similar to: DO NOT REPLY [Bug 6546] New: lremovexattr problems

Hi folks, normally I have not so much to do with SElinux but I expected to get in touch sooner or later :-) I migrated a backup-system from El5 to EL6 and the rsync backup process is complaining about selinux attr's now. client <-> server (fetches via rsync -aHAX) client# sestatus SELinux status: disabled server# sestatus SELinux status: enabled

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

Am 24.10.2016 um 23:44 schrieb Gordon Messmer <gordon.messmer at gmail.com>: > On 10/24/2016 09:53 AM, Leon Fauster wrote: >> Any suggestions to avoid the default labeling "unconfined_u:object_r:locale_t:s0"? > > > Not off the top of my head. I think you need to either a) not try to preserve the labels or b) run the backup as a user which can manage labels.

I've found a(nother) bug with the xattr code: kiwiw:~/x terpstra$ uname -a Darwin kiwiw.lan 8.10.0 Darwin Kernel Version 8.10.0: Wed May 23 16:50:59 PDT 2007; root:xnu-792.21.3~1/RELEASE_PPC Power Macintosh powerpc kiwiw:~/x terpstra$ echo test > bar kiwiw:~/x terpstra$ xattr --set broken demo bar kiwiw:~/x terpstra$ chmod 0444 bar kiwiw:~/x terpstra$ rsync-3.0 -aHAXSx bar

Working with rsync 3.0.2, it appears that rsync isn't unlocking files before setting the file attributes when those files already exist. This generates error messages on subsequent such as: rsync: rsync_xal_set: lsetxattr("locked_file","test_xattr") failed: Operation not permitted (1) rsync: rsync_xal_clear:

https://bugzilla.samba.org/show_bug.cgi?id=5565 Summary: xattrs not set on locked files that already exist on target Product: rsync Version: 3.0.3 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned@samba.org

If I run this command in order to backup /etc from remote server to local dir I get a lot of this message: [root at s-virt tmp]# rsync -a --delete --numeric-ids --relative --delete-excluded --compress --acls --xattrs rsync://server-dati/root/etc/ /tmp/test/ -v receiving incremental file list rsync: rsync_xal_set:

Installed Packages Name : postfix Arch : x86_64 Epoch : 2 Version : 2.6.6 Release : 6.el6_5 Size : 9.7 M Repo : installed >From repo : updates I am seeing several of these in our maillog file after a restart of the Postfix service: Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing /usr/libexec/postfix/smtp from 'read, write'

I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server. I downloaded and installed the latest RPMs: ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm ocfs2-tools-1.0.2-1.i386.rpm ocfs2console-1.0.2-1.i386.rpm I was able to start the console, but when I try to run cluster->configure_nodes, I get the following error message: Could not start cluster stack. This must be resolved before any

On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote: > https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html > > If disabling Selinux solves your problem, then your problem may be related > to Selinux. > If it does not change yout problem, you may want to look

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

Hello, can any tell me the correct selinux Settings for the Maildir Setting ? in the Moment I have this setting Jan 8 15:04:52 2017 from 192.168.100.100 [root at mx03 ~]# ls -Z /srv/vmail drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at drwx------. vmail vmail

Hello, I'm using HP homeserver where host system run CentOS 6.3 with KVM virtualization with SELinux enabled, guests too run the same OS (but without SELinux, but this does not matter). Host system installed on mirrors based on sda and sdb physical disks. sd{c..f} disks attached to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >

What are you using for the database - SQLite? I am using mysql (mariadb). I am not familiar with SQLlite. Can you access the database from the console - look up the list of tables - display the contents from a table? Anything to see if your SQLite is working and has asterisk data in it. From your Asterisk console, |CLI> core show help database| should give you a list of commands that you

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx

I've recently built a new mail server with centos6.5, and decided to bite the bullet and leave SELinux running. I've stumbled through making things work and am mostly there. I've got my own spam and ham corpus as mbox files in /home/user/Mail/learned. These files came from my backup of the centos 5 server this machine is replacing. The folder is owned by the user (the following is

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Hi, I tried to apply a security context on a directory with the following commands: [root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?" [root@ local]# restorecon -R netdot/ When I list the contexts, it is part of the list.... [root@ local]# semanage fcontext -l | grep netdot ./netdot(/.*)? all files