similar to: SELinux restorecon does not work

CentOS-5.1 I need some help with setting up the SELinux context for a custom httpd directory so that I can write log files into it. This is what I have: In my virtual host config file: RewriteEngine on RewriteLog /etc/httpd/virtual.d/trac-rewrite.log # RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging RewriteLogLevel 0 If /etc/httpd/virtual.d/trac-rewrite.log does

Hi. I just installed Centos 4. I''m pretty sure that I chose to have it install postgresql but when the system came up, it wasn''t there. No worries. I installed it from the net with ''yum''. Unfortunately, when I started it up and it tried to init the database, I got a bunch of SELinux errors: Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc:

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

This is continuing/summarising a rather long discussion that happened on IRC ... We talked to some SELinux experts about what was required to make SELinux work with libguestfs, and it seems reasonably simple to load the policy from the guest filesystem. All that needs to be done is to mount the guest disks up and then run: sh "/usr/sbin/load_policy -i" That command also mounts up

In-Reply-To: <f4e013870805211022r36194b29gb74ca4421dc2ee77 at mail.gmail.com> On: Wed, 21 May 2008 10:22:19 -0700, MHR <mhullrich at gmail.com> wrote: >> On Wed, May 21, 2008 at 8:37 AM, James B. Byrne <byrnejb at harte-lyne.ca> >> wrote: >> >> This indeed turned out to be an SELinux policy problem which I have since >> resolved. > > Whoa,

Hey, I'm having problems with samba. It has never worked properly on my server since I've had it installed.. Its for a home server, running xbox-Linux Fedora Core 6. I've just uninstalled every trace of the old samba, and started a fresh. With the latest samba sources I found on the website. The nmbd starts fine, but smbd never starts, and in the kernel log, I get the following

I am wondering what is the interaction between SE Linux and the kernel "capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep getting permission denied errors. I've tried using the lcap library to find that CAP_SETPCAP appears to be off in the kernel. For compliance reasons, I don't want to turn this on. I've also tried a hand-crafted SE Linux

I am using Puppet 3.1.0 on a CentOS 6.3 machines. The puppet master and puppet agents use CentOS 6.3 as their OS. I have a puppet script (init.pp file for the puppet module) that contains the following exec type: exec { "postgres init": cwd => "/applications/module", command => "bash initializePostgres.sh", user => "postgres", group =>

> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote: > > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> So, I decided to run restorecon -v to >> ... >> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context >> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 >> ... >> There is no

On Thu, 9 Nov 2017 21:02:44 -0500 Bill Shirley <bill at KnoxvilleChristian.org> wrote: > Set the sieve_global_dir like this. > /etc/dovecot/conf.d/99-mystuff.conf: > . > . > plugin { > ? sieve???????????????? = ~/Maildir/dovecot.sieve > ? sieve_dir???????????? = ~/Maildir/sieve > ? sieve_global_dir????? = /etc/dovecot/sieve/global/ > ? sieve_before????????? =

On Fri, 10 Nov 2017 03:41:20 -0500 Bill Shirley <bill at KnoxvilleChristian.org> wrote: > No it isn't shown as a folder.? All folder directories here begin with a dot. > i.e.? .INBOX? .Trash? .Drafts > > Bill No, they don't. me thought that, too. But using the rainloop webmail interface on top of such a config showed the sieve folder in the overview. Sometimes you can

Darned thing is suddenly failing. We had a reboot last night, and I changed a couple of files today too, so either one could somehow be responsible. But I can''t figure out how from this crash. First I noticed that my changes weren''t updating. Then I noticed that puppet wasn''t running. Then I found that it won''t, in fact, run. /selinux contains only a

----- Mail original ----- > De: "Ofer Hasson" <hassonofer at gmail.com> > ?: "centos" <centos at centos.org> > Envoy?: Jeudi 24 D?cembre 2015 11:36:00 > Objet: Re: [CentOS] systemd-sysctl not running on boot > [root at web-devel-local-1 ~]# ll -Z /etc/ | grep sysctl > drwxr-xr-x. root root system_u:object_r:etc_t:s0 sysctl.d > >

Hi all, I just installed a CentOS 5 machine from Kickstart. I configure NSS and PAM to lookup and authenticate users from LDAP with authconfig. On my LDAP I also have some automount configuration, but I'm not running automount on this server. SELinux is installed and enforcing. Whenever I try to install an RPM (and in other occasions during boot) I see those messages: # rpm -Uvh ... .rpm

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand

Any ideas why bind is putting the tmp files in the [chroot]/var/named directory and not in /tmp or /var/tmp? [root at devserver21 chroot]# Aug 15 14:08:21 devserver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:08:21 devserver21 named: named reload succeeded Aug 15 14:08:21 devserver21 named[5101]: dumping master file: tmp-XXXXQ5X9mC: open: permission denied Aug 15

I need to run a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir

On 02/09/2015 11:14 AM, James B. Byrne wrote: > So, I decided to run restorecon -v to > presumably set the SELinux user correctly for the new keys: But that > is not what happened: > > restorecon -v * > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > restorecon reset

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t