Displaying 20 results from an estimated 30 matches for "var_t".
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
...gios's global requirements were not met:
type/attribute nagios_t
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
# cat nagios.te
module nagios 1.0;
require {
type nagios_t;
type sbin_t;
type ping_t;
type initrc_var_run_t;
type var_t;
type httpd_nagios_script_t;
class dir { read write search add_name remove_name };
class fifo_file { write getattr read create };
class file { rename setattr read create write getattr unlink };
}
#============= httpd_nagios_script_t ==============
allow httpd_nagios...
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...ng is not finding any real help.
Hi,
I?ve got some ? tweaking ? here (using postgresql, obviously) so that
dovecot runs properly with SELinux enabled,
HTH,
Laurent.
module mydovecot 1.0;
require {
type dovecot_auth_t;
type postgresql_port_t;
type dovecot_t;
type var_t;
type postfix_virtual_tmp_t;
class tcp_socket name_connect;
class file { rename read lock create write getattr link unlink
open append };
class dir { read write create add_name remove_name };
}
#============= dovecot_auth_t ==============
#!!!! This avc is allowed...
2009 Sep 09
1
SELinux Relabeling
Hello everyone,
If create a folder called "whatever" under /var, the context is:
root:object_r:var_t /var/whatever/
That's expected as it is under /var. If I then change its type:
chcont -t httpd_sys_content_t /var/whatever
The context looks like:
root:object_r:httpd_sys_content_t /var/whatever/
My question is...Shouldn't a relabeling of the filesystem change the type of
this dire...
2020 Jan 01
2
Nginx and SELinux on CentOS 7
...nly Nginx (the
nginx package from EPEL).
I manually created the /var/www directory and put a handful of static websites
in there to play around with. Curiously enough, I got a SELinux alert.
I took a peek in /var/www, and here's what the SELinux context looks like:
unconfined_u:object_r:var_t:s0
Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only applied
if the httpd package is installed? How else can I explain this strange behavior?
Any suggestions?
Niki
--
Microlinux - Solutions informatiques durables
7, place de l'?glise - 30730 Montpezat
Site : https:...
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
...ng ? here (using postgresql, obviously) so that
> dovecot runs properly with SELinux enabled,
>
> HTH,
> Laurent.
>
> module mydovecot 1.0;
>
> require {
> type dovecot_auth_t;
> type postgresql_port_t;
> type dovecot_t;
> type var_t;
> type postfix_virtual_tmp_t;
> class tcp_socket name_connect;
> class file { rename read lock create write getattr link unlink
> open append };
> class dir { read write create add_name remove_name };
> }
>
> #============= dovecot_auth_t...
2009 Mar 19
1
SELinux - different context on subdirectories
Hi all,
I have created a directory /srv with the following SELinux context:
system_u:object_r:var_t
Now I want to create a subdirectory within /srv which should get a
different context. So I tried to set e.g.:
semanage fcontext -a -t samba_share_t /srv/samba
/sbin/restorecon -v /srv/samba
but the context is always reset to:
system_u:object_r:var_t
What am I missing?
Best Regards
Marcus
2008 Aug 26
3
Amavisd Howto
...ntos.org/pipermail/centos/2008-August/062296.html
Quoting from that post:
module local 1.0;
require {
type traceroute_port_t;
type amavis_t;
type postfix_spool_t;
type clamd_t;
type amavis_var_lib_t;
type sysctl_kernel_t;
type var_t;
type postfix_smtpd_t;
type initrc_t;
type proc_t;
class unix_stream_socket connectto;
class file { read getattr };
class sock_file write;
class lnk_file { read create unlink getattr };
class udp_socket name_bind;...
2009 Jan 08
2
Restoring individual messages from a backup into a Maildir setup?
We have a user who deleted IMAP folders from his account, so I simply
tried to restore the folder ".FolderName" from our backup. I checked
that file/folder ownership was the same as the original, but the Dovecot
IMAP server is throwing errors at the client.
I've tried copying the individual message files from the "cur" folders
in the backup directory, but Dovecot
2017 Apr 07
3
SELinux policy to allow Dovecot to connect to Mysql
I have been getting the following on my new mailserver:
Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect
failed to database (postfix): Can't connect to local MySQL server
through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds
before retry
They go away when I setenforce 0.
So I googled dovecot mysql selinux and the only worthwhile hit was:
2007 Apr 20
1
SELinux and daemons - clever way to change default locations?
I'm sure you've seen this before:
You need to slightly tweak the default installation of a major daemon -
let's say you're running a big MySQL database and you need to put it on
a different filesystem, mounted (for example) as /db
So you move /var/lib/mysql to /db/mysql (and preserve all the file
attributes, including SELinux), change /etc/my.cnf accordingly, start
mysqld -
2009 Oct 04
2
deliver stopped working
..._t;
type mysqld_etc_t;
type initrc_t;
type proc_t;
type restorecond_t;
type etc_runtime_t;
type postfix_bounce_t;
type ntpd_t;
type kernel_t;
type postfix_master_t;
type rpcd_t;
type dovecot_t;
type klogd_t;
type udev_t;
type clamd_t;
type mysqld_port_t;
type initrc_var_run_t;
type var_t;
type postfix_qmgr_t;
type postfix_pipe_t;
type crond_t;
class process ptrace;
class unix_stream_socket connectto;
class tcp_socket { name_bind name_connect };
class file { rename execute read lock create ioctl execute_no_trans write getattr link
unlink };
class sock_file { setattr create w...
