similar to: SELinux niggle

CentOS 4 - updated to current, rebooted to new kernel and now I can't get mysqld to start... # service mysqld start Timeout error occurred trying to start MySQL Daemon #tail -n 4 /var/log/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t

Centos 4.2 Dec 29 10:04:10 z9m9z dbus: Can't send to audit system: USER_AVC pid=1997 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Dec 29 10:04:45 z9m9z last message repeated 7 times Dec 29 10:05:50 z9m9z last message repeated 13 times Dec 29 10:06:55 z9m9z last message repeated 13 times Dec 29

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus-

I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server. I downloaded and installed the latest RPMs: ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm ocfs2-tools-1.0.2-1.i386.rpm ocfs2console-1.0.2-1.i386.rpm I was able to start the console, but when I try to run cluster->configure_nodes, I get the following error message: Could not start cluster stack. This must be resolved before any

Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0

The nVidia driver is running right, but now when I try to select some screensavers, like Anemotaxis, X restarts. /var/log/Xorg.0.log.old show it aborting on a signal 11... These 3 (now wrapped) lines show up in the system log... Apr 12 15:45:51 hack-f dbus: Can't send to audit system: USER_AVC pid=10939 uid=500 loginuid=-1 message=avc: 1 AV entries and 1/512 buckets used, longest chain

Hi all, I've had this error rear it's ugly head again and I'm not exactly sure why. The output in /var/log/message is: crond[14764]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14765]: pam_loginuid(crond:session): set_loginuid failed opening loginuid crond[14811]: pam_loginuid(crond:session): set_loginuid failed opening loginuid

CentOS-6.1 KVM guest on CentOS-6.1 host. I am seeing this SEAlert in the /var/log/audit/audit.log file a new guest immediately after startup. Can someone tell me what it means and what I should do about it? A Google search reveals a number of Fedora issues with similar errors dating back a few years; most of which seem to have something to do with package ownership. This guest starts without

Hi all, I just installed a CentOS 5 machine from Kickstart. I configure NSS and PAM to lookup and authenticate users from LDAP with authconfig. On my LDAP I also have some automount configuration, but I'm not running automount on this server. SELinux is installed and enforcing. Whenever I try to install an RPM (and in other occasions during boot) I see those messages: # rpm -Uvh ... .rpm

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand

Any ideas why bind is putting the tmp files in the [chroot]/var/named directory and not in /tmp or /var/tmp? [root at devserver21 chroot]# Aug 15 14:08:21 devserver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:08:21 devserver21 named: named reload succeeded Aug 15 14:08:21 devserver21 named[5101]: dumping master file: tmp-XXXXQ5X9mC: open: permission denied Aug 15

How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service

Karsten M. Self wrote: > on Thu, Dec 15, 2005 at 01:38:29PM -0500, Steve Brueckner > (steve@atc-nycorp.com) wrote: >> I''m using Fedora Core 4. I need to create an ssh port forwarding >> tunnel to my xen0 domain when my xenU domain starts up, so I added >> this to the xenU''s /etc/rc.d/rc.local: >> >> ssh -v -f -L 5500:localhost:5501 xen0_ip

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t

I have some centos 4.4 server. i have disable selinux for some software problem: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disable #

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps

Hello CentOS Docs People! I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines. My wiki username is WilliamFong.

Hello, I was using CentOS 5.5 as a "playground" VM at my WinXP notebook and now I'm migrating to a new CentOS 5.6 install and everything has worked well - except samba. I have this very permissive config to export my ~/src dir: # cat /etc/samba/smb.conf [global] guest ok = yes guest account = afarber security = share hosts allow = 172.16.6. 127.0.0.1 [src]

I setup postfix/dovecot on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert: Summary SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t) "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t). Detailed Description SELinux denied access requested