similar to: Baffled by selinux

Displaying 20 results from an estimated 400 matches similar to: "Baffled by selinux"

2009 Oct 04
2
deliver stopped working
Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2017 Sep 23
2
more selinux problems ...
Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2018 Sep 09
2
Type enforcement / mechanism not clear
Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file
2008 Oct 30
1
nfs mounted /home and selinux
I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache
2018 Sep 10
1
Type enforcement / mechanism not clear
Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce
2005 Apr 24
3
A 'simple' problem?
Here's one for you if you have the time: I very stupidly killed the wrong process on a server on a remote site on Friday and now I cannot ssh login to it! It's not a major problem as it's main functions are as a file and print sharer (samba) and to run postfix/mailscanner, and I can have someone on site reboot the server when they start work on Monday, but I was wondering whether I
2018 Sep 09
1
Type enforcement / mechanism not clear
On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for
2019 Jan 30
2
SELinux policy vs. static web content
Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering
2012 Jan 11
2
SELinux blocking cgi script from "writing to socket (httpd_t)"
Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were
2010 Oct 15
1
NFS4 + SELinux
All test machines are CentOS 5.5 (RHEL subscriptions purchased). We've had NFS3 storage working fine and decided to try NFS4. We can mount an NFS4 share on our KVM host, but the SELinux file context on the mountpoint directory is magically changed from virt_image_t to nfs_t. Restorecon refuses to change it back. Adding the mount option context=system_u:object_r:virt_image_t on either server
2019 Jul 19
2
SELinux settings for directory shared via NFS and samba?
Hi, what do I need to do to share the same directory with both NFS and samba? SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC I can't set both at the same time on a directory.
2011 Jun 02
2
How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled, and audit.log / audit2allow tell me I need to add the local policy: #============= httpd_t ============== allow httpd_t unconfined_t:shm { unix_read unix_write }; which I think will allow the httpd access to read and write from shared memory? Is that right? What are the risks involved in opening this? I notice it is
2018 Aug 21
5
selinux question
I have a web application which uses sudo to invoke python scripts as the user under which the application runs (NO root access).? Is there any reason why sudo would would require sys_ptrace access for this?? I only get this violation intermittenly, and not with every call to sudo.? Here's the violation: Summary: SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>
2008 Jul 24
1
selinux & httpd & portmap
Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode:
2019 Jan 18
1
SElinux AVC signull
Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing
2007 Dec 07
0
mounting nfs as httpd_sys_content_t under selinux
I have a NFS mount that I want apache to be able to serve files from. According to this doc: http://www.centos.org/docs/5/html/5.1/Deployment_Guide/rhlcommon-section-0097.html I should be able to mount it with a context that will allow apache to access it. But when I try the command they suggest: [root at vm-37:~] mount -t nfs -o \ context=system_u:object_r:httpd_sys_content_t \
2016 Dec 28
4
Help with httpd userdir recovery
On 12/28/2016 05:11 AM, Todor Petkov wrote: > On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> wrote: >> Which is why I wonder if there is some different config for the C7.3 version >> of apache. >> >> Or something with the C7-arm build... > Can you check for SELinux warnings/errors in /var/log/audit/audit.log? Good advice. As I