similar to: Custom SELinux file contexts?

Hi. I wonder if it would be possible to implement support for a user-specific sshd_config. The primary reason is that I would like the ability to specify that I'm only allowed to login with a key pair, even though the system-wide sshd configuration still allows passwords for other users. Of course, a user-specific sshd_config file should not be able to break the security policy of the

Hi, On an internal webserver (latest C6) I want smb-access to /var/www/html/ In april I did chcon -R -t public_content_rw_t /var/www/html/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts After the latest round

Hi. I'm trying to figure out where the SELinux policy modules shipped with the system live, and how they work. The modules listed by 'semodule -l' are the same as those available in /etc/selinux/targeted/modules/active/modules, but those are not part of any package, and are presumably added and removed to this location as they are added and removed to the kernel. I later found

Hi, I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory. I have added the below to file_contexts.local : /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error : restorecon:

> -----Original Message----- > From: Richard W.M. Jones [mailto:rjones@redhat.com] > Sent: Tuesday, March 6, 2018 11:49 AM > To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru> > Cc: libguestfs@redhat.com > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... > Multiple same specifications for /.*. > > On Tue, Mar 06, 2018 at 08:40:51AM

Hello, Richard. > -----Original Message----- > From: Richard W.M. Jones [mailto:rjones@redhat.com] > Sent: Monday, March 5, 2018 8:42 PM > To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru> > Cc: libguestfs@redhat.com > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... > Multiple same specifications for /.*. > > On Mon, Mar 05, 2018 at

Instead of just documenting this bug, fix it in the file_contexts file. Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. --- customize/SELinux_relabel.ml | 19 +++++++++++++++++++ v2v/virt-v2v.pod | 11 ----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml index fa9603c..69a4779 100644 ---

[ I realized that we were discussing adding this feature, in various private email, IRC, and this long bugzilla thread: https://bugzilla.redhat.com/show_bug.cgi?id=1060423 That's not how we should do things. Let's discuss it on the mailing list. ] One thing that virt-customize/virt-sysprep/virt-builder have to do is relabel SELinux guests. What we do at the moment

Hi, On Wed, November 16, 2016 5:39 pm, Richard W.M. Jones wrote: > On Wed, Nov 16, 2016 at 05:30:55PM -0500, Derek Atkins wrote: >> Hi, >> >> On Wed, November 16, 2016 5:15 pm, Richard W.M. Jones wrote: >> > On Wed, Nov 16, 2016 at 05:09:56PM -0500, Derek Atkins wrote: >> > >> > I'll try to reproduce the issue here, but you can also do >>

I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I keep getting these messages in the log: (every 30 minutes) Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on

Hi Rich, On Wed, November 16, 2016 1:34 pm, Richard W.M. Jones wrote: > On Wed, Nov 16, 2016 at 11:31:40AM -0500, Derek Atkins wrote: >> > Running `virt-v2v -v -x ...' and observing the output will give you a >> > good idea of what precisely it was doing for those hours. >> >> Well, as I said in my original email, it was hanging at running >> setfiles:

I did a yum update to my desktop machine as root this morning and now my regular logon account sees this whenever I press the enter key: etc/audisp/audispd.conf: Permission denied etc/audisp/plugins.d/af_unix.conf: Permission denied etc/audisp/plugins.d/syslog.conf: Permission denied etc/audit/audit.rules: Permission denied etc/audit/auditd.conf: Permission deniedetc/dhcp/dhclient.d/ntp.sh:

On Wed, Dec 17, 2014 at 11:07:06AM +0100, Patrick Bervoets wrote: > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts Next time try putting the local policy into: /etc/selinux/targeted/contexts/files/file_contexts.local ... which isn't overwritten by package updates. This is what would have

Hi, On Wed, November 16, 2016 5:15 pm, Richard W.M. Jones wrote: > On Wed, Nov 16, 2016 at 05:09:56PM -0500, Derek Atkins wrote: > > I'll try to reproduce the issue here, but you can also do > the following command directly on the guest disk image if you > want to test something: > > time LIBGUESTFS_BACKEND=direct guestfish --ro -a fc21-64.qcow2 -i > selinux-relabel

On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote: > > I'm copying a file into a VM using virt-copy-in - which is great, but the > > file is wrongly labeled. > > How can I fix that? > > Hi Yaniv, > > The easiest thing is to run this after doing the virt-copy-in:

I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated /bin/mknod: `/dev/lp2': Operation not permitted /bin/chown: cannot access `/dev/lp2': No such file or directory /bin/mknod: `/dev/lp3': Operation not permitted /bin/chown: cannot

Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/whatever/ My question is...Shouldn't a relabeling of the filesystem change the type

Hi, On Wed, November 16, 2016 5:03 pm, Richard W.M. Jones wrote: > On Wed, Nov 16, 2016 at 04:49:46PM -0500, Derek Atkins wrote: >> I suppose there could be a bug. I just verified that it's absolutely >> setfiles: >> >> 14:07:25 E: commandrvf: setfiles -F -e /sysroot/dev -e /sysroot/proc -e >> /sysroot/selinux -e /sysroot/sys -r /sysroot -q >>

Hi. I wonder if it is possible to use more complex data structures in templates than simple variables and arrays? I have been trying nested arrays, as well as nested arrays and hashes, but nothing seems to work (more specifically, nested arrays seem to be flattened into a single array). Having only simple variables and arrays is a little limiting. Something like the Perl-based Template Toolkit

Hi all. I created a smb-share on my el6 for all windows-pcs in my home-network (I'm the only Linux-User in my family) for sharing all the stuff we have, like music and videos and documents. The share will be shown on the other pcs (Windows XP), but they can't open it. The error-message ist "Share not found" on our preferred language of course! SELINUX-CONFIG sh-4.1# cat