similar to: selinux-policy update resets /etc/selinux/targeted/contexts/files/file_contexts?

Hi, On an internal webserver (latest C6) I want smb-access to /var/www/html/ In april I did chcon -R -t public_content_rw_t /var/www/html/ setsebool -P allow_smbd_anon_write 1 setsebool -P allow_httpd_anon_write 1 echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts After the latest round

On 12/17/2014 05:07 AM, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- >

On Wed, Dec 17, 2014 at 11:07:06AM +0100, Patrick Bervoets wrote: > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts Next time try putting the local policy into: /etc/selinux/targeted/contexts/files/file_contexts.local ... which isn't overwritten by package updates. This is what would have

> type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0 I ran into the same problem, I think. I ran "audit2why" and passed in the AVC. It suggested a pair of booleans

It says what it is my original post; that?s the output from audit2allow ?w (which is audit2why): Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow access by executing: # setsebool -P allow_ypbind 1 --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ

for more information : https://www.mankier.com/8/haproxy_selinux On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > >> Hi all, >> >> I'm load balancing 4 mysql databases using HAProxy. The setup seems to be >> working pretty well. Except I keep seeing these messages turning up in

On 06/06/2017 09:41 AM, Vanhorn, Mike wrote: > It says what it is my original post; that?s the output from audit2allow ?w (which is audit2why): > > Was caused by: > The boolean allow_ypbind was set incorrectly. > Description: > Allow system to run with NIS > > Allow access by executing: > # setsebool -P allow_ypbind 1 > > --- > Mike VanHorn > Senior

CentOS Errata and Bugfix Advisory 2014:1964 Upstream details at : https://rhn.redhat.com/errata/RHBA-2014-1964.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: fa1560968aea639772d5960a2796d7022e3d1c58a09bebffd2824249aea26b96 selinux-policy-3.7.19-260.el6_6.1.noarch.rpm

Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > Hi all, > > I'm load balancing 4 mysql databases using HAProxy. The setup seems to be > working pretty well. Except I keep seeing these messages turning up in > syslog: > > > Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 > audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 >

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

Send CentOS-announce mailing list submissions to centos-announce at centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request at centos.org You can reach the person managing the list at centos-announce-owner at centos.org When

Hi all, I'm load balancing 4 mysql databases using HAProxy. The setup seems to be working pretty well. Except I keep seeing these messages turning up in syslog: Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0

On 06/06/2017 09:17 AM, Vanhorn, Mike wrote: > I keep seeing this in my audit.logs: > > type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket > > Was caused by: > The boolean allow_ypbind was

Update me Richie, Meanwhile, I've booted the server in latest kernel, Its still not working for me. 2015-03-17 0:54 GMT+05:30 Thirumalai Nambi <thirumalai.sandy@gmail.com>: > > libtool-2.2.6-15.5.el6.x86_64 > upstart-0.6.5-13.el6_5.3.x86_64 > atmel-firmware-1.3-7.el6.noarch > redhat-rpm-config-9.0.3-42.el6.centos.noarch > plymouth-scripts-0.8.3-27.el6.centos.1.x86_64

libtool-2.2.6-15.5.el6.x86_64 upstart-0.6.5-13.el6_5.3.x86_64 atmel-firmware-1.3-7.el6.noarch redhat-rpm-config-9.0.3-42.el6.centos.noarch plymouth-scripts-0.8.3-27.el6.centos.1.x86_64 patchutils-0.3.1-3.1.el6.x86_64 bc-1.06.95-1.el6.x86_64 cscope-15.6-6.el6.x86_64 coreutils-8.4-37.el6.x86_64 ncurses-devel-5.7-3.20090208.el6.x86_64 libselinux-utils-2.0.94-5.8.el6.x86_64

I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow

I am working towards getting SELinux implemented on a web server that also runs Samba thanks to Thomas Cameron's excellent video https://www.youtube.com/watch?v=_WOKRaM-HI4. I set the SELinux label on the web site folder (which is also the shared folder in Samba) to public_content_rw_t and set the bool smbd_anon_write to 1 so that Apache and Samba can hopefully coexist and Samba has write

v1 -> v2: Match more specifically. Rich.

On 12/28/2016 05:11 AM, Todor Petkov wrote: > On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> wrote: >> Which is why I wonder if there is some different config for the C7.3 version >> of apache. >> >> Or something with the C7-arm build... > Can you check for SELinux warnings/errors in /var/log/audit/audit.log? Good advice. As I

On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones wrote: > Instead of just documenting this bug, fix it in the file_contexts > file. > > Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. > --- > customize/SELinux_relabel.ml | 19 +++++++++++++++++++ > v2v/virt-v2v.pod | 11 ----------- > 2 files changed, 19 insertions(+), 11 deletions(-) >