similar to: pppd does not work if SELinux is turned on.

CentOS release 5.4 (Final) I run pppd on this system, it accepts dial-in connections, logs people in over ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t;

Hi, On CentOS 7.7.1908 I've got the following error message: unix_chkpwd[1026]: could not obtain user info (root) I dont' know why... There are no SELinux errors, and the permissions of relevant files are: ls -Z /etc/shadow /etc/passwd /usr/sbin/unix_chkpwd -rw-r--r--. root root system_u:object_r:passwd_file_t:s0 /etc/passwd ----------. root root system_u:object_r:shadow_t:s0

Hi, I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from Dag Wieers Repo. When OpenVPN is started during boot-up it just shows an SElinux related error message. When I start OpenVPN manually after the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel:

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

[Moving this to the libguestfs mailing list] On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/13/2014 11:49 AM, Richard W.M. Jones wrote: > > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > >> Secondly we prevent even unconfined_t from putting down labels on the > >>

I've just installed CentOS 5.5 and dovecot 2.0.7. Out of the box, it worked ok with local user accounts. Then I enable selinux and I could no loger login to imap server. I can deal with that via a local policy. But I found dovecot tried to open /etc/shadow: type=AVC msg=audit(1291490764.101:670): avc: denied { read } for pid=16130 comm="auth" name="shadow" dev=md2

Hi, I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors: SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy

Hi. I have a VM with CentOs6.2 on KVM. I mount an image of the VM when it's not working with guestmount: root at diehard:~# guestmount -a named-centos.img -i tmp vi /etc/shadow insert comment line into the file (esc yy p 0 i # esc :wq!), save changes, unmount the image, turn on the VM, and I cannot login. I cannot login even if I recover the shadow file. root at diehard:~# guestmount

--- test-data/phony-guests/Makefile.am | 3 +-- test-data/phony-guests/make-archlinux-img.sh | 4 ++-- test-data/phony-guests/make-coreos-img.sh | 10 ++++---- test-data/phony-guests/make-debian-img.sh | 10 ++++---- test-data/phony-guests/make-fedora-img.pl | 34 ++++++++++++++-------------- test-data/phony-guests/make-ubuntu-img.sh | 14 ++++++------

On Wed, 2015-02-04 at 14:55 -0700, Warren Young wrote: > > On Feb 4, 2015, at 12:16 PM, Lamar Owen <lowen at pari.edu> wrote: > > > > Again, the real bruteforce danger is when your /etc/shadow is exfiltrated by a security vulnerability > > Unless you have misconfigured your system, anyone who can copy /etc/shadow already has root privileges. They don?t need to

[PATCH 4/8] HVM save restore: vcpu context support Signed-off-by: Zhai Edwin <edwin.zhai@intel.com> save/restore HVM vcpu context such as vmcs diff -r ee20d1905bde xen/arch/x86/domain.c --- a/xen/arch/x86/domain.c Thu Jan 11 16:40:55 2007 +0800 +++ b/xen/arch/x86/domain.c Thu Jan 11 16:46:59 2007 +0800 @@ -573,6 +573,7 @@ int arch_set_info_guest( else {

This patch series contains a set of patches making minios rather easier to use, from an application development point of view. Overview of patches: 1 Command line argument parsing support, from Xen. 2 Weak console handler function. 3 Build system tweaks for application directories. 4 Trailing whitespace cleanup. (because it is very messy) Patch 4 is likely to be more controversial than