similar to: selinux-policy update resets /etc/selinux/targeted/contexts/files/file_contexts?

On 12/17/2014 05:07 AM, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ -- >

On Wed, December 17, 2014 05:07, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo "/var/www/html/ --

On Wed, Dec 17, 2014 at 11:07:06AM +0100, Patrick Bervoets wrote: > echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts Next time try putting the local policy into: /etc/selinux/targeted/contexts/files/file_contexts.local ... which isn't overwritten by package updates. This is what would have

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

v1 -> v2: Match more specifically. Rich.

Instead of just documenting this bug, fix it in the file_contexts file. Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. --- customize/SELinux_relabel.ml | 19 +++++++++++++++++++ v2v/virt-v2v.pod | 11 ----------- 2 files changed, 19 insertions(+), 11 deletions(-) diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml index fa9603c..69a4779 100644 ---

On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ >

Hi list, I''ve got an issue at the moment, which isn''t really a big problem, but an untidy annoyance really, and I''d just like to understand what the best practice might be when dealing with the issue. As a really quick summary, the issue is that Puppet is starting up the mysqld service for the first time as unconfined_u, and then when MySQL goes and creates a load

Hi, Two doubts. 1. What I've to replace in "NEEDED"? or I need to just run the whole command you given 2. You mean this one, rpm -qa | grep libguestfs* On Mon, Mar 16, 2015 at 5:35 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > On Sat, Mar 14, 2015 at 11:14:55PM +0530, Thirumalai Nambi wrote: > > Thanks for your update, > > > > I got the

Hi, I've launched a "yum upgrade" command on a CentOS6 laptop which has updated nearly 600 packages. Automatic updates were not working because of a conflict on a package. So the laptop is now uptodate but the camera did not works after this. The message is: kernel: uvcvideo: Failed to query (GET_DEF) UVC control 6 on unit 2: -110 (exp. 2). The camera is detected as USB,

libtool-2.2.6-15.5.el6.x86_64 upstart-0.6.5-13.el6_5.3.x86_64 atmel-firmware-1.3-7.el6.noarch redhat-rpm-config-9.0.3-42.el6.centos.noarch plymouth-scripts-0.8.3-27.el6.centos.1.x86_64 patchutils-0.3.1-3.1.el6.x86_64 bc-1.06.95-1.el6.x86_64 cscope-15.6-6.el6.x86_64 coreutils-8.4-37.el6.x86_64 ncurses-devel-5.7-3.20090208.el6.x86_64 libselinux-utils-2.0.94-5.8.el6.x86_64

> On Jul 19, 2019, at 8:27 AM, Leon Fauster via CentOS <centos at centos.org> wrote: > > Am 19.07.2019 um 14:51 schrieb hw <hw at gc-24.de>: >> Hi, >> >> what do I need to do to share the same directory with both NFS and samba? >> SElinux requires 'samba_share_t' for samba and 'nfs_t' for NFS, and AFAIC >> I can't set both at

Hi, I'm trying to grant dovecot the ability to manage its socket within the postfix spool directory. I have added the below to file_contexts.local : /var/spool/postfix/private/dovecot-auth system_u:system_r:dovecot_t:s0 However, running "restorecon -v /var/spool/postfix/private/dovecot-auth" gives me the following error : restorecon:

Hi. Do anyone know of some place to put custom SELinux file context specifications? I would prefer not to append lines to /etc/selinux/targeted/contexts/files/file_contexts but rather put one or more similar files somewhere. A file_contexts.d firectory would be nice, but it isn't available. Just creating your own file_contexts.local file does not work, I already tried. I'm running

Hi all, I have difficulties to understand the output of yum-plugin-security. I am on a X86_64 machine and when I query for security updates, yum lists i686 packages, that I don't have installed. -------------------- # yum check-update --security Loaded plugins: changelog, fastestmirror, security Loading mirror speeds from cached hostfile * base: centos.mirror.linuxwerk.com * epel:

I am working towards getting SELinux implemented on a web server that also runs Samba thanks to Thomas Cameron's excellent video https://www.youtube.com/watch?v=_WOKRaM-HI4. I set the SELinux label on the web site folder (which is also the shared folder in Samba) to public_content_rw_t and set the bool smbd_anon_write to 1 so that Apache and Samba can hopefully coexist and Samba has write

On 07/01/2015 02:12 PM, John R Pierce wrote: > On 7/1/2015 2:02 PM, Kay Schenk wrote: >> My Update Applet keeps giving me messages to install an update to a >> package I do not have installed. To make matters more confusing, when I >> actually try to install the package it wants to update, there is a >> problem with the installation. >> >> Any tips on how to

On Monday, 6 March 2017 11:43:14 CET Richard W.M. Jones wrote: > Instead of just documenting this bug, fix it in the file_contexts > file. > > Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. > --- > customize/SELinux_relabel.ml | 19 +++++++++++++++++++ > v2v/virt-v2v.pod | 11 ----------- > 2 files changed, 19 insertions(+), 11 deletions(-) >

Instead of just documenting this bug, fix it in the file_contexts file. Replaces commit ad3c8fe7f49c4991e1aa536856a1a408f55d5409. --- customize/SELinux_relabel.ml | 20 ++++++++++++++++++++ v2v/virt-v2v.pod | 11 ----------- 2 files changed, 20 insertions(+), 11 deletions(-) diff --git a/customize/SELinux_relabel.ml b/customize/SELinux_relabel.ml index fa9603c..d3b9325 100644 ---

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0