similar to: SeLinux Question

I regret the delay in replying to this topic but I am a digest subscriber so I only see list traffic once every 24 hours. When I moved from RHES3 to CentOS4 back in April/May of this year I was bitten by the SELinux gnat as well, and the temptation to swat a distracting irritation by killing it in its bed nearly proved irresistible. However, taking to heart the advice given to me here and

Hello, I am trying to create a custom policy, but with no succes : $ cat <<EOF> foo.te module local 1.0; require { type httpd_sys_script_exec_t; type httpd_sys_script_t; class lnk_file read; } #============= httpd_sys_script_t ============== allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read; EOF $ checkmodule -M -m -o foo.mod foo.te checkmodule:

Ok, so there is not a problem with SElinux and Samba. But it is a pain to set up so it will work right. I finally figured out how to set up SE and Samba so you can be able to write and delete files. I found in one of that man pages "man samba_selinux", you can just disable SE for samba. I am sure there are other ways also but this is what I have found so far. I tried to just

I installed SeLinux in warn mode. HOw do i check to see what it is wanring about? This wil help me in make a decision to turn it to active mode..:) -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their

Who would / Who wouldnt need to run SELinux? I have linux server at home. Would I need to run SELinux? What are the advantages of SELinux? What is the average home user doing?

Just prior to the time change, I made sure that ntpd and my timezone files were properly setup. Since this time, I've noticed the following errors: audit(1173310084.404:5): avc: denied { read } for pid=8634 comm="ntpd" name="unexpected.tdb" dev=md1 ino=147662 scontext=root:system_r:ntpd_t tcontext=root:object_r:samba_var_t tclass=file I've not successfully (so

Using audit2allow, I was able to create a policy module for selinux: audit2allow -i /var/log/audit/audit.log -M mysqld (creates mysqld.pp and mysqld.te) I want to distribute this to all my puppet clients. I can easily put this file in /etc/selinux/targeted/modules/active/modules But even after reboot, although I can see the module listed: semodule -l ... it doesn''t seem to actually

What is the equivelent "selinux-policy-targeted-sources" package in CentOS 5? It was available in 4.4. Thanks for any help. -- Jiann-Ming Su "I have to decide between two equally frightening options. If I wanted to do that, I'd vote." --Duckman "The system's broke, Hank. The election baby has peed in the bath water. You got to throw 'em both out."

Hi list, I'm studying SELinux on my workstation and for this I've enforced. In a first time selinux was permissive and when switched to enforcing I had relabel some things. Due to my "nescience" about selinux and what I must configure, I'm waiting avc denied for specified services. Until today, I've configured successfully httpd, smbd. Today I've noticed that my

Hello, After a yum update last night, I had a CenOS 5.4 i386 system pull in the following selinux updates: Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch This machine has SELinux set to Enforcing. This morning, I see I got the following email from Cron: /etc/cron.daily/0logwatch: sendmail: warning:

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hi all, I installed Performance Co-Pilot 3 days ago, and installed the nVidia PMDA according to the instructions at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/ch03s03s02.html and was able to view metrics about my video card using pmchart. I then played around a little with the lmsensors PMDA (but it doesn't look too useful to me -

Hi, I've got a Centos 5 box (recently replaced a Centos4 box of the same function). The means of applying custom SELinux policy has changed somewhat from 4->5. I've got it mostly figured out; I have a local.te file with my custom policy and also which defines a few new file types, and a local.fc with appropriate defintions of file contexts. When I run: # checkmodule -M -m -o

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

I reread my sql.conf.ext files and realized they were actually connecting to localhost. So I did some googling, and found how to connect to the socket: connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix password=Postfix_Database_Password And all fixed. No more failures. Plus probably securer. On 04/07/2017 10:57 AM, Robert Moskowitz wrote: > The strange thing is that

Hi all, I''m having some problems working with puppet-selinux[1] I''ve successfully deployed the module in nodes.pp and got it to set various SELinux modes, by using class { selinux: mode => ''permissive'' } or class { selinux: mode => ''enforcing'' } Now I want to load a custom SELinux policy file. According to the docs, the correct

I have been getting the following on my new mailserver: Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds before retry They go away when I setenforce 0. So I googled dovecot mysql selinux and the only worthwhile hit was:

I read about this bug in the Centos 6.2 faq and the link showing it fixed in https://bugzilla.redhat.com/show_bug.cgi?id=769859 but I am still getting it updating on a Centos 6.5 server that had selinux disabled. I want to run selinux as permissive but it won't load now on reboot. I ran the yum update to apply this latest selinux update

Hi, Updating selinux-policy-targeted to 3.7.19-260 fails. The archive seems corrupt. Got another copy from http://mirror.centos.org/centos/6/os/x86_64/Packages/ which also fails: # rpm -Fv selinux-policy-targeted-3.7.19-260.el6.noarch.rpm Preparing packages for installation... selinux-policy-targeted-3.7.19-260.el6 warning: /etc/selinux/targeted/contexts/customizable_types saved as

As I have noted in previous messages, I been getting the following on my new mailserver: Apr 7 10:17:27 z9m9z dovecot: dict: Error: mysql(localhost): Connect failed to database (postfix): Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13) - waiting for 25 seconds before retry They go away when I setenforce 0. It is not a timing issue as I