted IMAP folders from his account, so I simply tried to restore the folder ".FolderName" from our backup. I checked that file/folder ownership was the same as the original, but the Dovecot IMAP server is throwing errors at the client. I've tried copying the individual message files from the "cur" folders in the backup directory, but Dovecot

I have been getting the following on my new mailserver: Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds before retry They go away when I setenforce 0. So I googled dovecot mysql selinux and the only worthwhile hit was:

I'm sure you've seen this before: You need to slightly tweak the default installation of a major daemon - let's say you're running a big MySQL database and you need to put it on a different filesystem, mounted (for example) as /db So you move /var/lib/mysql to /db/mysql (and preserve all the file attributes, including SELinux), change /etc/my.cnf accordingly, start mysqld -

..._t; type mysqld_etc_t; type initrc_t; type proc_t; type restorecond_t; type etc_runtime_t; type postfix_bounce_t; type ntpd_t; type kernel_t; type postfix_master_t; type rpcd_t; type dovecot_t; type klogd_t; type udev_t; type clamd_t; type mysqld_port_t; type initrc_var_run_t; type var_t; type postfix_qmgr_t; type postfix_pipe_t; type crond_t; class process ptrace; class unix_stream_socket connectto; class tcp_socket { name_bind name_connect }; class file { rename execute read lock create ioctl execute_no_trans write getattr link unlink }; class sock_file { setattr create w...

...g/HowTos/Nagios content: A security feature of centos 5.2 SELinux prevents the access from the apache httpd server to the needed /var/nagios files. The error manifests itself in the /var/log/messages as "SELinux is preventing the tac.cgi from using potentially mislabeled files ./status.dat (var_t)". A workaround is to execute the command: chcon -R httpd_sys_content_t /var/nagios Please grant me access Regards Martin Boel

...es & i restart apache. i find the following errors in my /var/log/messages/ server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317 scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir i think the above one is something related to selinux.so i disabled selinux stopped iptables & disabled firewall. /sbin/fixfiles restore but still i get the above error message in my /var/log/messages how to fix this??? when i run top d 1 i see a few Zombie process of httpd 1...

Hi All: I was looking for, but could not locate in the packages, or in the R archive searches if there exists an R implementation of Cuzick's test of trend. The test is described as follows: An extension of the Wilcoxon rank-sum test is developed to handle the situation in which a variable is measured for individuals in three or more (ordered) groups and a non-parametric test for trend

...st and the 99th percentile." My question is now, how do they do it? They describe their fitting steps in the steps before, but I am not getting the following point: Do they fit the distribution to the original return series, calculate the volatility (?t) and then just calculate the VaR with VaR_t=sigma_t*q_alpha where q_alpha is the quantile of the fitted distribution or do they fit the distribution to the standardized returns (xi_t=r_t/sigma_t), calculate the volatility and then just calucate the VaR with VaR_t=sigma_t*q_alpha where q_alpha is now the quantile of the fitted distribution...

...it was pretty common for most packages' contexts to attempt to access a tcp socket to rpm and do similar things (again, in audit2allow format): allow tzdata_t rpm_t:tcp_socket { read write }; allow tzdata_t rpm_var_lib_t:file { read write }; allow tzdata_t var_lib_t:file write; allow tzdata_t var_t:file read; But I was surprised that these mail messages didn't show up till the following day, and are still showing up continuously now. Does anyone know what these accesses are? And why they might be still continously triggering for the mail system, where as all the other packages have s...

On 06/10/2013 01:41 PM, pr.G wrote: > On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote: >> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote: >>> On 06/09/2013 08:14 PM, pr.G wrote: >>>> Hello. >>>> >>>> Is it possible to start container via libvirt_lxc without mounting /sys >>>> inside container?

> -----Original Message----- > From: Richard W.M. Jones [mailto:rjones@redhat.com] > Sent: Tuesday, March 6, 2018 11:49 AM > To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru> > Cc: libguestfs@redhat.com > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... > Multiple same specifications for /.*. > > On Tue, Mar 06, 2018 at 08:40:51AM

...gt; > I manually created the /var/www directory and put a handful of static > websites in there to play around with. Curiously enough, I got a > SELinux alert. > > I took a peek in /var/www, and here's what the SELinux context looks > like: > > ? unconfined_u:object_r:var_t:s0 > > Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only > applied if the httpd package is installed? How else can I explain this > strange behavior? > > Any suggestions? Have used Nginx on Fedora with SELinux. Perhaps first try putting your sites in t...

...systemd-journald[263]: Received request to flush runtime journal from PID 1 [ 13.211941] type=1400 audit(1386001826.253:4): avc: denied { create } for pid=484 comm="systemd-tmpfile" name="BackupPC" scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir [ OK ] Started Trigger Flushing of Journal to Persistent Storage. [ OK ] Started Tell Plymouth To Write Out Runtime Data. [ OK ] [ 13.216860] type=1400 audit(1386001826.258:5): avc: denied { create } for pid=484 comm="systemd-tmpfile" name="netreport" sc...