similar to: Apache php and exim

Hello, I am trying to create a custom policy, but with no succes : $ cat <<EOF> foo.te module local 1.0; require { type httpd_sys_script_exec_t; type httpd_sys_script_t; class lnk_file read; } #============= httpd_sys_script_t ============== allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; EOF $ checkmodule -M -m -o foo.mod foo.te checkmodule:

PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root

Daniel Walsh wrote: > On 09/22/2017 06:58 AM, hw wrote: >> >> PS: Now I found this: >> >> >> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

Hi, I've got a Centos 5 box (recently replaced a Centos4 box of the same function). The means of applying custom SELinux policy has changed somewhat from 4->5. I've got it mostly figured out; I have a local.te file with my custom policy and also which defines a few new file types, and a local.fc with appropriate defintions of file contexts. When I run: # checkmodule -M -m -o

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

Hi. Has anyone figured out how to get Bugzilla working on CentOS 5.2 WITHOUT TURNING OFF SELINUX? I've run chcon -R --reference=/var/www/html /path/to/bugzilla and added the following module (generated by audit2allow), but am still getting errors in my Web browser tryinig to use Bugzilla: Software error: Can't connect to the database. Error: could not connect to server:

On 09/22/2017 06:58 AM, hw wrote: > > PS: Now I found this: > > > type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : > proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp > type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 > syscall=setgroups success=no exit=EPERM(Operation not permitted) > a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300

Hello, I have deployed Bugzilla 3.6.2 on CentOS 5 (with rpmforge perl-* packages) and I have a problem with SELinux preventing mail being sent via sendmail. (see SELinux reports below, especially the second one) When SELinux is in permissive mode, mail sending from Bugzilla is working properly. Has anybody got recent Bugzilla to work with SELinux on CentOS? Thanks in advance! Mathieu

On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

Hi all, I'm trying to get Cacti installed on my CentOS 4.3 x86_64 box. I've got all of required packages installed, and created database file, and followed all the instructions in install manual. However, when I get login screen and use admin for username/password, it simply redirects me straight back to login screen. Looking at user_log table, the authentication was

I have some perl scripts running via CGI to print some monitoring informations out. # cat /etc/redhat-release CentOS release 6.10 (Final) # getenforce Enforcing # LANG=C ausearch -m avc --start today type=SYSCALL msg=audit(1547733474.941:28): arch=c000003e syscall=62 success=no exit=-13 a0=641 a1=0 a2=7f33500079b0 a3=31372f656d6f7268 items=0 ppid=1399 pid=1439 auid=4294967295 uid=48 gid=48

Does anyone recognize this sort of message or have any idea what might cause it? May 28 11:00:06 inet09 setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 191, in analyze_avc#012 report = plugin.analyze(avc)#012 File

Hi Guys Thanks for this! As I am a beginner, I bet I'm running into some really basic problems. Using the example from the Map2poly function in maptools: try <- read.shape("euadmll.shp") mappolys <- Map2poly(try) # this produces 14 warnings() of the type: # 1: level 2 circularity at 62 in: .mtlbuild(.mtafters(r1), rD) # etc # 14: From next release, default hole handling

The Wine development release 1.7.22 is now available. What's new in this release (see below for details): - Support for Unicode bracketing pairs. - Improved Internet cookie support. - OS X CoreAudio driver uses AUHAL instead of AudioQueue. - Initial support for geographical information. - Various bug fixes. The source is available from the following locations:

Hello, I''m trying to get working infiniband device in Xen. I have Xen v3 with 2.6.18 kernel. I export PCI device from Dom0 into DomU. I''ve enabled permisive device in Dom0. However, inserting infiniband module results in the following messages (with little more verbosity which I have added): pcifront pci-0: Installing PCI frontend pcifront pci-0: Creating PCI Frontend Bus

I've got a Mailman installation running on CentOS 4 that I'd like to migrate to a CentOS 6 box. My big obstacle at present is getting Mailman's mm-handler Perl script to run as a Sendmail local mailer with SELinux enabled. I've tried changing mm-handler's selinux context type a few times, but nothing has resulted in success: context result