similar to: silencing Passenger "ps" SELinux errors

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

Hello list, I am using puppet 2.7.20 from rpmforge, with a build date of Wed 20 Mar 2013. EPEL has an even older version. Then I see this: http://puppetlabs.com/security/cve/cve-2013-3567 that was posted on the month of July 2013. Do I understand correctly, that my puppet-master is vulnerable to remote code execution by every node that has access to master's port tcp/8140? If so, then

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

CentOS-6.1 KVM guest on CentOS-6.1 host. I am seeing this SEAlert in the /var/log/audit/audit.log file a new guest immediately after startup. Can someone tell me what it means and what I should do about it? A Google search reveals a number of Fedora issues with similar errors dating back a few years; most of which seem to have something to do with package ownership. This guest starts without

Karsten M. Self wrote: > on Thu, Dec 15, 2005 at 01:38:29PM -0500, Steve Brueckner > (steve@atc-nycorp.com) wrote: >> I''m using Fedora Core 4. I need to create an ssh port forwarding >> tunnel to my xen0 domain when my xenU domain starts up, so I added >> this to the xenU''s /etc/rc.d/rc.local: >> >> ssh -v -f -L 5500:localhost:5501 xen0_ip

I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server. I downloaded and installed the latest RPMs: ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm ocfs2-tools-1.0.2-1.i386.rpm ocfs2console-1.0.2-1.i386.rpm I was able to start the console, but when I try to run cluster->configure_nodes, I get the following error message: Could not start cluster stack. This must be resolved before any

Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must

Hi all, Thanks for all your suggestions. Here's where I'm at with this. Can you give details about your puppetmasterd setup ? it seems that > you're using Foreman as puppet ENC. > Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using foreman, sorry I hadn't thought to mention it! > Foreman works fine with selinux enabled : that's what

Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0

I have no idea of the current dependency problem. I think your original problem was caused by mv'ing files from an nfs share to /etc which maintained the context. And SELinux prevented puppet from accessing nfs_t type. If you had just run restorecon on the object it would have set it back to the correct/default context. You might want to setup an alias mv "mv -Z" This changes

Centos 4.2 Dec 29 10:04:10 z9m9z dbus: Can't send to audit system: USER_AVC pid=1997 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=root:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Dec 29 10:04:45 z9m9z last message repeated 7 times Dec 29 10:05:50 z9m9z last message repeated 13 times Dec 29 10:06:55 z9m9z last message repeated 13 times Dec 29

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus-

Hello CentOS Docs People! I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines. My wiki username is WilliamFong.

CentOS 4 - updated to current, rebooted to new kernel and now I can't get mysqld to start... # service mysqld start Timeout error occurred trying to start MySQL Daemon #tail -n 4 /var/log/messages Nov 12 00:48:56 srv1 kernel: audit(1131781736.221:4): avc: denied { write } for pid=4874 comm="mysqld" name="tmp" dev=dm-0 ino=2894305 scontext=root:system_r:mysqld_t

Hi, I am not very experienced with SELinux and I have a problem which I can't track down. Any help would be really appreciated. I have an 'install everything' Centos 4.2 system which I am using as a workstation. Before anyone tells me off for installing everything, I have done this in order to get used to CentOS before using it on live servers. Anyway when I log into X (gnome, gdm)

Hey guys, Quick update. I grepped through the output of getsebool -a to see that related to puppet. And I found this setting: puppetagent_manage_all_files. So I tried running this command: setsebool -P puppetagent_manage_all_files 0 And did a restorecon on my modules directory: restorecon -R -v environments/production/moudles So there's good news and bad news to report! It seems that

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

hello, people! could you advice me some kind of computer audio recording programme to write music 'on-the-fly' from line-in sound card exit to ogg vorbis file directly. for example, there is an 'absolute mp3 recorder', but i would like to record audio in ogg vorbis. -- kind regards, maxim abalenkov http://maniac.times.lv copy writer mail to: vault13@inbox.lv

I have setup a Samba4 server and would like to report my experiences in the hope that it may be helpful to others. I basically followed the official Samba4 HowTo, which is very good. Based on what I have seen, this is the only document I would recommend people to follow. I will try not to repeat things that are covered in the HowTo, but rather focus on what I did differently or additionally,

Hello, I have a remote IBM x3550 M4 server that I try to remote control through IMM2. The problem: only the blinking cursor is visible in login console. It moves when I type. It moves to where "Login: _" should be if I press ctrl+c. I can login if I enter the correct login and password, but the shell that I get also shows only the blinking cursor and no text. I can issue commands.