similar to: SELinux Relabeling

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx

Hi I would like to contribute to the wiki.centos.org: username: boel subject: nagios incompatibility with centos 5.2 location: http://wiki.centos.org/HowTos/Nagios content: A security feature of centos 5.2 SELinux prevents the access from the apache httpd server to the needed /var/nagios files. The error manifests itself in the /var/log/messages as "SELinux is preventing the tac.cgi from

I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated /bin/mknod: `/dev/lp2': Operation not permitted /bin/chown: cannot access `/dev/lp2': No such file or directory /bin/mknod: `/dev/lp3': Operation not permitted /bin/chown: cannot

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

---------------------------------------------------- Summary: fix a memory leak for Openssh ---------------------------------------------------- Upstream Project Name: OpenSSH Upstream Project URL: anoncvs at anoncvs.mindrot.org:/cvs Applies to: anoncvs at anoncvs.mindrot.org:/cvs Brief Description: the memory which is allocated by matchpathcon should be freed after it is used Will Submit to:

On 1/1/20 2:00 PM, Nicolas Kovacs wrote: > Hi, > > I'm currently fiddling with Nginx on CentOS 7. Eventually I want to > use it instead of Apache on some servers. > > Apache works more or less out of the box with SELinux. My websites are > all stored under /var/www, and ls -Z shows me that all files created > under /var/www are correctly labeled httpd_sys_content_t.

Hello everyone, Let say 5.4 goes out today; If I fully update (today) my 5.2 system...will it be equivalent to 5.4 (all RPM packages with same version/release number?)? Or is it possible for the new point release to include NEW packages that weren't on the base relase (in this case CentOS 5)? Thanks, Jorge

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but the context is always reset to: system_u:object_r:var_t What am I missing? Best Regards Marcus

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with

On Fri, Nov 14, 2014 at 07:32:46PM +0000, mallu mallu wrote: > I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated > /bin/mknod: `/dev/lp2': Operation not permitted > /bin/chown: cannot access `/dev/lp2': No such file or

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

Hi list, I''ve got an issue at the moment, which isn''t really a big problem, but an untidy annoyance really, and I''d just like to understand what the best practice might be when dealing with the issue. As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load

> -----Original Message----- > From: Richard W.M. Jones [mailto:rjones@redhat.com] > Sent: Tuesday, March 6, 2018 11:49 AM > To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru> > Cc: libguestfs@redhat.com > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... > Multiple same specifications for /.*. > > On Tue, Mar 06, 2018 at 08:40:51AM

hi I maintain 10 webservers which is used for add delivery using PHP.sometimes when the load is high my apache process suddenly dies & i restart apache. i find the following errors in my /var/log/messages/ server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317

[ I realized that we were discussing adding this feature, in various private email, IRC, and this long bugzilla thread: https://bugzilla.redhat.com/show_bug.cgi?id=1060423 That's not how we should do things. Let's discuss it on the mailing list. ] One thing that virt-customize/virt-sysprep/virt-builder have to do is relabel SELinux guests. What we do at the moment

On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote: > > I'm copying a file into a VM using virt-copy-in - which is great, but the > > file is wrongly labeled. > > How can I fix that? > > Hi Yaniv, > > The easiest thing is to run this after doing the virt-copy-in:

Hello guys, I have a couple of servers that I'm about to virtualize to our VMware Vsphere ecosystem. For Linux servers I read that one needs to use the stand-alone converter (which is a live-cd that you boot from it and then you point it to your destination ESX). I would like to know from folks that have already done so...what was your experience like? Did everything went smooth? Any

I'm copying a file into a VM using virt-copy-in - which is great, but the file is wrongly labeled. How can I fix that? TIA, Y.

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #