similar to: Try II: selinux, xfs, and CentOS 6 and 5 issue

On 06/02/2015 11:30 AM, m.roth at 5-cent.us wrote: > Tried just the selinux list yesterday, no answers, so I'm trying again. > > I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS > 6 system, which has selinux in permissive mode. I then moved the drive to > a CentOS 5 system. When we run a copy (it mirror-copies from another > system), we get a ton of

I wrote: > I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS > 6 system, which has selinux in permissive mode. I then moved the drive to a > CentOS 5 system. When we run a copy (it mirror-copies from another system), > we get a ton of errors. I discovered that the CentOS 5 system was enforcing. > I changed it to permissive, I labelled the directories and

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t

Hello, I received the below SELinux message today and I am trying to figure out what caused it. I see what it says under Allow Access but I am not sure this is what I really want to do without know why it happened in the first place. What should I be looking at to understand what or why this has happened? Any help I would be most grateful for. Here is the output form SELinux SUMMARY:

Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode:

Hello! on my centos 4.4 i have enable selinux, but after this change syslogd can't no more run: # /etc/init.d/syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [FAILED] Starting system logger: syslogd: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with

Hi, I have the following Problem: My Rootserver stands at a hoster, I run a debian sarge and installed Xen 3 there latetly. I booted the xen Kernel - everything ok. However: when I started xend, the server instantly stopped responding. My Hosters Support said, that was due to a sort of mac spoofing protection in the switch, which disabled the Port, to which my server is connected, because there

On Wed, Sep 23, 2020 at 05:57:50PM +0200, Pino Toscano wrote: > Do not attempt to relabel a guest in case its SELinux enforcing mode is > not "enforcing", as it is either pointless, or it may fail because of an > invalid policy configured. > --- > mlcustomize/SELinux_relabel.ml | 26 +++++++++++++++++++++++++- > 1 file changed, 25 insertions(+), 1 deletion(-) >

Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1212807

This implements the --selinux-relabel option for virt-customize, virt-builder and virt-sysprep. There is no need to autorelabel functionality now. Thanks: Stephen Smalley --- builder/Makefile.am | 1 + builder/virt-builder.pod | 20 +++++++++---------- customize/Makefile.am | 2 ++ customize/SELinux_relabel.ml | 46 +++++++++++++++++++++++++++++++++++++++++++

On Tuesday, 5 May 2020 17:44:15 CEST Richard W.M. Jones wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1828952#c2 I think we need to do a different approach than this patch. The biggest thing is that currently we check only SELINUXTYPE for the actual policy, however we do not check SELINUX in case SELinux is in enforcing mode at all. IMHO we rather need to read

Hi I have a Firewire connected Micronet 1.5TB RAID with a single large ext3 filesystem on one partition on a dual Xeon system. I am checking out from an extremely large cvs repository (don't ask) to this drive over the course of many days, and intermittently I get bad blocks and the filesystem goes read-only. This is not related to any power failure or anything similar. The RAID is currently

We have a user who deleted IMAP folders from his account, so I simply tried to restore the folder ".FolderName" from our backup. I checked that file/folder ownership was the same as the original, but the Dovecot IMAP server is throwing errors at the client. I've tried copying the individual message files from the "cur" folders in the backup directory, but Dovecot

--- customize/customize_run.ml | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/customize/customize_run.ml b/customize/customize_run.ml index 0f1d72a..cd4616c 100644 --- a/customize/customize_run.ml +++ b/customize/customize_run.ml @@ -338,15 +338,19 @@ exec >>%s 2>&1 if ops.flags.selinux_relabel then ( msg (f_"SELinux

I have two different datasets 1) is in monthly format (obs) 2) yearly format (model) in obs I have 84 files ( 2003:2009)for different months & in model I have 4 different files which has yearly data (2005:2008) So for calculating my requirement I need these both data sets. The sample calculations are as follows file_o<-list.files(path=' ', pattern="0.2.text") #

I could not get vsftpd to start; kept getting the "vsftpd Dead Subsys Locked" error. On doing a Google search, I came across a fix (lost the site unfortunately) and as I recall, it has something to do with copying a file and having the incorrect SElinux settings (I have SElinux disabled). The fix was to do a fixfiles, relabel (commands that I have never used) or a touch of

We can use the setfiles(8) command to relabel the guest filesystem, even though we don't have a policy loaded nor SELinux enabled in the appliance kernel. This also deprecates or removes the old and broken SELinux support. This patch isn't quite complete - I would like to add some tests to the new API. I'm posting here to garner early feedback. Rich.

I want to put the document root for an application on a separate paritition that has more space. When I try to configure this I can't access the files in the new location. I've got the SELinux attributes set on the directory and its files, so I'm thinking it's something about the parent path that SELinux doesn't like, but I don't know where that's handled. My