similar to: tor and selinux

Displaying 20 results from an estimated 1000 matches similar to: "tor and selinux"

2018 Oct 14
3
Centos7 & Selinux & Tor
I've just encountered a problem starting tor. When I do 'systemctl start tor' it fails and I get selinux errors in the log. There was suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. Which I did and it gave the following type=PROCTITLE msg=audit(1539540150.692:60570): proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2
2018 Oct 23
0
Centos7 & Selinux & Tor
On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: > I've just encountered a problem starting tor. When I do 'systemctl > start tor' it fails and I get selinux errors in the log. There was > suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. > Which I did and it gave the following > > type=PROCTITLE msg=audit(1539540150.692:60570): >
2018 Oct 23
1
Centos7 & Selinux & Tor
On 10/23/18 2:49 PM, Robin Lee wrote: > On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: >> I've just encountered a problem starting tor. When I do 'systemctl >> start tor' it fails and I get selinux errors in the log. There was >> suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. >> Which I did and it gave the following >>
2017 Jan 30
1
tor and selinux
On Sun, 2017-01-29 at 15:53 -0800, Gordon Messmer wrote: > On 01/29/2017 11:59 AM, Mark wrote: > > As I don't know what dac_override is I don't know if it's a good > > idea > > to give it to tor and the confidence seems quite low. > > > dac_override indicates that you're running your process as root, and? > it's trying to do something on the
2017 Jan 29
0
tor and selinux
On 01/29/2017 11:59 AM, Mark wrote: > As I don't know what dac_override is I don't know if it's a good idea > to give it to tor and the confidence seems quite low. dac_override indicates that you're running your process as root, and it's trying to do something on the filesystem which is not explicitly allowed by permissions. DAC is the standard POSIX permission
2014 May 12
1
OpenDKIM and SELinux
Following the most recent kernel updates I restarted our outgoing SMTP MTA which was recently reconfigured to DKIM sign messages using OpenDKIM. This morning I discovered that Postfix had stopped on that server. Whether it is related to the Postfix issue or not is yet to be determined but, in the process of getting things restarted I ran across this error with Open DKIM: # service opendkim
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
Hi! I am trying libvirt on POWERPC64 with the default settings such as selinux enabled. It is all good till I move images out of /var/lib/libvirt/images/. http://libvirt.org/drvqemu.html#securityselinux is saying that "If attempting to use disk images in another location, the user/administrator must ensure the directory has be given this requisite label. Likewise physical block devices
2006 Jun 07
1
Apache php and exim
Hello, I'm using the targeted policy. PHP's mail() function fails because of selinux. audit(1149662369.454:2): avc: denied { setgid } for pid=18085 comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability When i turn to permisive mode: audit(1149668677.105:12): avc: denied { setuid } for pid=29159
2014 May 05
2
Opendkim and SELinux
CentOS-6.5 OpenDKIM-2.9.0 (epel) Postfix-2.6.6 (updates) I am trying to get opendkim working with our mailing lists. In the course of that endeavour I note that these messages are appearing in our syslog: May 4 20:50:02 inet08 setroubleshoot: SELinux is preventing /usr/sbin/opendkim from using the signull access on a process. For complete SELinux messages. run sealert -l
2020 Aug 28
2
EL8: SElinux / dac_override / tmpwatch
Hi, I'm moving some old stuff from EL6 to EL8 and one setup has a cron job which uses "tmpwatch -umc $dir" to clean some directories (/etc/cron.daily/tmpwatch). It seems that this triggers this AVC (SElinux mode is enforcing): type=AVC msg=audit(1598576896.772:4267): avc: denied { dac_override } for pid=11013 comm="tmpwatch" capability=1
2014 Nov 07
0
[tor-relays] FreeBSD's global IP ID (was: Platform diversity in Tor network)
On Fri, Nov 7, 2014 at 11:31 AM, Adrian Chadd <adrian at freebsd.org> wrote: > ... that's .. odd. > > Let's poke the freebsd crypto and network stack people and ask. I > can't imagine why this is a problem anymore and we should default to > it being on. I don't think there's a crypto@ list, though security@ might represent. > The other thing you could
2011 Mar 14
0
[Bug 665] Can't start error opening /var/log/ ...
