Displaying 20 results from an estimated 5000 matches similar to: "SELinux policy module sources"
2008 Apr 04
7
User-specific sshd_config?
Hi.
I wonder if it would be possible to implement support for a
user-specific sshd_config. The primary reason is that I would like the
ability to specify that I'm only allowed to login with a key pair, even
though the system-wide sshd configuration still allows passwords for
other users.
Of course, a user-specific sshd_config file should not be able to break
the security policy of the
2008 Apr 14
1
Custom SELinux file contexts?
Hi.
Do anyone know of some place to put custom SELinux file context
specifications? I would prefer not to append lines to
/etc/selinux/targeted/contexts/files/file_contexts
but rather put one or more similar files somewhere. A file_contexts.d
firectory would be nice, but it isn't available. Just creating your own
file_contexts.local file does not work, I already tried.
I'm running
2007 May 16
2
selinux-policy-targeted-sources and CentOS 5?
What is the equivelent "selinux-policy-targeted-sources" package in
CentOS 5? It was available in 4.4. Thanks for any help.
--
Jiann-Ming Su
"I have to decide between two equally frightening options.
If I wanted to do that, I'd vote." --Duckman
"The system's broke, Hank. The election baby has peed in
the bath water. You got to throw 'em both out."
2020 Nov 20
2
selinux policy (& engine) broken in C7
hi guys
I've just gotten a bunch of updates via yum and something
weird seems to be going on after the update.
System has:
selinux-policy-3.13.1-268.el7_9.2.noarch
selinux-policy-targeted-3.13.1-268.el7_9.2.noarch
actually three different boxes, all the same:
$ semodule -l
No modules.
and an attempt to install modules fails:
$ semodule -i openvpn.pp
Failed to resolve typeattributeset
2017 Apr 25
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2010 Oct 12
1
SELinux policy for dkim-milter
Hello,
Does anyone have a sample SELinux policy for dkim-milter?
I'm using the configuration from this page:
http://www.howtoforge.com/set-up-dkim-for-multiple-domains-on-postfix-with-dkim-milter-2.8.x-centos-5.3
Along with the latest RPM from the link on that page.
Regards,
Ben
--
Ben McGinnes http://www.adversary.org/ Twitter: benmcginnes
Systems Administrator, Writer, ICT
2017 Apr 07
1
Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
I reread my sql.conf.ext files and realized they were actually
connecting to localhost. So I did some googling, and found how to
connect to the socket:
connect = host=/var/lib/mysql/mysql.sock dbname=postfix user=postfix
password=Postfix_Database_Password
And all fixed. No more failures. Plus probably securer.
On 04/07/2017 10:57 AM, Robert Moskowitz wrote:
> The strange thing is that
2017 Apr 26
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Robert,
in regards to your Postfix and Dovecot issue with MySQL and SELinux,
> Apr 26 01:25:45 z9m9z dovecot: dict: Error:
> mysql(/var/lib/mysql/mysql.sock): Connect failed to database
> (postfix): Can't connect to local MySQL server through socket
> '/var/lib/mysql/mysql.sock' (13) - waiting for 1 seconds before retry
> Apr 26 01:25:45 z9m9z dovecot: dict: Error:
2007 Dec 08
9
distributing selinux policy module
Using audit2allow, I was able to create a policy module for
selinux:
audit2allow -i /var/log/audit/audit.log -M mysqld
(creates mysqld.pp and mysqld.te)
I want to distribute this to all my puppet clients.
I can easily put this file in
/etc/selinux/targeted/modules/active/modules
But even after reboot, although I can see the module listed:
semodule -l
... it doesn''t seem to actually
2014 May 20
1
Centos 6.5 workaround needed for selinux "Could not open policy file" bug
I read about this bug in the Centos 6.2 faq and the link showing it fixed in https://bugzilla.redhat.com/show_bug.cgi?id=769859
but I am still getting it updating on a Centos 6.5 server that had selinux disabled. I want to run selinux as permissive but it won't load now on reboot.
I ran the yum update to apply this latest selinux update
2015 Jun 17
2
selinux allow apache log access
>
> That's because there's already a zabbix module loaded (the message isn't
> very informative!). I forgot that the received wisdom is to insert "my" in
> front of ones own modules i.e.:
> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> semodule -i myzabbix.pp
Hmm no luck there either:
[root at monitor2:~] #semodule -i myzabbix.pp
2015 Jun 17
2
selinux allow apache log access
>
> Try something like:
> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
> semodule -i zabbix.pp
Thanks for your response! However this is what happens when I try to
install the module:
[root at monitor2:~] #semodule -i zabbix.pp
libsepol.print_missing_requirements: zabbix's global requirements were not
met: type/attribute zabbix_t (No such file or directory).
2017 Apr 26
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/26/2017 12:29 AM, Robert Moskowitz wrote:
> But the policy generates errors. I will have to submit a bug report,
> it seems
A bug report would probably be helpful.
I'm looking back at the message you wrote describing errors in
ld-2.17.so. I think what's happening is that the policy on your system
includes a silent rule that somehow breaks your system. You'll need
2015 Jun 17
2
selinux allow apache log access
>
> What turns up in myzabbix.te?
Same deal. :(
#semodule -i myzabbix.te
semodule: Failed on myzabbix.te!
sigh... but thanks any other clues?
On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote:
> On 17/06/15 16:29, Tim Dunphy wrote:
>
>> That's because there's already a zabbix module loaded (the message isn't
>>> very
2010 Jul 23
1
postgresql copy to and selinux
I need to run a "copy table to '/home/user/dir/copy.txt';" but I get
permission denied. Filesystem dir modes are ok and I get no event
logged in audit.log, but if I setenforce 0, I can do the copy. This
explains auditd silence:
# sesearch --audit |egrep postgres.*home
dontaudit postgresql_t user_home_dir_t : dir { getattr search };
dontaudit postgresql_t home_root_t : dir
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit :
>
> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
> > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> >> pretty much just use commands and not build policies. So I need some
> >> more
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote:
>
>> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit :
>> SELinux is preventing /usr/bin/python2.7 from read access on the file disable.
>> ***** Plugin catchall (100. confidence) suggests *****
>> If you believe that python2.7 should be allowed read access on the disable file by default.
2015 Jun 16
2
selinux allow apache log access
Hey guys,.
I have a centos 7 machine I'm using as a zabbix server. And I noticed that
apache won't start, with this complaint in the error log:
(13)Permission denied: AH00091: httpd: could not open error log file
/var/log/zabbix_error_log.
AH00015: Unable to open logs
I tried having a look at audit2allow and this is the response I get back:
[root at monitor2:/etc/httpd] #grep http
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi,
Some time ago I had SELinux problems with Fail2ban. One of the users on this
list suggested that it might be due to the fact that I'm using a bone-headed
iptables script instead of FirewallD.
I've spent the past few weeks getting up to date with doing things in a more
orthodox manner. So currently my internet-facing CentOS server has a nicely
configured NetworkManager, and
2017 Apr 25
5
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> pretty much just use commands and not build policies. So I need some
> more information here.
>
> From what you provided below, how do I determine what is currently in
> place and how do I add your stuff (changing postgresql with