similar to: selinux context for mm-handler?

Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/ * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening

https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz https://dovecot.org/releases/2.3/dovecot-2.3.2.tar.gz.sig v2.3.2 is mainly a bugfix release. It contains all the changes in v2.2.36, as well as a bunch of other fixes (mainly for v2.3-only bugs). Binary packages are already in https://repo.dovecot.org/ * old-stats plugin: Don't temporarily enable PR_SET_DUMPABLE while opening

Warren Young wrote: > On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote: > >> semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so? > > [snip] > >> What am I doing wrong? >> <snip> > Also, I?m confused by the parens in your file path. Whether your shell > is or not is a different question. I'm following

Hi, I''m new to Puppet so may be going about this completely the wrong way, or perhaps it is an selinux problem rather than a Puppet problem. I have a problem copying a file and changing the seltype. I don''t think it is Nagios specific. Code is something like: file { ''/usr/sbin/nrpe'': source =>

Hi, folks, CentOS 7.1. Selinux policy, and targetted, updated two days ago. May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/bash.#012#012***** <...> May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash from execute access on the file /usr/bin/uname.#012#012***** <...> May 28 17:02:45

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

We're forced to use Siteminder, by CA, who have no clue what they're doing in *nix. No packages, tarballs... Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all their binaries, including .so's, are in there, duh... I'm trying to set the .so's to lib_t. semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so" gives me the

I've built a new mail system with Centos 6.5, and I'm running fetchmail - sendmail - procmail to maildir. I have all of this working at the moment.(I know, postfix was the default, but for lots of other reasons, I switched, and that isn't an issue, I don't think). I am using dovecot as an imap server. Procmail won't update indexes during email delivery, so I'm having some

after cleaning up a bunch or selinux alerts, I update and wham, clamav/clamd/clamav-db make me assert contexts again to /var/clamav like... chcon -t clamd_t clamav -R which temporarily solves the problem but it would be better if it were policy and not file contexts. So I search and see for some reason, /var/clamav is ignored... # grep clam /etc/selinux/targeted/contexts/files/file_contexts

Hello All, I set up ltsp regulary, on Centos6 machines. This morning I have a Selinux problem that usualy does not occur: after setting everything up, the thinclients boot, but nobody can login. It only works after the command : # echo 0 > /selinux/enforce I tried this semanage command: # semanage fcontext -a -t bin_t /usr/bin/xauth but it makes no difference. The message I'm now

What is your environment set up for? Is this just straight out of the box, or have you harden the systems any? -----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Earl A Ramirez Sent: Friday, May 29, 2015 10:53 AM To: CentOS mailing list Subject: Re: [CentOS] CentOS 7 selinux policy bug On 29 May 2015 at 16:27, <m.roth at

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

I am getting this error from the SELinux troubleshooter SELinux is preventing rsync (/usr/bin/rsync) "search" to bin (bin_t) I can fix this easily enough but I want to ask why is rsync searching /bin as a repository? Is this a bug in the program or is the default SELinux configuration wrong for rsync? Regards, -- *** E-Mail is NOT a SECURE channel *** James B.

Hi, I recently discovered setroubleshoot, a wonderful tool that helps diagnose and resolve selinux problems, even if you really do not understand selinux. I need to read up on selinux and get to where I understand it much better. I'm wondering if there is a text only version of setroubleshoot that runs on a minimal server configuration without X installed? -- Drew Einhorn --------------

On 29 May 2015 at 16:27, <m.roth at 5-cent.us> wrote: > Hi, folks, > > CentOS 7.1. Selinux policy, and targetted, updated two days ago. > > May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/bash.#012#012***** <...> > May 28 17:02:45 <servername> python: SELinux is preventing

On 05/29/2015 09:20 AM, m.roth at 5-cent.us wrote: > Hi, folks, > > CentOS 7.1. Selinux policy, and targetted, updated two days ago. > > May 28 17:02:41 <servername> python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/bash.#012#012***** <...> > May 28 17:02:45 <servername> python: SELinux is preventing /usr/bin/bash >