2009 Sep 14
4
Contribution to wiki: nagios incompatibility with centos 5.2
...g/HowTos/Nagios
content: A security feature of centos 5.2 SELinux prevents the access
from the apache httpd server to the needed /var/nagios files. The error
manifests itself in the /var/log/messages as "SELinux is preventing the
tac.cgi from using potentially mislabeled files ./status.dat (var_t)". A
workaround is to execute the command: chcon -R httpd_sys_content_t
/var/nagios
Please grant me access
Regards
Martin Boel
2006 Jun 21
2
Apache problem
...es & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for
pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317
scontext=root:system_r:httpd_t tcontext=system_u:object_r:var_t tclass=dir
i think the above one is something related to selinux.so i disabled selinux
stopped iptables & disabled firewall.
/sbin/fixfiles restore
but still i get the above error message in my /var/log/messages
how to fix this???
when i run top d 1 i see a few Zombie process of httpd
1...
2006 Sep 02
2
Cuzick's test for trend
Hi All:
I was looking for, but could not locate in the packages, or in the R archive searches if there exists an R implementation of Cuzick's test of trend. The test is described as follows:
An extension of the Wilcoxon rank-sum test is developed to handle the situation in which a variable is measured for individuals in three or more (ordered) groups and a non-parametric test for trend
2013 Apr 07
0
Fitting distributions to financial data using volatility model to estimate VaR
...st and the 99th percentile."
My question is now, how do they do it?
They describe their fitting steps in the steps before, but I am not
getting the following point:
Do they fit the distribution to the original return series, calculate
the volatility (?t) and then just calculate the VaR with
VaR_t=sigma_t*q_alpha where q_alpha is the quantile of the fitted
distribution
or
do they fit the distribution to the standardized returns
(xi_t=r_t/sigma_t), calculate the volatility and then just calucate
the VaR with VaR_t=sigma_t*q_alpha where q_alpha is now the quantile
of the fitted distribution...
2009 Apr 14
3
Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
...it was pretty common for most packages'
contexts to attempt to access a tcp socket to rpm and do similar things
(again, in audit2allow format):
allow tzdata_t rpm_t:tcp_socket { read write };
allow tzdata_t rpm_var_lib_t:file { read write };
allow tzdata_t var_lib_t:file write;
allow tzdata_t var_t:file read;
But I was surprised that these mail messages didn't show up till the
following day, and are still showing up continuously now.
Does anyone know what these accesses are? And why they might be still
continously triggering for the mail system, where as all the other
packages have s...
2013 Jun 10
1
Re: libvirt_lxc and sysfs
On 06/10/2013 01:41 PM, pr.G wrote:
> On Mon, Jun 10, 2013 at 09:29:32AM +0400, свящ. Георгий Гольцов wrote:
>> On Mon, Jun 10, 2013 at 09:07:08AM +0800, Gao feng wrote:
>>> On 06/09/2013 08:14 PM, pr.G wrote:
>>>> Hello.
>>>>
>>>> Is it possible to start container via libvirt_lxc without mounting /sys
>>>> inside container?
2018 Mar 06
3
Re: virt-v2v 1.38 fails to convert .vmx VM: setfiles ... Multiple same specifications for /.*.
> -----Original Message-----
> From: Richard W.M. Jones [mailto:rjones@redhat.com]
> Sent: Tuesday, March 6, 2018 11:49 AM
> To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru>
> Cc: libguestfs@redhat.com
> Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> Multiple same specifications for /.*.
>
> On Tue, Mar 06, 2018 at 08:40:51AM
2020 Jan 01
0
Nginx and SELinux on CentOS 7
...gt;
> I manually created the /var/www directory and put a handful of static
> websites in there to play around with. Curiously enough, I got a
> SELinux alert.
>
> I took a peek in /var/www, and here's what the SELinux context looks
> like:
>
> ? unconfined_u:object_r:var_t:s0
>
> Now I'm a bit puzzled. Is the correct httpd_sys_content_t context only
> applied if the httpd package is installed? How else can I explain this
> strange behavior?
>
> Any suggestions?
Have used Nginx on Fedora with SELinux. Perhaps first try putting your
sites in t...
2013 Dec 02
3
no-amd-iommu-perdev-intremap + no-intremap = BOOM with Xen 4.4 (no-intremap by itself OK).
...systemd-journald[263]: Received request to flush runtime journal from PID 1
[ 13.211941] type=1400 audit(1386001826.253:4): avc: denied { create } for pid=484 comm="systemd-tmpfile" name="BackupPC" scontext=system_u:system_r:systemd_tmpfiles_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir
[ OK ] Started Trigger Flushing of Journal to Persistent Storage.
[ OK ] Started Tell Plymouth To Write Out Runtime Data.
[ OK ] [ 13.216860] type=1400 audit(1386001826.258:5): avc: denied { create } for pid=484 comm="systemd-tmpfile" name="netreport" sc...