similar to: CentOS 7 SELinux issue

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp

hi guys I've just gotten a bunch of updates via yum and something weird seems to be going on after the update. System has: selinux-policy-3.13.1-268.el7_9.2.noarch selinux-policy-targeted-3.13.1-268.el7_9.2.noarch actually three different boxes, all the same: $ semodule -l No modules. and an attempt to install modules fails: $ semodule -i openvpn.pp Failed to resolve typeattributeset

Hi all, Note: selinux was in permissive prior to error Got this with a yum update: abrt_version: 2.0.8 cgroup: cmdline: semodule -n -r oracle-port -b base.pp.bz2 -i accountsd.pp.bz2 ada.pp.bz2 cachefilesd.pp.bz2 cpufreqselector.pp.bz2 chrome.pp.bz2 awstats.pp.bz2 abrt.pp.bz2 aiccu.pp.bz2 amanda.pp.bz2 afs.pp.bz2 apache.pp.bz2 arpwatch.pp.bz2 audioentropy.pp.bz2 asterisk.pp.bz2

Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote: > I don't ordinarily run SELinux and do not have it enabled. https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html QUOTE: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload

Updating a system from CentOS 5.4 (current) to 5.5, and I see: libsepol.scope_copy_callback: zosremote: Duplicate declaration in module: type/attribute zos_remote_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Any ideas as to what's going on, or why? mark "glad selinux is disabled on that box"

On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox <theatre at melvilletheatre.com> wrote: > Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semodule -vR does it. This is why if anyone is opposed to running SELinux it should be left in

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

Hey guys,. I have a centos 7 machine I'm using as a zabbix server. And I noticed that apache won't start, with this complaint in the error log: (13)Permission denied: AH00091: httpd: could not open error log file /var/log/zabbix_error_log. AH00015: Unable to open logs I tried having a look at audit2allow and this is the response I get back: [root at monitor2:/etc/httpd] #grep http

> Am 20.11.2020 um 19:50 schrieb lejeczek via CentOS <centos at centos.org>: > > hi guys > > I've just gotten a bunch of updates via yum and something > weird seems to be going on after the update. > System has: > > selinux-policy-3.13.1-268.el7_9.2.noarch > selinux-policy-targeted-3.13.1-268.el7_9.2.noarch > > actually three different boxes, all

On 02/24/2016 06:04 AM, m.roth at 5-cent.us wrote: > Alice Wonder wrote: >> For those interested I have a working spec file for Bitcoin 0.12.0 >> >> https://github.com/AliceWonderMiscreations/bitcoin/blob/master/contrib/rpm/bitcoin.spec >> >> I believe the only BuildRequires that isn't in CentOS/EPEL is >> miniupnpc-devel but that's trivial to build

On 17/06/15 15:27, Tim Dunphy wrote: >> Try something like: >> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix >> semodule -i zabbix.pp > > > Thanks for your response! However this is what happens when I try to > install the module: > > [root at monitor2:~] #semodule -i zabbix.pp > libsepol.print_missing_requirements: zabbix's global

For those interested I have a working spec file for Bitcoin 0.12.0 https://github.com/AliceWonderMiscreations/bitcoin/blob/master/contrib/rpm/bitcoin.spec I believe the only BuildRequires that isn't in CentOS/EPEL is miniupnpc-devel but that's trivial to build as well. With Bitcoin 0.12.0 the ECC stuff that Red Hat ripped out of OpenSSL doesn't matter anymore. -=- That spec file

I need to run a "copy table to '/home/user/dir/copy.txt';" but I get permission denied. Filesystem dir modes are ok and I get no event logged in audit.log, but if I setenforce 0, I can do the copy. This explains auditd silence: # sesearch --audit |egrep postgres.*home dontaudit postgresql_t user_home_dir_t : dir { getattr search }; dontaudit postgresql_t home_root_t : dir

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

CentOS release 5.4 (Final) I run pppd on this system, it accepts dial-in connections, logs people in over ssh/sftp. I had selinux disabled on this system originally, but I recently enabled it, and selinux is blocking this pppd service. "audit2allow -M" has generated the following policy based on AVC denial messages: module fixdialinserver 1.0; require { type pppd_t;