Displaying 20 results from an estimated 1000 matches similar to: "SELinux Relabeling"
2020 Jan 01
2
Nginx and SELinux on CentOS 7
Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it
instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all
stored under /var/www, and ls -Z shows me that all files created under /var/www
are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx
2009 Sep 14
4
Contribution to wiki: nagios incompatibility with centos 5.2
Hi
I would like to contribute to the wiki.centos.org:
username: boel
subject: nagios incompatibility with centos 5.2
location: http://wiki.centos.org/HowTos/Nagios
content: A security feature of centos 5.2 SELinux prevents the access
from the apache httpd server to the needed /var/nagios files. The error
manifests itself in the /var/log/messages as "SELinux is preventing the
tac.cgi from
2014 Nov 14
2
Unable to start container after OS upgrade
I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated
/bin/mknod: `/dev/lp2': Operation not permitted
/bin/chown: cannot access `/dev/lp2': No such file or directory
/bin/mknod: `/dev/lp3': Operation not permitted
/bin/chown: cannot
2020 Feb 04
5
Relabel /usr directory
Hi,
I've done the following:
- Copy usr content with rsync to another partition:
rsync -av --partial --progress /usr/ /mnt
Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
the directory itself). But I've found that is bad labeled:
ls -Z /usr
unconfined_u:object_r:unlabeled_t:s0 bin
unconfined_u:object_r:unlabeled_t:s0 local
unconfined_u:object_r:unlabeled_t:s0
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit :
> I thought I had this fixed, but I do not. I was away from this problem
> working on other matters, and came back (after a reboot) and it is still
> there, so I suspect when I thought I had it 'fixed' I was running with
> setenforce 0 from another problem (that is fixed).
>
> So anyone know how to get
2011 Mar 31
1
[v1 PATCH 0/1] Review request for a memory leak fix for openssh
----------------------------------------------------
Summary: fix a memory leak for Openssh
----------------------------------------------------
Upstream Project Name: OpenSSH
Upstream Project URL: anoncvs at anoncvs.mindrot.org:/cvs
Applies to: anoncvs at anoncvs.mindrot.org:/cvs
Brief Description: the memory which is allocated by matchpathcon should be freed after it is used
Will Submit to:
2020 Jan 01
0
Nginx and SELinux on CentOS 7
On 1/1/20 2:00 PM, Nicolas Kovacs wrote:
> Hi,
>
> I'm currently fiddling with Nginx on CentOS 7. Eventually I want to
> use it instead of Apache on some servers.
>
> Apache works more or less out of the box with SELinux. My websites are
> all stored under /var/www, and ls -Z shows me that all files created
> under /var/www are correctly labeled httpd_sys_content_t.
2009 Sep 14
3
"Point Releases" Question
Hello everyone,
Let say 5.4 goes out today; If I fully update (today) my 5.2 system...will it
be equivalent to 5.4 (all RPM packages with same version/release number?)?
Or is it possible for the new point release to include NEW packages that
weren't on the base relase (in this case CentOS 5)?
Thanks,
Jorge
2009 Mar 19
1
SELinux - different context on subdirectories
Hi all,
I have created a directory /srv with the following SELinux context:
system_u:object_r:var_t
Now I want to create a subdirectory within /srv which should get a
different context. So I tried to set e.g.:
semanage fcontext -a -t samba_share_t /srv/samba
/sbin/restorecon -v /srv/samba
but the context is always reset to:
system_u:object_r:var_t
What am I missing?
Best Regards
Marcus
2012 Jan 05
6
SELinux and access across 'similar types'
http://wiki.centos.org/HowTos/SELinux
says:
"Access is only allowed between similar types, so Apache running as
httpd_t can read /var/www/html/index.html of type httpd_sys_content_t."
however the doc doesn't define what "similar types" means. I assumed it
just meant "beginning with the same prefix". However that can't be
right because on my system with
2014 Nov 17
0
Re: Unable to start container after OS upgrade
On Fri, Nov 14, 2014 at 07:32:46PM +0000, mallu mallu wrote:
> I upgraded my container from CentOS 6.4 to CentOS 6.5. Everything looks good after upgrade until reboot. When rebooted to container I'm getting the following errors.. Any help would be greatly appreciated
> /bin/mknod: `/dev/lp2': Operation not permitted
> /bin/chown: cannot access `/dev/lp2': No such file or
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2012 Oct 09
8
Service Resources and Selinux
Hi list,
I''ve got an issue at the moment, which isn''t really a big problem, but
an untidy annoyance really, and I''d just like to understand what the
best practice might be when dealing with the issue.
As a really quick summary, the issue is that Puppet is starting up the
mysqld service for the first time as unconfined_u, and then when MySQL
goes and creates a load
2018 Mar 06
3
Re: virt-v2v 1.38 fails to convert .vmx VM: setfiles ... Multiple same specifications for /.*.
> -----Original Message-----
> From: Richard W.M. Jones [mailto:rjones@redhat.com]
> Sent: Tuesday, March 6, 2018 11:49 AM
> To: Зиновик Игорь Анатольевич <ZinovikIA@nspk.ru>
> Cc: libguestfs@redhat.com
> Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> Multiple same specifications for /.*.
>
> On Tue, Mar 06, 2018 at 08:40:51AM
2006 Jun 21
2
Apache problem
hi
I maintain 10 webservers which is used for add delivery using PHP.sometimes
when the load is high my apache process suddenly dies & i restart apache.
i find the following errors in my /var/log/messages/
server1 kernel: audit(1150892521.827:18474474): avc: denied { write } for
pid=28135 comm="httpd" name="php-mmcache" dev=sda7 ino=2146317
2014 May 24
9
SELinux relabel API
[
I realized that we were discussing adding this feature, in various
private email, IRC, and this long bugzilla thread:
https://bugzilla.redhat.com/show_bug.cgi?id=1060423
That's not how we should do things. Let's discuss it on the
mailing list.
]
One thing that virt-customize/virt-sysprep/virt-builder have to do is
relabel SELinux guests.
What we do at the moment
2017 Dec 24
2
Re: virt-copy-in - how do I get the selinux relabeling done for the file?
On Sun, Dec 24, 2017 at 3:49 PM, Richard W.M. Jones <rjones@redhat.com>
wrote:
> On Sun, Dec 24, 2017 at 02:15:44PM +0200, Yaniv Kaul wrote:
> > I'm copying a file into a VM using virt-copy-in - which is great, but the
> > file is wrongly labeled.
> > How can I fix that?
>
> Hi Yaniv,
>
> The easiest thing is to run this after doing the virt-copy-in:
2010 Jun 19
1
Physical-to-Virtual (VMware) & SELinux
Hello guys,
I have a couple of servers that I'm about to virtualize to our VMware Vsphere
ecosystem. For Linux servers I read that one needs to use the stand-alone
converter (which is a live-cd that you boot from it and then you point it to
your destination ESX).
I would like to know from folks that have already done so...what was your
experience like? Did everything went smooth? Any
2017 Dec 24
3
virt-copy-in - how do I get the selinux relabeling done for the file?
I'm copying a file into a VM using virt-copy-in - which is great, but the
file is wrongly labeled.
How can I fix that?
TIA,
Y.
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
Hello,
I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.
I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf
I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.
Any help, please?
# setenforce Permissive
# service nagios start
#