Displaying 20 results from an estimated 2000 matches similar to: "selinux question and answer"
2009 Aug 12
1
[PATCH] Add 'setcon', 'getcon' commands to set and get the SELinux context
These commands let you set and get the SELinux context of the daemon
and all operations in the API and processes run from the daemon:
$ ./fish/guestfish --ro -a /dev/mapper/vg_trick-F11x64 \
selinux 1 : \
run : \
mount /dev/vg_f11x64/lv_root / : \
sh "/usr/sbin/load_policy" : \
getcon : \
setcon "system_u:system_r:unconfined_t:s0" : \
getcon
2009 Sep 22
1
[PATCH 0/2] Add a 'virt-rescue' command
Inspired by something Glauber asked me about today, I made a very
simple pair of patches which add a 'virt-rescue' command to
libguestfs. This uses the appliance as a "rescue appliance", so
people can boot into a disk image and repair it in an unstructured,
interactive way. (Specifically, Glauber's question was how to run
fsck interactively - with this patch you could do
2006 Aug 25
1
SELinux targeted - named, portmap and syslogd errors
Yesterday I activated SELinux in targeted mode, then I rebooted and started
receiving some error messages in the system services initialization:
======================================================================
audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd"
name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t
2011 Sep 08
1
Trying to understand SELinux MSG
Hello,
I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY:
2006 Jan 19
2
error in centos 4.2
hi i just installed my system then shutit down. after booting it up i can't
login to root so i did a linux rescue with the CD and when i tried to type
passwd this error message appear?
"user_u:system_r:unconfined_t is not authorized to change the password of
root"
--
Regards,
Mark Quitoriano, CCNA
Fan the flame...
http://www.spreadfirefox.com/?q=user/register&r=19441
2008 Oct 04
2
ejabberd 2.0.2 vs SELinux vs CentOS 5
Lordy, I've been having problems with this darn thing, so I hope someone
can help me. :s
My troubles started when I downloaded the latest erlang and ejabberd
packages. I crashed and burned very quickly, trying two or three
different versions of erlang along with several of ejabberd 2.0.x.
Finally, after a week of pain, I admitted defeat, wiped the whole lot
and installed the binary on the
2005 Nov 12
5
selinux stuff - I just don't get
I am getting tons of these messages since I updated to 4.2
Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839
uid=81 loginuid=-1 message=avc: denied { send_msg } for
scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
tclass=dbus
Now I can see this process...
# ps aux|grep 2839
dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus-
2005 Dec 29
1
strange log entry
Centos 4.2
Dec 29 10:04:10 z9m9z dbus: Can't send to audit system: USER_AVC
pid=1997 uid=81 loginuid=-1 message=avc: denied { send_msg } for
scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t
tclass=dbus
Dec 29 10:04:45 z9m9z last message repeated 7 times
Dec 29 10:05:50 z9m9z last message repeated 13 times
Dec 29 10:06:55 z9m9z last message repeated 13 times
Dec 29
2005 Oct 13
1
OCFS2 Installation woes
I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server.
I downloaded and installed the latest RPMs:
ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm
ocfs2-tools-1.0.2-1.i386.rpm
ocfs2console-1.0.2-1.i386.rpm
I was able to start the console, but when I try to run
cluster->configure_nodes, I get the following error message:
Could not start cluster stack. This must be resolved before any
2014 Jan 13
1
Re: Livecd-creator is disabling selinux
[Moving this to the libguestfs mailing list]
On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 01/13/2014 11:49 AM, Richard W.M. Jones wrote:
> > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote:
> >> Secondly we prevent even unconfined_t from putting down labels on the
> >>
2005 Nov 12
0
mysqld and selinux
CentOS 4 - updated to current, rebooted to new kernel and now I can't
get mysqld to start...
# service mysqld start
Timeout error occurred trying to start MySQL Daemon
#tail -n 4 /var/log/messages
Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied
{ write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305
scontext=root:system_r:mysqld_t
2005 Nov 30
0
SELinux niggle
Hi,
I am not very experienced with SELinux and I have a problem which I
can't track down. Any help would be really appreciated.
I have an 'install everything' Centos 4.2 system which I am using as a
workstation. Before anyone tells me off for installing everything, I
have done this in order to get used to CentOS before using it on live
servers.
Anyway when I log into X (gnome, gdm)
2009 Jan 08
2
Restoring individual messages from a backup into a Maildir setup?
We have a user who deleted IMAP folders from his account, so I simply
tried to restore the folder ".FolderName" from our backup. I checked
that file/folder ownership was the same as the original, but the Dovecot
IMAP server is throwing errors at the client.
I've tried copying the individual message files from the "cur" folders
in the backup directory, but Dovecot
2009 Oct 04
2
deliver stopped working
Hi:
I have been using Dovecot for well over a year now and it has always worked with few
problems. The mail setup is not simple...
Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major
things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and
control is local.
About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2008 Nov 30
4
Apache, SELinux, and document root on a different partition
I want to put the document root for an application on a separate paritition
that has more space. When I try to configure this I can't access the files
in the new location. I've got the SELinux attributes set on the directory
and its files, so I'm thinking it's something about the parent path that
SELinux doesn't like, but I don't know where that's handled.
My
2006 Jul 30
1
Cannot run Wine under Fedora 6 test 1 - partial workaround found
I've played around a bit more using a very simple Windows program called
"Casio" ( the programmer for my Casio PC Unite watch, which I know works
quite well under Wine under older setups), and have found the following
information:
* The "wine_main_preload_info not found" message is coming from the
wine-preloader - the "wine" executable lacks the data
2012 Apr 30
1
SELinux is preventing /usr/libexec/postfix/pickup from module_request
Getting module_request errors from SELinux. Errors being thrown by
metacity
sendmail.postfix
cleanup
trivial-rewarite
local
postdrop
pickup
All errors are essentially the same
System was working well until I began to apply some basic security
hardening configuration.
Postfix started complaining when I made /tmp noexec, nodev, nosuid, and
then did a mount --bind of /var/tmp under
2008 Jul 24
1
selinux & httpd & portmap
Having problems starting httpd & portmapper
#service httpd start
/usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot
open shared object file: No such file or directory
and I traced it to selinux, which I had just turned on for the first time:
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode:
2013 Jan 22
2
Re: Problems to start a xen DomU using a logical volume.
Hi guys,
I followed this article to install my first xen project to compare its
CPU/memory and I/O performance with a kvm domain on CentOS 6.4.
http://www.virtuatopia.com/index.php/Building_a_Xen_Virtual_Guest_Filesystem_on_a_Disk_Image_%28Cloning_Host_System%29
In the initial tests whit super.pi benchmarck the CPU performance of my xen
domai was extremely worst than my kvm domain.
Well, I am
2014 May 24
9
SELinux relabel API
[
I realized that we were discussing adding this feature, in various
private email, IRC, and this long bugzilla thread:
https://bugzilla.redhat.com/show_bug.cgi?id=1060423
That's not how we should do things. Let's discuss it on the
mailing list.
]
One thing that virt-customize/virt-sysprep/virt-builder have to do is
relabel SELinux guests.
What we do at the moment