http://bugzilla.netfilter.org/show_bug.cgi?id=665 Bruno Friedmann <bruno at ioda-net.ch> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | --- Comment #9 from Bruno Friedmann <bruno at
2017 Nov 28
1
Tinc with TOR: hostname leak
Hi guys! I'm trying to setup private network inside TOR using "proxy = socks5" variable in tinc.conf, but I found that tinc trying to resolve .onion domain with system resolver first, leaking peer's tor hostname to ISP. So is there any way to disable such behavior and resolve hostname with proxy?
2019 Apr 29
0
tinc works well using Tor v3 onions, with MPTCP link aggregation
tinc hosts listen for connections to Tor v3 onion services, and they connect to peers using Tor SocksPorts. MPTCP aggregates full-mesh connections between hosts. For Internet hosts with well-peered gigabit uplinks, this permits throughput among peers at 30-50 Mbps for multiple streams, vs ~10 Mbps at most for individual connections. https://github.com/annymous/oniontinc includes bash scripts for
2006 Apr 28
1
Looking for tor users experiencing crashes
I've had an informal, third or fourth hand report of kernel instability when running Tor under load on unidentified versions of FreeBSD. Obviously, this is a bit vague as bug reports go, but I'm interested in seeing if anyone has had real experience with this happening, and might be interested in helping to track it down. If there are kernel crashes, I'm specifically looking for
2014 Oct 24
1
Samba4: "MYDOM\Admini­­stra­tor" quite useless ­o­n a m­ember server?
Dear Davor, would you please stop abusing this thread? The topic and initially posting is talking of something quite different than Rowland used in his first answer and to what you have replied. Thanks for your understanding. And no, uid and gid is not the same (uid!=gid) Regards, Mirco
2020 Aug 28
0
EL8: SElinux / dac_override / tmpwatch
On Aug 28, 2020, at 17:53, Leon Fauster via CentOS <centos at centos.org> wrote: > > Is cron running in EL8 with stripped CAPs of? Does some one have an > idea to address this? In general, we no longer use tmpwatch at all. In CentOS 7 and 8, use systemd-tmpfiles. Here is a blog post that describes it pretty well:
2007 Apr 18
2
pgd_alloc and [cd]tors
Is there any real use in having a ctor/dtor for the pgd cache? Given that all pgd allocation happens via pgd_alloc/pgd_free, why not just fold the [cd]tor in? I'm asking because Xen wants pgd[3] to be unshared in the PAE case, and it looks to me like the easiest way to handle that is by making pgd_alloc/free pv-ops and doing the appropriate thing in the Xen code. Would need to sort out the
2007 Apr 18
2
pgd_alloc and [cd]tors
Is there any real use in having a ctor/dtor for the pgd cache? Given that all pgd allocation happens via pgd_alloc/pgd_free, why not just fold the [cd]tor in? I'm asking because Xen wants pgd[3] to be unshared in the PAE case, and it looks to me like the easiest way to handle that is by making pgd_alloc/free pv-ops and doing the appropriate thing in the Xen code. Would need to sort out the
2007 Mar 29
2
Re: [Xapian-commits] 7990: trunk/xapian-core/ trunk/xapian-core/bin/ trunk/xapian-core/tests/harness/
On Thu, Mar 29, 2007 at 03:39:01PM +0100, richard wrote: > bin/xapian-tcpsrv.cc,tests/harness/testsuite.cc: First of many > parts of a large patch from Mark Hammond working towards enabling > remote databases on windows. When displaying errors which might > be socket errors, display the error number as well as the output > of strerror - on windows, strerror doesn't display