similar to: tor and selinux

I've just encountered a problem starting tor. When I do 'systemctl start tor' it fails and I get selinux errors in the log. There was suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. Which I did and it gave the following type=PROCTITLE msg=audit(1539540150.692:60570): proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2

On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: > I've just encountered a problem starting tor. When I do 'systemctl > start tor' it fails and I get selinux errors in the log. There was > suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. > Which I did and it gave the following > > type=PROCTITLE msg=audit(1539540150.692:60570): >

On 10/23/18 2:49 PM, Robin Lee wrote: > On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: >> I've just encountered a problem starting tor. When I do 'systemctl >> start tor' it fails and I get selinux errors in the log. There was >> suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. >> Which I did and it gave the following >>

On Sun, 2017-01-29 at 15:53 -0800, Gordon Messmer wrote: > On 01/29/2017 11:59 AM, Mark wrote: > > As I don't know what dac_override is I don't know if it's a good > > idea > > to give it to tor and the confidence seems quite low. > > > dac_override indicates that you're running your process as root, and? > it's trying to do something on the

On 01/29/2017 11:59 AM, Mark wrote: > As I don't know what dac_override is I don't know if it's a good idea > to give it to tor and the confidence seems quite low. dac_override indicates that you're running your process as root, and it's trying to do something on the filesystem which is not explicitly allowed by permissions. DAC is the standard POSIX permission

Following the most recent kernel updates I restarted our outgoing SMTP MTA which was recently reconfigured to DKIM sign messages using OpenDKIM. This morning I discovered that Postfix had stopped on that server. Whether it is related to the Postfix issue or not is yet to be determined but, in the process of getting things restarted I ran across this error with Open DKIM: # service opendkim

Hi! I am trying libvirt on POWERPC64 with the default settings such as selinux enabled. It is all good till I move images out of /var/lib/libvirt/images/. http://libvirt.org/drvqemu.html#securityselinux is saying that "If attempting to use disk images in another location, the user/administrator must ensure the directory has be given this requisite label. Likewise physical block devices

Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159

CentOS-6.5 OpenDKIM-2.9.0 (epel) Postfix-2.6.6 (updates) I am trying to get opendkim working with our mailing lists. In the course of that endeavour I note that these messages are appearing in our syslog: May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing /usr/sbin/opendkim from using the signull access on a process. For complete SELinux messages. run sealert -l

Hi, I'm moving some old stuff from EL6 to EL8 and one setup has a cron job which uses "tmpwatch -umc $dir" to clean some directories (/etc/cron.daily/tmpwatch). It seems that this triggers this AVC (SElinux mode is enforcing): type=AVC msg=audit(1598576896.772:4267): avc: denied { dac_override } for pid=11013 comm="tmpwatch" capability=1

On Fri, Nov 7, 2014 at 11:31 AM, Adrian Chadd <adrian at freebsd.org> wrote: > ... that's .. odd. > > Let's poke the freebsd crypto and network stack people and ask. I > can't imagine why this is a problem anymore and we should default to > it being on. I don't think there's a crypto@ list, though security@ might represent. > The other thing you could

http://bugzilla.netfilter.org/show_bug.cgi?id=665 Bruno Friedmann <bruno at ioda-net.ch> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #9 from Bruno Friedmann <bruno at

Hi guys! I'm trying to setup private network inside TOR using "proxy = socks5" variable in tinc.conf, but I found that tinc trying to resolve .onion domain with system resolver first, leaking peer's tor hostname to ISP. So is there any way to disable such behavior and resolve hostname with proxy?

tinc hosts listen for connections to Tor v3 onion services, and they connect to peers using Tor SocksPorts. MPTCP aggregates full-mesh connections between hosts. For Internet hosts with well-peered gigabit uplinks, this permits throughput among peers at 30-50 Mbps for multiple streams, vs ~10 Mbps at most for individual connections. https://github.com/annymous/oniontinc includes bash scripts for

I've had an informal, third or fourth hand report of kernel instability when running Tor under load on unidentified versions of FreeBSD. Obviously, this is a bit vague as bug reports go, but I'm interested in seeing if anyone has had real experience with this happening, and might be interested in helping to track it down. If there are kernel crashes, I'm specifically looking for

Dear Davor, would you please stop abusing this thread? The topic and initially posting is talking of something quite different than Rowland used in his first answer and to what you have replied. Thanks for your understanding. And no, uid and gid is not the same (uid!=gid) Regards, Mirco

On Aug 28, 2020, at 17:53, Leon Fauster via CentOS <centos at centos.org> wrote: > > Is cron running in EL8 with stripped CAPs of? Does some one have an > idea to address this? In general, we no longer use tmpwatch at all. In CentOS 7 and 8, use systemd-tmpfiles. Here is a blog post that describes it pretty well:

Is there any real use in having a ctor/dtor for the pgd cache? Given that all pgd allocation happens via pgd_alloc/pgd_free, why not just fold the [cd]tor in? I'm asking because Xen wants pgd[3] to be unshared in the PAE case, and it looks to me like the easiest way to handle that is by making pgd_alloc/free pv-ops and doing the appropriate thing in the Xen code. Would need to sort out the

Is there any real use in having a ctor/dtor for the pgd cache? Given that all pgd allocation happens via pgd_alloc/pgd_free, why not just fold the [cd]tor in? I'm asking because Xen wants pgd[3] to be unshared in the PAE case, and it looks to me like the easiest way to handle that is by making pgd_alloc/free pv-ops and doing the appropriate thing in the Xen code. Would need to sort out the

On Thu, Mar 29, 2007 at 03:39:01PM +0100, richard wrote: > bin/xapian-tcpsrv.cc,tests/harness/testsuite.cc: First of many > parts of a large patch from Mark Hammond working towards enabling > remote databases on windows. When displaying errors which might > be socket errors, display the error number as well as the output > of strerror - on windows, strerror doesn't display