Displaying 20 results from an estimated 700 matches similar to: "selinux & httpd & portmap"
2006 Aug 25
1
SELinux targeted - named, portmap and syslogd errors
Yesterday I activated SELinux in targeted mode, then I rebooted and started
receiving some error messages in the system services initialization:
======================================================================
audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd"
name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2006 Nov 17
1
Problem with SeLinux and syslogd
Hello!
on my centos 4.4 i have enable selinux, but after this change syslogd
can't no more run:
# /etc/init.d/syslog restart
Shutting down kernel logger: [ OK ]
Shutting down system logger: [FAILED]
Starting system logger: syslogd: error while loading shared libraries:
libc.so.6: cannot open shared object file: No such file or
2018 Sep 10
1
Type enforcement / mechanism not clear
Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
>> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>>>> Any SElinux expert here - briefly:
>>>>
>>>> # getenforce
2012 Jan 05
6
SELinux and access across 'similar types'
http://wiki.centos.org/HowTos/SELinux
says:
"Access is only allowed between similar types, so Apache running as
httpd_t can read /var/www/html/index.html of type httpd_sys_content_t."
however the doc doesn't define what "similar types" means. I assumed it
just meant "beginning with the same prefix". However that can't be
right because on my system with
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file
2008 Nov 30
4
Apache, SELinux, and document root on a different partition
I want to put the document root for an application on a separate paritition
that has more space. When I try to configure this I can't access the files
in the new location. I've got the SELinux attributes set on the directory
and its files, so I'm thinking it's something about the parent path that
SELinux doesn't like, but I don't know where that's handled.
My
2019 Jan 30
2
SELinux policy vs. static web content
Hi,
Some time ago I wrote an introductory article about SELinux on my blog.
I'm currently updating it for my new blog, and I found a curious change
in SELinux policy. Here goes.
For demonstration purposes, I'm using some static webpages, more exactly
the default pages found in /usr/share/httpd/noindex, which I simply
copied over to /var/www/html.
As a first practical example, I'm
2018 Sep 09
0
Type enforcement / mechanism not clear
On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote:
> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>>> Any SElinux expert here - briefly:
>>>
>>> # getenforce
>>> Enforcing
>>>
>>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
2011 Sep 08
1
Trying to understand SELinux MSG
Hello,
I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY:
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign
(unsuccessfully) the context of a well-known port.
To the best of my ability to recall none of the packages mentioned
below are even installed on the host in question. Why are these
dependices preventing me from removing a disused SELinux policy.
I have done exactly that, reassign port contexts, in the past without
encountering
2011 Jan 17
1
SELinux : semodule_package, magic number does not match
Hello,
I am trying to create a custom policy, but with no succes :
$ cat <<EOF> foo.te
module local 1.0;
require {
type httpd_sys_script_exec_t;
type httpd_sys_script_t;
class lnk_file read;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;
EOF
$ checkmodule -M -m -o foo.mod foo.te
checkmodule:
2017 Sep 23
2
more selinux problems ...
Hi,
how do I allow lighttpd access to a directory like this:
dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles
I tried to create and install a selinux module, and it didn?t work.
The non-working module can not be removed, either:
semodule -r lighttpd-files_articles.pp
libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2018 Sep 09
2
Type enforcement / mechanism not clear
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
<no output>
# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
<no output>
# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf
-rw-r--r--. root root
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2018 Aug 21
5
selinux question
I have a web application which uses sudo to invoke python scripts as the
user under which the application runs (NO root access).? Is there any
reason why sudo would would require sys_ptrace access for this?? I only
get this violation intermittenly, and not with every call to sudo.?
Here's the violation:
Summary:
SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>
2012 Jan 11
2
SELinux blocking cgi script from "writing to socket (httpd_t)"
Is this really supposed to get easier over time? :) Now my audit.log
file shows that SELinux is blocking my cgi script, index.cgi (which is
what's actually served when the user visits the front page of one of our
proxy sites like sugarsurfer.com) from having '"read write" to socket
(httpd_t)'. I have no idea what that means, except that I thought that
cgi scripts were
2019 Jan 18
1
SElinux AVC signull
Hi Leon,
I don't have access to a CentOS 6.10 system handy, but it looks like a
policy issue. If I take you're ausearch output and pipe it to
audit2allow on my CentOS 7.6 system, I get the following:
#============= httpd_t ==============
#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_script_t:process signull;
Noting that on my 7.6 system with selinux enforcing
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
I'm setting up a dedicated database server, and since this will be a
central service to my various web servers I wanted it to be as secure as
possible...so I am leaving SELinux enabled. However I'm having trouble
getting Apache to use mod_auth_pam. I also now can't get setroubleshootd
working to send me notifications of the denials and provide tips to solve
the problem.
The Apache