Displaying 20 results from an estimated 200 matches similar to: "semodule - global requirements not met"
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
Hello,
I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.
I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf
I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.
Any help, please?
# setenforce Permissive
# service nagios start
#
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2006 Jun 07
1
Apache php and exim
Hello,
I'm using the targeted policy.
PHP's mail() function fails because of selinux.
audit(1149662369.454:2): avc: denied { setgid } for pid=18085
comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
When i turn to permisive mode:
audit(1149668677.105:12): avc: denied { setuid } for pid=29159
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign
(unsuccessfully) the context of a well-known port.
To the best of my ability to recall none of the packages mentioned
below are even installed on the host in question. Why are these
dependices preventing me from removing a disused SELinux policy.
I have done exactly that, reassign port contexts, in the past without
encountering
2008 Aug 26
3
Amavisd Howto
Hello CentOS Docs People!
I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines.
My wiki username is WilliamFong.
2014 Dec 05
2
Postfix avc (SELinux)
On 12/04/2014 03:22 PM, James B. Byrne wrote:
> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>> Re: SELinux. Do I just build a local policy or is there some boolean setting
>> needed to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc
2014 Dec 04
0
Postfix avc (SELinux)
On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>
> Re: SELinux. Do I just build a local policy or is there some boolean setting
> needed to handle this? I could not find one if there is but. . .
>
Anyone see any problem with generating a custom policy consisting of the
following?
grep avc /var/log/audit/audit.log | audit2allow
#============= amavis_t ==============
allow
2014 Dec 05
0
Postfix avc (SELinux)
On Fri, December 5, 2014 04:53, Daniel J Walsh wrote:
>
> On 12/04/2014 03:22 PM, James B. Byrne wrote:
>> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>>> Re: SELinux. Do I just build a local policy or is there some boolean
>>> setting
>>> needed to handle this? I could not find one if there is but. . .
>>>
>> Anyone see any problem
2014 Dec 12
0
More avc's wrt to email
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
Is there something going on in selinuxland with respect to clamav, amavisd-new
and postfix? Since the most recent update of clamav I seem to be detecting
more avc's. It may be that it is because I am looking for them more
frequently but it seems to me that
2011 Oct 15
2
SELinux triggered during Libvirt snapshots
I recently began getting periodic emails from SEalert that SELinux is
preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store
all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount point, and
every file and folder under /vmstore currently has the correct context that
was set by doing the following:
semanage fcontext -a -t
2014 Dec 11
0
CentOS-6 Another email related AVC
CentOS-6.6
Postfix-2.11.1 (local)
ClamAV-0.98.5 (epel)
Amavisd-new-2.9.1 (epel)
opendkim-2.9.0 (centos)
pypolicyd-spf-1.3.1 (epel)
/var/log/maillog
Dec 11 16:52:09 inet18 setroubleshoot: SELinux is preventing /usr/bin/perl
from read access on the file online. For complete SELinux messages. run
sealert -l 62006e35-dcc8-4a4f-8e10-9f34757f3a4a
Dec 11 16:52:10 inet18 setroubleshoot: SELinux is
2015 Jun 17
2
selinux allow apache log access
>
> Try something like:
> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
> semodule -i zabbix.pp
Thanks for your response! However this is what happens when I try to
install the module:
[root at monitor2:~] #semodule -i zabbix.pp
libsepol.print_missing_requirements: zabbix's global requirements were not
met: type/attribute zabbix_t (No such file or directory).
2015 Oct 27
0
CentOS-6.6 SELinux questions
we have remote server running as a guest instance on a kvm host. This
server acts as a public MX service for our domains along with
providing a backup for our Mailman mailing lists. It also has a slave
named service.
while tracking down a separate problem I discovered these avc
anomalies and ran audit2allow to see what was required to eliminate
them. All the software is either from CentOS or
2012 Jan 04
1
selinux context for mm-handler?
I've got a Mailman installation running on CentOS 4 that I'd like to
migrate to a CentOS 6 box.
My big obstacle at present is getting Mailman's mm-handler Perl
script to run as a Sendmail local mailer with SELinux enabled.
I've tried changing mm-handler's selinux context type a few times, but
nothing has resulted in success:
context result
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2015 Jun 20
2
puppet files denied by SELinux
Hey folks,
Ok so I'm having another issue with SELinux. However I think I'm pretty
close to a solution and just need a nudge in the right directtion.
I wrote a puppet module that gets systems into bacula backups. Part of the
formula is to distribute key/cert pairs with permissions that allow bacula
to read them so that bacula can talk to the host over TLS. It's pretty
slick, I must
2015 Jun 17
0
selinux allow apache log access
On 17/06/15 15:27, Tim Dunphy wrote:
>> Try something like:
>> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
>> semodule -i zabbix.pp
>
>
> Thanks for your response! However this is what happens when I try to
> install the module:
>
> [root at monitor2:~] #semodule -i zabbix.pp
> libsepol.print_missing_requirements: zabbix's global
2015 Jun 16
2
selinux allow apache log access
Hey guys,.
I have a centos 7 machine I'm using as a zabbix server. And I noticed that
apache won't start, with this complaint in the error log:
(13)Permission denied: AH00091: httpd: could not open error log file
/var/log/zabbix_error_log.
AH00015: Unable to open logs
I tried having a look at audit2allow and this is the response I get back:
[root at monitor2:/etc/httpd] #grep http
2015 Jun 17
2
selinux allow apache log access
>
> That's because there's already a zabbix module loaded (the message isn't
> very informative!). I forgot that the received wisdom is to insert "my" in
> front of ones own modules i.e.:
> grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix
> semodule -i myzabbix.pp
Hmm no luck there either:
[root at monitor2:~] #semodule -i myzabbix.pp
2015 Apr 02
0
SEmodule dependency hell.
File a bug!!!
On 2 April 2015 at 16:20, James B. Byrne <byrnejb at harte-lyne.ca> wrote:
>
> On Wed, April 1, 2015 16:09, Andrew Holway wrote:
> > I used the command: semanage port -m -t http_port_t -p tcp 8000
> > to relabel a port. perhaps you could try:
> > "semanage port -m -t unconfined_t -p tcp 8000"
> > Failing that; would it work to run your