similar to: How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

CentOS release 5.4 (Final) I run pppd on this system, it accepts dial-in connections, logs people in over ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t;

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

On Wed, April 1, 2015 16:09, Andrew Holway wrote: > I used the command: semanage port -m -t http_port_t -p tcp 8000 > to relabel a port. perhaps you could try: > "semanage port -m -t unconfined_t -p tcp 8000" > Failing that; would it work to run your application in the httpd_t > domain? > I ended up having to create a custom policy to allow the other application to

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

Hi, I need to implement trouble tracking system, we have 250 users in one premise & 3 desktop support technicians. I need to implement trouble ticket system, where user will enter their application / other issues. Mail will be sent to technician available on duty. trouble ticket will be provided to user & will be given close stat once resolved. Kindly suggest me one such application

[Moving this to the libguestfs mailing list] On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/13/2014 11:49 AM, Richard W.M. Jones wrote: > > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > >> Secondly we prevent even unconfined_t from putting down labels on the > >>

Hi, I am running dovecot with postfix and OTRS2 on a fresh Ubuntu 8.10 Server system. OTRS2 is configured to poll new email to otrs-incoming at localhost via POP3 every 5 minutes. It works, but after approximately 20 hours it suddenly stops working and only a restart of dovecot helps. The outage starts at different times during night (00:15 on Thursday, 1:15 on Friday, 3:20 on

Hi all, sorry for being OT but would any of you recommend a ticketing system? We'd like something pretty comprehensive to cover helpdesk and HR stuff as well as software bugs/requests. There seems to be a million variations out there.

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

Hi, Last year, I tried to installed and evaluate the following OSS web base trouble ticketing system. This is for me to track history on our IT related issues. Those that I tried are the PHP Ticket, DanPHPSupport, Epix Power Support, ruQueue, Ticket Express, OTRS, PMOS Help Desk and eTicket. From those, PMOS and eTicket are my top picks. I have problem installing OTRS the last time, so I am

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/courier: # - update rules to include port information; thanks to Antoine Pardignon # (closes: #446310). # - ignore couriertcpd messages; thanks to Andrew Gallagher # (closes: #451118). # * ignore.d.server/smbd_audit: # -

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce

I have a web application which uses sudo to invoke python scripts as the user under which the application runs (NO root access).? Is there any reason why sudo would would require sys_ptrace access for this?? I only get this violation intermittenly, and not with every call to sudo.? Here's the violation: Summary: SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>

Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: