similar to: Unable open raw socket in CentOS 5 - SE Linux and kernel capability interaction?

The raw socket option in the kernel only allows privileged processes to open them. Selinux controls which privileged processes have the right to. To allow an unprivileged process to access a raw socket you will need to write a proxy daemon that runs privileged and is allowed in selinux to create a raw socket. This daemon can then provide a unix socket to unprivileged processes whose access can

Hi gents, I seem to have a small issue with fping and Observium(a monitoring solution). The particular VPS I'm using does have SELinux enabled and it seems to be causing issues when the httpd process is attempting to use Fping? Here is what I know so far : Output from "audit2why -a" : --------------- type=AVC msg=audit(1414265994.125:6744): avc: denied { create } for

We're forced to use Siteminder, by CA, who have no clue what they're doing in *nix. No packages, tarballs... Anyway, I'm trying clean up some stuff, and in /*/smwa/webagent/bin (all their binaries, including .so's, are in there, duh... I'm trying to set the .so's to lib_t. semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so" gives me the

Warren Young wrote: > On May 8, 2019, at 9:31 AM, mark <m.roth at 5-cent.us> wrote: > >> semanage -fcontext -a -t lib_t "/<elided>/smwa/webagent/bin(/.*).so? > > [snip] > >> What am I doing wrong? >> <snip> > Also, I?m confused by the parens in your file path. Whether your shell > is or not is a different question. I'm following

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. You can use

On Mon, January 19, 2015 11:50, James B. Byrne wrote: > I am seeing these in the log of one of our off-site NX hosts running > CentOS-6.6. > > type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for > pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 > tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket > Was caused by:

Hi. CentOS 5.4 64-bit with SELinux, happily running for over a year, suddenly httpd fails to start up, getting an error message like: Starting httpd: Syntax error on line X of /etc/httpd/conf.d/php.conf: Cannot load /etc/httpd/modules/libphp5.so into server: libxml2.so.2: failed to map segment from shared object: Permission denied I turned off SELinux and was able to start httpd. But what went

https://bugzilla.samba.org/show_bug.cgi?id=8201 Summary: rsync 3.0.8 destroys SELinux security context of symbolic links Product: rsync Version: 3.0.8 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P5 Component: core AssignedTo: wayned at samba.org

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

Warren Young wrote: > On May 8, 2019, at 11:04 AM, mark <m.roth at 5-cent.us> wrote: > >> >> semanage fcontext -m -t lib_t "/path/smwa/webagent/bin/*.so? > > Glob expansion doesn?t happen in double quotes. Not in Bash, anyway. Huh? I thought it didn't occur in single quotes, but did occur in quotes. Odd, I'm seeing it doesn't, at least in a basic

On Thu, 21 Apr 2016 08:23:32 +0000 Martyn Plummer <plummerm at iarc.fr> wrote: > From: Martyn Plummer <plummerm at iarc.fr> > To: "cireyapmin at gmail.com" <cireyapmin at gmail.com>, > "r-sig-fedora at r-project.org" <r-sig-fedora at r-project.org> Subject: > Re: [R-sig-Fedora] Cannot Run On The Command Line Date: Thu, 21 Apr > 2016

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

On Wed, 20 Apr 2016 20:50:57 +0000 "Ellen K" <keyes at pushyes.xyz> wrote: > From: "Ellen K" <keyes at pushyes.xyz> > To: cireyapmin at gmail.com > Subject: RE: [R-sig-Fedora] Cannot Run On The Command Line > Date: Wed, 20 Apr 2016 20:50:57 +0000 > X-Mailer: iPad Mail (12H143) > > Hi virgo, > > Thank you for your interest in the

On 3/22/23 12:42, Daniel P. Berrang? wrote: > On Wed, Mar 22, 2023 at 12:13:49PM +0100, Laszlo Ersek wrote: >> On 3/22/23 11:42, Laszlo Ersek wrote: >> >>> Now the "podman build -f ci/containers/alpine-edge.Dockerfile -t >>> libnbd-alpine-edge" command is failing with a different error message -- >>> the download completes, but the internal

I'm probably dense - CentOS 4.1 # cat /etc/sysconfig/selinux ..snip... SELINUXTYPE=targeted # su - Alec # tail -n 3 /var/log/messages Aug 31 08:48:26 srv1 su(pam_unix)[31435]: session opened for user Alec by root(uid=0) Aug 31 08:48:26 srv1 su[31435]: Warning! Could not relabel /dev/pts/0 with user_u:object_r:devpts_t, not relabeling.Operation not permitted Aug 31 08:48:27 srv1

With rsync-3.0.7-3.fc14.x86_64, rsync -aX /lib/ /lib2 produced links with SELinux context, system_u:object_r:lib_t:s0 with rsync-3.0.8-1.fc14.x86_64, unconfined_u:object_r:lib_t:s0 Is this by design, or a regression? --Fred -------------- next part -------------- An HTML attachment was scrubbed... URL:

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

sieveshell cannot connect as any user Mar 14 23:53:45 srv1 saslauthd[22038]: do_auth : auth failure: [user=root] [service=sieve] [realm=] [mech=shadow] [reason=Unknown] Mar 14 23:53:45 srv1 sieve[22047]: Password verification failed Mar 14 23:53:45 srv1 perl: No worthy mechs found Mar 15 00:01:54 srv1 saslauthd[22164]: do_auth : auth failure: [user=root] [service=sieve] [realm=]

Received this SELinux warning: Summary: SELinux is preventing ld-linux.so.2 from loading /usr/lib/libGL.so.1.2.#prelink#.4GxqM1 which requires text relocation. Detailed Description: The ld-linux.so.2 application attempted to load /usr/lib/libGL.so.1.2.#prelink#.4GxqM1 which requires text relocation. This is a potential security problem. Most libraries do not need this permission. Libraries are

we have remote server running as a guest instance on a kvm host. This server acts as a public MX service for our domains along with providing a backup for our Mailman mailing lists. It also has a slave named service. while tracking down a separate problem I discovered these avc anomalies and ran audit2allow to see what was required to eliminate them. All the software is either from CentOS or