similar to: ltsp & Selinux

Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server

Hello, This is somehow off-topic, since the problem appears on a modified CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and I'm not able to understand them. From audit2why : type=AVC msg=audit(1343724164.898:298772): avc: denied { mac_admin } for pid=12399 comm="restore" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

On 07/22/2013 11:12 AM, Daniel P. Berrange wrote: > On Mon, Jul 22, 2013 at 11:08:07AM -0400, Matt Hicks wrote: >> Warning - I'm fairly new to libvirt, lxc and systemd so there is a >> good chance I'm doing something terribly wrong here. However, >> instead of continuing to struggle, I figured I would mail the list >> for some advice. What I'm trying to

Hello everyone, I have a question about logging. I need to find out whether it is possible to see user id/session id inside logs or somewhere else. It is not passed in structured across the network, so where should I look to find out, which user (which session) is currently performing the actions?

Hi! I am trying libvirt on POWERPC64 with the default settings such as selinux enabled. It is all good till I move images out of /var/lib/libvirt/images/. http://libvirt.org/drvqemu.html#securityselinux is saying that "If attempting to use disk images in another location, the user/administrator must ensure the directory has be given this requisite label. Likewise physical block devices

Warning - I'm fairly new to libvirt, lxc and systemd so there is a good chance I'm doing something terribly wrong here. However, instead of continuing to struggle, I figured I would mail the list for some advice. What I'm trying to accomplish is a libvirt-lxc, systemd-based container running on my system (Fedora 19). I've read that sharing the underlying OS filesystem with

Hi, I wanted just to ask an additional question to that: how then here in the polkit documentation you distinguish users?: Consider a local user berrange who has been granted permission to connect > to libvirt in full read-write mode. > 2018-04-12 11:01 GMT+03:00 Erik Skultety <eskultet@redhat.com>: > On Thu, Mar 22, 2018 at 08:17:15PM +0300, Anastasiya Ruzhanskaya wrote: >

Hey CentOS folks! I have an interesting issue with starting a server on a CentOS 6 KVM guest. The server (service) in particular is gotour, which is a web application created by Google and their Golang developers, intended to teach users the basics of using the Go programming langauge. When starting gotour, the program claims to be binding to port 12049, but the VM doesn't seem to be serving

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the

Hi, I have encountered problem running virsh as non-root user. I am using eucalyptus software on top of KVM, eucalyptus requires to run virsh as non-root user. I've found that people had similiar issue posted in the list, but I didn't find the solution. I've tried few things. 1) put user eucalyptus in the libvirt group. 2) even changed owner /var/run/libvirt/libvirt-sock to

Hey folks, I have a problem with the definition of a variable of type slist in CFEngine on # uname -a ; cat /etc/redhat-release Linux policyhub.example.com 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux CentOS Linux release 7.4.1708 (Core) I'm not sure if its valid to ask CFEngine questions on this mailing list, but as far as I'm running on

-rw-r--r--. root root unconfined_u:object_r:home_root_t:s0 /etc/pki/dovecot/private/mailserver.crt > On Oct 8, 2017, at 12:03 AM, Bill Shirley <bill at KnoxvilleChristian.org> wrote: > > What does ls -lZ /etc/pki/dovecot/private/mailserver.crt say? > > Bill > > On 10/7/2017 7:30 PM, SH Development wrote: >> I have a working dovecot/postfix/mysql server running

Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps

> > You may also need to restart sssd or nslcd, depending upon which one is > running the backed ldap connection service on the clients. Hmm.. I got a different result after restarting nclcd. Instead of logging me in and just complaining that it couldn't create the home directory, it still complains about not creating the home directory, but now it doesn't let me in: #ssh

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

?Hi, ?I've installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error saying "error :

Dear All, we have some Nubuilder databases on a Centos6.3 server: [root at caw-server2 db]# ls /var/www/html/nubuilder/db reg_begeleidingsteam reg_jww_archief reg_personeel reg_straathoekwerk reg_bib reg_jww_dossiers reg_resident reg_vrijwilligers reg_drughulp reg_jww_dvd reg_signaleren reg_jac_activiteit reg_onthaal reg_sollicitatie in each

I have a simple script that sends one file to two locations on the same destination server. Here's the code: DEST="remotehost" SRC="/home/boss/application.conf" DST1="/home/user1/application.conf" DST2="/home/user2/application.conf" RSYNC1=`rsync -caW -e ssh $SRC $DEST:$DST1` RSYNC2=`rsync -caW -e ssh $SRC $DEST:$DST2` This runs every 5 minutes. What