similar to: puppet files denied by SELinux

Displaying 20 results from an estimated 3000 matches similar to: "puppet files denied by SELinux"

2015 Jun 21
2
puppet files denied by SELinux
Hi all, Thanks for all your suggestions. Here's where I'm at with this. Can you give details about your puppetmasterd setup ? it seems that > you're using Foreman as puppet ENC. > Yes, I'm on foreman 1.7.4 and puppet 3.75. You are correct that I'm using foreman, sorry I hadn't thought to mention it! > Foreman works fine with selinux enabled : that's what
2015 Jun 29
1
puppet files denied by SELinux
I have no idea of the current dependency problem. I think your original problem was caused by mv'ing files from an nfs share to /etc which maintained the context. And SELinux prevented puppet from accessing nfs_t type. If you had just run restorecon on the object it would have set it back to the correct/default context. You might want to setup an alias mv "mv -Z" This changes
2015 Jun 21
0
puppet files denied by SELinux
Hey guys, Quick update. I grepped through the output of getsebool -a to see that related to puppet. And I found this setting: puppetagent_manage_all_files. So I tried running this command: setsebool -P puppetagent_manage_all_files 0 And did a restorecon on my modules directory: restorecon -R -v environments/production/moudles So there's good news and bad news to report! It seems that
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module
2015 Jun 17
2
selinux allow apache log access
> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;
2015 Jun 17
2
selinux allow apache log access
> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp
2015 Jun 16
2
selinux allow apache log access
Hey guys,. I have a centos 7 machine I'm using as a zabbix server. And I noticed that apache won't start, with this complaint in the error log: (13)Permission denied: AH00091: httpd: could not open error log file /var/log/zabbix_error_log. AH00015: Unable to open logs I tried having a look at audit2allow and this is the response I get back: [root at monitor2:/etc/httpd] #grep http
2015 Jun 17
0
selinux allow apache log access
On 17/06/15 15:27, Tim Dunphy wrote: >> Try something like: >> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix >> semodule -i zabbix.pp > > > Thanks for your response! However this is what happens when I try to > install the module: > > [root at monitor2:~] #semodule -i zabbix.pp > libsepol.print_missing_requirements: zabbix's global
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link
2013 Mar 27
1
silencing Passenger "ps" SELinux errors
Hello, how do people cope with constant SELinux errors like this from Fusion Passenger: 36886. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 2 file open system_u:system_r:udev_t:s0-s0:c0.c1023 denied 1922 36887. 03/27/2013 14:20:05 ps unconfined_u:system_r:passenger_t:s0 4 dir getattr unconfined_u:system_r:initrc_t:s0 denied 1927 36888. 03/27/2013 14:20:05 ps
2016 Sep 16
0
SELinux module
I do not want to disable SELinux at large but only for a directory and its sub-directories. On Fri, Sep 16, 2016 at 8:31 AM, Eddie G. O'Connor Jr. <eoconnor25 at gmail.com > wrote: > Not sure about most others, but I was always told that you never disable > Selina. Of course that is in a business/corporate setting. If it's just > you at home with a few servers? Then
2016 Sep 16
2
SELinux module
Hello everyone, I have a problem with oddjob_mkhomedir on a NFS mount point. The actual context is nfs_t drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/ With this type, oddjob_mkhomedir cannot do is job of creating home user directories. In the logs, I found about creating a new module with audi2allow and semodule: [root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598
2008 Oct 30
1
nfs mounted /home and selinux
I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t
2010 May 27
5
sandbox complaint
Updating a system from CentOS 5.4 (current) to 5.5, and I see: libsepol.scope_copy_callback: zosremote: Duplicate declaration in module: type/attribute zos_remote_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Any ideas as to what's going on, or why? mark "glad selinux is disabled on that box"
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote: > >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit : >> SELinux is preventing /usr/bin/python2.7 from read access on the file disable. >> ***** Plugin catchall (100. confidence) suggests ***** >> If you believe that python2.7 should be allowed read access on the disable file by default.
2014 Oct 30
1
CentOS 6.6 Bacula-SELinux issue
I updated my backup server to CentOS 6.6 this morning. As usual, I unmounted the current (nightly) tape from the changer before the reboot. Now Bacula complains it cannot access the changer: 3301 Issuing autochanger "loaded? drive 0" command. 3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1. Results=cannot open SCSI device '/dev/changer' -
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi, Some time ago I had SELinux problems with Fail2ban. One of the users on this list suggested that it might be due to the fact that I'm using a bone-headed iptables script instead of FirewallD. I've spent the past few weeks getting up to date with doing things in a more orthodox manner. So currently my internet-facing CentOS server has a nicely configured NetworkManager, and