similar to: FYI: an selinux hack

I have installed OOo 2.3 on CentOS-5. Everything seems to work but I had to locate the item reproduced below. Since this is a vital modification I reproduce it here so that it gets a wider audience. FYI: OOo 2.3.0 and SELinux: "no suitable windowing system found, exiting." OpenOffice.org (OOo) 2.3.0 is incompatible with the SELinux technology activated by default in Fedora 7, Fedora

HI, Try disabling Don't Audit rules semodule -DB Then check /var/log/audit.log To re-enable semodule -B On Tue, Sep 5, 2017 at 5:07 AM, Gregory P. Ennis <PoMec at pomec.net> wrote: > Everyone, > > I am trying to use a cgi perl script for a CentOs 7 website that works > fine with selinux in permissive mode but fails with selinux in enforcing > mode. > >

Well, I was having a heck of a time with the rpm install in terms of customizing the install directory. So I thought the easy way out might be to go for a source install. Which I tried and this was the output from the install: [root at web1:/opt/AppDynamics/appdynamics-php-agent] #./install.sh appd.jokefire.com 443 beta.jokefire.com "Web Front End" web1.jokefire.com Install script for

Everyone, I am trying to use a cgi perl script for a CentOs 7 website that works fine with selinux in permissive mode but fails with selinux in enforcing mode. The problem I have is that I can not find where the selinux error message is being recorded. It does not appear to be in the /var/log/messages or /var/log/audit/audit.log. I do not get any /var/log/httpd/ssl_error_log entries. I do get

We're forced to use Siteminder, by CA, who have no clue what they're doing in *nix. No packages, tarballs... Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all their binaries, including .so's, are in there, duh... I'm trying to set the .so's to lib_t. semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so" gives me the

On Mon, May 11, 2015 9:47 am, Tim Dunphy wrote: >> >> That's a rather odd (personally, I think bad) place for a log (or >> even logfile lock) and I'm not at all surprised that selinux is >> keeping your application from writing there. I would check to see if >> there is a setup/configuration option for your application to put >> the log files and related

Exactly, SELinux is great. Its a good room to have when you can get it working and it's another good layer of protection. Its better to learn to use the tool then just turn it off. Not every label has a rw option but it never hurts to try. :-) On Jan 22, 2015 1:18 PM, "Tim Dunphy" <bluethundr at gmail.com> wrote: > > > > The easiest answer is to edit the Selinux

Thanks for your help. I did pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the

On 1/1/20 2:00 PM, Nicolas Kovacs wrote: > Hi, > > I'm currently fiddling with Nginx on CentOS 7. Eventually I want to > use it instead of Apache on some servers. > > Apache works more or less out of the box with SELinux. My websites are > all stored under /var/www, and ls -Z shows me that all files created > under /var/www are correctly labeled httpd_sys_content_t.

Hi, I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it instead of Apache on some servers. Apache works more or less out of the box with SELinux. My websites are all stored under /var/www, and ls -Z shows me that all files created under /var/www are correctly labeled httpd_sys_content_t. On my sandbox server I don't have Apache (httpd) installed, only Nginx

Johnny Hughes wrote: > On 09/20/2017 07:19 AM, hw wrote: >> hw wrote: >>> >>> Hi, >>> >>> how do I allow CGI programs to print (using 'lpr -P some-printer >>> some-file.pdf') when >>> lighttpd is being used for a web server? >>> >>> When selinux is permissive, the printer prints; when it?s enforcing,

Sorry ?There is avc error messages in dmesg ??? ??should be ?There is no avc error??? ???: Huang,Chaochang ????: 2013?4?25? 15:41 ???: 'libvir-list at redhat.com'; 'libvirt-users at redhat.com' ??: libvirt_lxc start problem when selinux enbale Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c

Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6? 1. When selinux is Permissive?lxc start is ok The result of ?Ps auxZ? is? system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name

Hey all, I'm having some trouble getting PHP5 w/ CentOS 5 to connect to a remote MySQL server using the standard mysql_connect() call. Yes, MySQL libraries are installed along with php-mysql... The only way I can get it to work is to run setenforce Permissive, otherwise the connection fails. The annoying thing is that nothing at all shows up in my /var/log/messages file describing why

On 09/22/2017 06:58 AM, hw wrote: > > PS: Now I found this: > > > type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : > proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp > type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 > syscall=setgroups success=no exit=EPERM(Operation not permitted) > a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300

Hello, I have deployed Bugzilla 3.6.2 on CentOS 5 (with rpmforge perl-* packages) and I have a problem with SELinux preventing mail being sent via sendmail. (see SELinux reports below, especially the second one) When SELinux is in permissive mode, mail sending from Bugzilla is working properly. Has anybody got recent Bugzilla to work with SELinux on CentOS? Thanks in advance! Mathieu

On 02/21/2017 11:52 AM, Robert Moskowitz wrote: > > > On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: >> On 2017-02-21 17:30, Robert Moskowitz wrote: >>> postfixadmin setup.php is claiming: >>> >>> *Error: Smarty template compile directory templates_c is not writable.* >>> *Please make it writable.* >>> *If you are using SELinux or AppArmor,

Hi Jeremy, An easy way to start troubleshooting these is to look at the audit logs and > see what SELInux is blocking. You have /McFrazier in the email.. if that's > off the root tree than unless you've set permissions to allow httpd to look > at tat folder, I bet that's one problem. > if you run ls -Z you can see the labels that are present on those folders, > that

On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: > On 2017-02-21 17:30, Robert Moskowitz wrote: >> postfixadmin setup.php is claiming: >> >> *Error: Smarty template compile directory templates_c is not writable.* >> *Please make it writable.* >> *If you are using SELinux or AppArmor, you might need to adjust their >> setup to allow write access.* >>

Hi list, I'm studying SELinux on my workstation and for this I've enforced. In a first time selinux was permissive and when switched to enforcing I had relabel some things. Due to my "nescience" about selinux and what I must configure, I'm waiting avc denied for specified services. Until today, I've configured successfully httpd, smbd. Today I've noticed that my