Displaying 20 results from an estimated 7000 matches similar to: "attention: sudo update breaks nsswitch"
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Thanks, I managed to fix /var/lib/mysql
# ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql
To fix it, I tried:
semanage fcontext -d -e /var/lib/mysql
this command returned:
KeyError: /var/lib/mysql
I tried restorecon anyway:
restorecon -Rv /var/lib/mysql
But not better:
ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0
2012 Oct 24
1
[PATCH] NEW API: add a new api restorecon
Add a new api restorecon to restore file(s) default
SELinux security contexts.
Signed-off-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
---
daemon/selinux.c | 69 +
generator/actions.ml | 25 +
gobject/Makefile.inc | 6 +-
po/POTFILES | 2 +
src/MAX_PROC_NR | 2 +-
21 files changed, 13282 insertions(+), 28030 deletions(-)
diff --git
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2013 Dec 19
1
quota and selinux on centos 6.5
??? Hi,
I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here.
I have decided to mount /var/spool/cron on a separate partition? and apply quota for regular users. But quotacheck replyes with a "permission denied" .
quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied
2017 Jan 23
3
SELinux file permissions
Hi,
I'm trying to grant dovecot the ability to manage its socket within
the postfix spool directory.
I have added the below to file_contexts.local :
/var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0
However, running "restorecon -v
/var/spool/postfix/private/dovecot-auth" gives me the following error
:
restorecon:
2012 Apr 26
0
restorecon and sudo
Hello,
On CentOS-6.2, these two commands (on the same machine) give me
different results :
# restorecon -r /var/www/html/Centos/ # (as root)
$ sudo restorecon -r /var/www/html/Centos/ # (as an unprivileged user)
/var/www/html/Centos/ is a symlink to /mnt/packages/Centos/
In the first case, I get :
# ls -Z /var/www/html/Centos/
drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Interesting to see the Equivalence. As a first thing, I tried:
semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
then
restorecon -R /var/lib/mysql
# semanage fcontext -lC
SELinux fcontext type
Context
/home/users(/.*)? all files
system_u:object_r:user_home_dir_t:s0
/var/lib/mysql all
2010 Sep 19
3
Bug#597403: xen-utils-common: need to run restorecon in /etc/init.d/xend on SE Linux systems
Package: xen-utils-common
Version: 4.0.0-1
Severity: important
After running modules_setup you need to have the following line:
[ -x /sbin/restorecon ] && /sbin/restorecon -R /dev/xen
The reason is that the module load causes the kernel to create device nodes in
the devtmpfs. This bypasses the udev code for labelling the device node and
results in xenstored being unable to access
2018 Mar 04
3
sqlinux weirdness
Every now and then I get an alert like this one. I have no clue what this
"rear" subsystem is, or why madam would be trying to write to its log
file.
Can anyone enlighten me?
thanks in advance!
-------------------------
SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless.
***** Plugin restorecon (93.9 confidence) suggests
2015 Feb 10
1
SELinux context for ssh host keys?
> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
>
> On 02/09/2015 11:14 AM, James B. Byrne wrote:
>> So, I decided to run restorecon -v to
>>
...
>> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context
>> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0
>>
...
>> There is no
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2014 Dec 09
1
CentOS-6.6 - Selinux and Postfix-2.11.1
Applied policy update. Now I see these occasionally. But by the time I try and
see what the matter is the file is gone:
/var/log/maillog
. . .
Dec 9 15:12:08 inet08 postfix/smtp[3670]: fatal: shared lock
active/0A7EC60D8A: Resource temporarily unavailable
. . .
Dec 9 15:12:08 inet08 postfix/smtp[3758]: fatal: shared lock
active/8DD5060F81: Resource temporarily unavailable
. . .
Dec 9 15:12:09
2010 Mar 25
3
httpd stopped working under SELinux so I had to turn SELinux off. libxml2.so.2: failed to map segment from shared object: Permission denied
Hi.
CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly
httpd fails to start up, getting an error message like:
Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf:
Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2:
failed to map segment from shared object: Permission denied
I turned off SELinux and was able to start httpd.
But what went
2006 Aug 31
1
centos 4.4: up2date rpm post scriptlet fail ?
Hi,
I got this in yum update process :
/var/tmp/rpm-tmp.43939: line 12: restorecon: command not found
error: %post(up2date-4.4.69-25.centos4.5.i386) scriptlet failed, exit status 127
"restorecon" is from package "policycoreutils", this last one has never
been installed on my system ...
Any ideas ?
--
Martin
2005 Aug 31
1
SELinux
I'm probably dense - CentOS 4.1
# cat /etc/sysconfig/selinux
..snip...
SELINUXTYPE=targeted
# su - Alec
# tail -n 3 /var/log/messages
Aug 31 08:48:26 srv1 su(pam_unix)[31435]: session opened for user Alec
by root(uid=0)
Aug 31 08:48:26 srv1 su[31435]: Warning! Could not relabel /dev/pts/0
with user_u:object_r:devpts_t, not relabeling.Operation not permitted
Aug 31 08:48:27 srv1
2016 Oct 17
3
SELinux context not applied
Hi,
I tried to apply a security context on a directory with the following
commands:
[root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?"
[root@ local]# restorecon -R netdot/
When I list the contexts, it is part of the list....
[root@ local]# semanage fcontext -l | grep netdot
./netdot(/.*)? all files
2016 Dec 27
2
Help with httpd userdir recovery
On 12/27/2016 02:58 PM, Leonard den Ottolander wrote:
> Hello Robert,
>
> On Tue, 2016-12-27 at 12:43 -0500, Robert Moskowitz wrote:
>> My understanding (most likely flawed) is that Indexes are needed to see
>> the list of files in mydir,
> Correct.
>
>> and to be able to walk down to subdir.
> Incorrect. The index is a convenience. Without it directories with
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Hello,
A server was configured in /var/lib/myslq in the root fs. I added a LV
specifically for mysql. I stopped myql and renamed /var/lib/mysql to
/var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV
on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in
/var/lib/mysql.old to /var/lib/mysql.
But then I got a selinux problem:
# ls -ldZ mysql.old/
2007 Apr 26
2
Update Centos-4.4 to centos-5 spents a lot of time in "restorecon"
Hi,
having running centOS-4.4 on a really fast machine (16 GB memory, 8 Opteron CPU's, SATA drives).
Then making an update by using the Centos-5 CD's. The start was fast, but during update,
the installer spents a very, very long wallclock time during selinx updating: for about 1/2 hour
the updater runs in a restorecon/find sequence.
And at the end, before the MBR is written, it spents
2013 Jun 03
3
puppet master fails to set selinux context on /etc/puppet/auth.conf
I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I
keep getting these messages in the log: (every 30 minutes)
Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context
system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf
Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context
system_u:object_r:puppet_etc_t:s0 on