Displaying 20 results from an estimated 10000 matches similar to: ""
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Thanks, I managed to fix /var/lib/mysql
# ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql
To fix it, I tried:
semanage fcontext -d -e /var/lib/mysql
this command returned:
KeyError: /var/lib/mysql
I tried restorecon anyway:
restorecon -Rv /var/lib/mysql
But not better:
ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2017 Dec 12
4
Spamassassin vs. SELinux trouble
Hi,
Spamassassin has been working nicely on my main server running CentOS 7
and Postfix. SELinux is activated (Enforcing).
Since the most recent update (don't know if it's related to it though)
I'm getting the following SELinux error.
--8<-----------------------------------------------------------------
SELinux is preventing /usr/bin/perl from 'read, write' accesses on
2020 Apr 03
2
Samba 4.12 SELinux context /var/run
Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct
anymore:
```
root at files:~ # ls -la -Z /var/run/samba/
total 12
drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3
20:42 .
drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3
18:39 ..
drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3
18:39 ncalrpc
drwxr-xr-x. 2 root
2017 Feb 10
2
chcon failed to change context Permission denied
Hi,
I'm confused, why can root not change context of a directory ?
I've moved a mysql dir from /var/lib to another drive.
But running sudo chcon -R -t mysqld_t ./mysql
Yields a screen full of messages such as
chcon: failed to change context of ?schema_table_lock_waits.frm? to
?system_u:object_r:mysqld_t:s0?: Permission denied
(and yes, mysql was shut down before the move and is till
2020 Apr 04
1
Samba 4.12 SELinux context /var/run
On 3 Apr 2020, at 21:53, Rowland penny via samba wrote:
> On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote:
>> Hi, since 4.12 Samba SELinux context for /var/run/samba is not
>> correct anymore:
>>
>> ```
>> root at files:~ # ls -la -Z /var/run/samba/
>> total 12
>> drwxr-xr-x.? 5 root root system_u:object_r:var_run_t:s0? 160 Apr 3
>>
2007 Jun 12
1
Selinux custom policy issue - Centos 5
Hi,
I've got a Centos 5 box (recently replaced a Centos4 box of the
same function). The means of applying custom SELinux policy has changed
somewhat from 4->5. I've got it mostly figured out; I have a local.te
file with my custom policy and also which defines a few new file types,
and a local.fc with appropriate defintions of file contexts. When I
run:
# checkmodule -M -m -o
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Interesting to see the Equivalence. As a first thing, I tried:
semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
then
restorecon -R /var/lib/mysql
# semanage fcontext -lC
SELinux fcontext type
Context
/home/users(/.*)? all files
system_u:object_r:user_home_dir_t:s0
/var/lib/mysql all
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite?
I am using mysql (mariadb).
I am not familiar with SQLlite. Can you access the database from the
console - look up the list of tables - display the contents from a
table? Anything to see if your SQLite is working and has asterisk data
in it.
From your Asterisk console,
|CLI> core show help database|
should give you a list of commands that you
2012 Jun 08
1
guestmount -i and xattrs
I tried to run chcon to set SELinux labels on a guestmounted dir and got:
chcon: failed to change context of `authorized_keys' to
`system_u:object_r:ssh_home_t:s0': Operation not supported
I'm guessing that you need to pass 'seclabel' or 'user_xattr'
or some such mount option to guestmount to support this.
I notice you can pass such options through the -m option
to
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Hello,
A server was configured in /var/lib/myslq in the root fs. I added a LV
specifically for mysql. I stopped myql and renamed /var/lib/mysql to
/var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV
on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in
/var/lib/mysql.old to /var/lib/mysql.
But then I got a selinux problem:
# ls -ldZ mysql.old/
2011 Jan 31
1
Squid and SELinux
Hi.
I'm trying to setup squid with SELinux, the problem i encounter is taht
i want to add another directory for cache, in this system we have a home
partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid
2017 Feb 21
2
SELInux conflict with Postfixadmin
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
> On 2017-02-21 17:30, Robert Moskowitz wrote:
>> postfixadmin setup.php is claiming:
>>
>> *Error: Smarty template compile directory templates_c is not writable.*
>> *Please make it writable.*
>> *If you are using SELinux or AppArmor, you might need to adjust their
>> setup to allow write access.*
>>
2015 Mar 05
1
SELinux kills Cassandra based website
Hi Jeremy,
An easy way to start troubleshooting these is to look at the audit logs and
> see what SELInux is blocking. You have /McFrazier in the email.. if that's
> off the root tree than unless you've set permissions to allow httpd to look
> at tat folder, I bet that's one problem.
> if you run ls -Z you can see the labels that are present on those folders,
> that
2010 May 31
1
ARGH... once again samba causes "permission" errors. SOLVED
Ok, I was able to fix both of my problems and they are both related
to SELinux problems
First: I am assuming that you are like me and that you have an excellent
background in systems administration (I teach it at a university for a
living.) So you've configured chmod permissions and chown user and
group ownerships on directories and files to correctly allow the desired
access. You have
2015 Jan 22
2
SELinux permissions for apache
Hey all,
I have a simple php app working that writes some info to a text file. The
app will only work correctly if SELinux is disabled. If it's enabled and
try to use the app, it fails. It seems that SELinux is denying the app
ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the
2017 Nov 10
2
Sieve global path?
On Thu, 9 Nov 2017 21:02:44 -0500
Bill Shirley <bill at KnoxvilleChristian.org> wrote:
> Set the sieve_global_dir like this.
> /etc/dovecot/conf.d/99-mystuff.conf:
> .
> .
> plugin {
> ? sieve???????????????? = ~/Maildir/dovecot.sieve
> ? sieve_dir???????????? = ~/Maildir/sieve
> ? sieve_global_dir????? = /etc/dovecot/sieve/global/
> ? sieve_before????????? =
2007 Dec 17
2
Digest Subcriber needs help with SELinux file context setting
CentOS-5.1
I need some help with setting up the SELinux context for a custom httpd
directory so that I can write log files into it. This is what I have:
In my virtual host config file:
RewriteEngine on
RewriteLog /etc/httpd/virtual.d/trac-rewrite.log
# RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging
RewriteLogLevel 0
If /etc/httpd/virtual.d/trac-rewrite.log does
2017 Nov 10
2
Sieve global path?
On Fri, 10 Nov 2017 03:41:20 -0500
Bill Shirley <bill at KnoxvilleChristian.org> wrote:
> No it isn't shown as a folder.? All folder directories here begin with a dot.
> i.e.? .INBOX? .Trash? .Drafts
>
> Bill
No, they don't. me thought that, too. But using the rainloop webmail interface
on top of such a config showed the sieve folder in the overview. Sometimes you
can
2013 Oct 31
2
libvirt_lxc: SELinux MCS
Hello list,
my name is Matteo, i'm new on that list.
I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4.
Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I try to configure SELinux using svirt and MCS.
I try the secmodel type dynamic and static in