similar to: Squid and SELinux

I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t

Hello, I was using CentOS 5.5 as a "playground" VM at my WinXP notebook and now I'm migrating to a new CentOS 5.6 install and everything has worked well - except samba. I have this very permissive config to export my ~/src dir: # cat /etc/samba/smb.conf [global] guest ok = yes guest account = afarber security = share hosts allow = 172.16.6. 127.0.0.1 [src]

Hi, I'm trying to move the MySQL data directory to /home/mysql like I have done with every other install I have done before but the difference is this time I am trying to have SELinux active instead of turning it off. I seem to need some help in a) Understanding what the selinux failure messages are saying; and b) How to correct the issue I've read the selinux docs and all I got was a

Hi all, Just want to enable squid's SNMP support to get information about its perfomance through snmp client. I set "snmp_port 3401" in squid.conf SELinux is in enforcing state with targeted policy. But squid daemon doesn't start. There are some messages in audit.log like type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf880060

Hi all, I just installed a CentOS 5 machine from Kickstart. I configure NSS and PAM to lookup and authenticate users from LDAP with authconfig. On my LDAP I also have some automount configuration, but I'm not running automount on this server. SELinux is installed and enforcing. Whenever I try to install an RPM (and in other occasions during boot) I see those messages: # rpm -Uvh ... .rpm

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

I am setting up Samba on a standalone CentOS 7 server (using LDAP with openldap for authentifcation) and things and somewhat working. There is a bit of weirdness though. smbclient is only able to access *directories* and not any of the files. Why is that? What am I missing? Here is a log of a test run: [heller at c764guest: ~]$ ls -lZAn total 8424 -rw-------. 1

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

CentOS-6.5 We deploy web applications written with the Ruby on Rails framework using Capistrano (2.x). Each 'family' of web applications are 'owned' by a dedicated user id. The present httpd service is Apache 2.2.15 and we use Passenger 3.0.11. We are moving shortly to a new deployment host and at that time we will be updating to Apache 2.4.9 and Passenger 4..0.25. Our

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t

Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0

I have some centos 4.4 server. i have disable selinux for some software problem: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disable #

Hello, After a yum update last night, I had a CenOS 5.4 i386 system pull in the following selinux updates: Jan 07 21:39:14 Updated: selinux-policy-2.4.6-255.el5_4.3.noarch Jan 07 21:39:31 Updated: selinux-policy-targeted-2.4.6-255.el5_4.3.noarch This machine has SELinux set to Enforcing. This morning, I see I got the following email from Cron: /etc/cron.daily/0logwatch: sendmail: warning:

Hi, I have a new CentOS sever install. I've also installed suPHP to replicate a live server. When I upload file via FTP the permissions seem OK, however the directories copied are not writable?? Any ideas? I have tried chmod 777 and that's not working either. Could is be a suPHP issue? I have 'suPHP_UserGroup GROUP USER' setup in my virtual directory and the user is also in the

Hello, Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I have : $ ps -Ze LABEL PID TTY TIME CMD user_u:system_r:httpd_t 12833 ? 00:00:00 httpd Is it normal for httpd to have this context (user_u:system_r:httpd_t) ? I was expecting system_u:system_r:httpd_t. And if it is not normal, is it because I have restarted httpd by

I want to put the document root for an application on a separate paritition that has more space. When I try to configure this I can't access the files in the new location. I've got the SELinux attributes set on the directory and its files, so I'm thinking it's something about the parent path that SELinux doesn't like, but I don't know where that's handled. My

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus-

Hello, I received the below SELinux message today and I am trying to figure out what caused it. I see what it says under Allow Access but I am not sure this is what I really want to do without know why it happened in the first place. What should I be looking at to understand what or why this has happened? Any help I would be most grateful for. Here is the output form SELinux SUMMARY:

I am configuring a new mail server on RHEL 5 x64. I have configured dovecot as follows: ... protocols = imaps ... ssl_cert_file = /etc/pki/dovecot/certs/mailserver.cer ssl_key_file = /etc/pki/dovecot/private/mailserver.pem ... login_process_size = 64 ... mail_location = maildir:~/Maildir ... passdb pam { args = "session=yes cache_key=%u%s dovecot" } ... I'm getting the following