similar to: Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql with mysql, nat.) thanks On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/whatever/ My question is...Shouldn't a relabeling of the filesystem change the type

Hello CentOS Docs People! I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines. My wiki username is WilliamFong.

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but the context is always reset to: system_u:object_r:var_t What am I missing? Best Regards Marcus

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx

Hi I would like to contribute to the wiki.centos.org: username: boel subject: nagios incompatibility with centos 5.2 location: http://wiki.centos.org/HowTos/Nagios content: A security feature of centos 5.2 SELinux prevents the access from the apache httpd server to the needed /var/nagios files. The error manifests itself in the /var/log/messages as "SELinux is preventing the tac.cgi from

Ok, I try it again with plain text, with a simple R code example and just sending it to the r list and you move it to sig finance if it is necessary. I try to be as detailed as possible. I want to fit a distribution to my financial data using a volatility model to estimate the VaR. So in case of a normal distribution, this would be very easy, I assume the returns to follow a normal distribution

hi I maintain 10 webservers which is used for add delivery using PHP.sometimes when the load is high my apache process suddenly dies & i restart apache. i find the following errors in my /var/log/messages/ server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317

Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server

Hi, I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors: SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy

On 1/1/20 2:00 PM, Nicolas Kovacs wrote: > Hi, > > I'm currently fiddling with Nginx on CentOS 7. Eventually I want to > use it instead of Apache on some servers. > > Apache works more or less out of the box with SELinux. My websites are > all stored under /var/www, and ls -Z shows me that all files created > under /var/www are correctly labeled httpd_sys_content_t.

Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce