Displaying 20 results from an estimated 1000 matches similar to: "DO NOT REPLY [Bug 6546] New: lremovexattr problems"
2016 Oct 24
2
SElinux suggestions needed: migrating backup service
Hi folks,
normally I have not so much to do with SElinux but I expected to get in touch sooner or later :-)
I migrated a backup-system from El5 to EL6 and the rsync backup process is complaining about selinux attr's now.
client <-> server (fetches via rsync -aHAX)
client# sestatus
SELinux status: disabled
server# sestatus
SELinux status: enabled
2020 Feb 04
5
Relabel /usr directory
Hi,
I've done the following:
- Copy usr content with rsync to another partition:
rsync -av --partial --progress /usr/ /mnt
Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
the directory itself). But I've found that is bad labeled:
ls -Z /usr
unconfined_u:object_r:unlabeled_t:s0 bin
unconfined_u:object_r:unlabeled_t:s0 local
unconfined_u:object_r:unlabeled_t:s0
2016 Oct 24
1
SElinux suggestions needed: migrating backup service
Am 24.10.2016 um 23:44 schrieb Gordon Messmer <gordon.messmer at gmail.com>:
> On 10/24/2016 09:53 AM, Leon Fauster wrote:
>> Any suggestions to avoid the default labeling "unconfined_u:object_r:locale_t:s0"?
>
>
> Not off the top of my head. I think you need to either a) not try to preserve the labels or b) run the backup as a user which can manage labels.
2007 Oct 21
2
xattrs: Permission denied?
I've found a(nother) bug with the xattr code:
kiwiw:~/x terpstra$ uname -a
Darwin kiwiw.lan 8.10.0 Darwin Kernel Version 8.10.0: Wed May 23
16:50:59 PDT 2007; root:xnu-792.21.3~1/RELEASE_PPC Power Macintosh
powerpc
kiwiw:~/x terpstra$ echo test > bar
kiwiw:~/x terpstra$ xattr --set broken demo bar
kiwiw:~/x terpstra$ chmod 0444 bar
kiwiw:~/x terpstra$ rsync-3.0 -aHAXSx bar
2008 Apr 14
0
[PATCH] xattrs not set on locked files that already exist on target
Working with rsync 3.0.2, it appears that rsync isn't unlocking files
before setting the file attributes when those files already exist.
This generates error messages on subsequent such as:
rsync: rsync_xal_set: lsetxattr("locked_file","test_xattr") failed:
Operation not permitted (1)
rsync: rsync_xal_clear:
2008 Jun 25
2
DO NOT REPLY [Bug 5565] New: xattrs not set on locked files that already exist on target
https://bugzilla.samba.org/show_bug.cgi?id=5565
Summary: xattrs not set on locked files that already exist on
target
Product: rsync
Version: 3.0.3
Platform: Other
OS/Version: Mac OS X
Status: NEW
Severity: normal
Priority: P3
Component: core
AssignedTo: wayned@samba.org
2017 Dec 18
0
Centos7: backup with rsync problem: "rsync: rsync_xal_set: lremovexattr(""/tmp/test/etc/fstab"", "security.selinux") failed: Permission denied (13)"
If I run this command in order to backup /etc from remote server to
local dir I get a lot of this message:
[root at s-virt tmp]# rsync -a --delete --numeric-ids --relative --delete-excluded --compress --acls --xattrs rsync://server-dati/root/etc/ /tmp/test/ -v
receiving incremental file list
rsync: rsync_xal_set:
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2005 Oct 13
1
OCFS2 Installation woes
I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server.
I downloaded and installed the latest RPMs:
ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm
ocfs2-tools-1.0.2-1.i386.rpm
ocfs2console-1.0.2-1.i386.rpm
I was able to start the console, but when I try to run
cluster->configure_nodes, I get the following error message:
Could not start cluster stack. This must be resolved before any
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 02:46:19PM -0400, Ron Wheeler wrote:
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-Enabling_and_Disabling_SELinux.html
>
> If disabling Selinux solves your problem, then your problem may be related
> to Selinux.
> If it does not change yout problem, you may want to look
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2017 Jan 08
1
Dovecot Selinux Setting
Hello,
can any tell me the correct selinux Settings for the Maildir Setting ?
in the Moment I have this setting
Jan 8 15:04:52 2017 from 192.168.100.100
[root at mx03 ~]# ls -Z /srv/vmail
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at
drwx------. vmail vmail
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system installed on mirrors based on sda and sdb physical disks.
sd{c..f} disks attached to KVM guest (whole disks, not partitions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2020 Sep 24
3
Re: [common PATCH 3/3] mlcustomize: do not relabel if not enforcing (RHBZ#1828952)
On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote:
> Do not attempt to relabel a guest in case its SELinux enforcing mode is
> not "enforcing", as it is either pointless, or it may fail because of an
> invalid policy configured.
> ---
> mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++-
> 1 file changed, 25 insertions(+), 1 deletion(-)
>
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite?
I am using mysql (mariadb).
I am not familiar with SQLlite. Can you access the database from the
console - look up the list of tables - display the contents from a
table? Anything to see if your SQLite is working and has asterisk data
in it.
From your Asterisk console,
|CLI> core show help database|
should give you a list of commands that you
2020 Jan 01
2
Nginx and SELinux on CentOS 7
Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it
instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all
stored under /var/www, and ls -Z shows me that all files created under /var/www
are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx
2014 Jun 16
1
SELinux issue?
I've recently built a new mail server with centos6.5, and decided to bite the
bullet and leave SELinux running. I've stumbled through making things work and
am mostly there.
I've got my own spam and ham corpus as mbox files in /home/user/Mail/learned.
These files came from my backup of the centos 5 server this machine is replacing.
The folder is owned by the user (the following is
2017 Sep 23
2
more selinux problems ...
Hi,
how do I allow lighttpd access to a directory like this:
dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles
I tried to create and install a selinux module, and it didn?t work.
The non-working module can not be removed, either:
semodule -r lighttpd-files_articles.pp
libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2016 Oct 17
3
SELinux context not applied
Hi,
I tried to apply a security context on a directory with the following
commands:
[root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?"
[root@ local]# restorecon -R netdot/
When I list the contexts, it is part of the list....
[root@ local]# semanage fcontext -l | grep netdot
./netdot(/.*)? all files