Displaying 20 results from an estimated 3000 matches similar to: "chcon failed to change context Permission denied"
2017 Feb 10
0
chcon failed to change context Permission denied
Am 10.02.2017 um 16:59 schrieb Tim Smith:
> Hi,
>
> I'm confused, why can root not change context of a directory ?
>
> I've moved a mysql dir from /var/lib to another drive.
>
> But running sudo chcon -R -t mysqld_t ./mysql
>
> Yields a screen full of messages such as
>
> chcon: failed to change context of ?schema_table_lock_waits.frm? to
>
2006 Oct 10
2
Moving Mysql data directory denied by selinux?
Hi,
I'm trying to move the MySQL data directory to /home/mysql like I have
done with every other install I have done before but the difference is
this time I am trying to have SELinux active instead of turning it off.
I seem to need some help in
a) Understanding what the selinux failure messages are saying; and
b) How to correct the issue
I've read the selinux docs and all I got was a
2017 Apr 25
5
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> pretty much just use commands and not build policies. So I need some
> more information here.
>
> From what you provided below, how do I determine what is currently in
> place and how do I add your stuff (changing postgresql with
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Thanks, I managed to fix /var/lib/mysql
# ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql
To fix it, I tried:
semanage fcontext -d -e /var/lib/mysql
this command returned:
KeyError: /var/lib/mysql
I tried restorecon anyway:
restorecon -Rv /var/lib/mysql
But not better:
ls -ldZ /var/lib/mysql
drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0
2011 Dec 20
1
SELinux is preventing /usr/bin/chcon "mac_admin" access
CentOS-6.1 KVM guest on CentOS-6.1 host.
I am seeing this SEAlert in the /var/log/audit/audit.log
file a new guest immediately after startup. Can someone
tell me what it means and what I should do about it? A
Google search reveals a number of Fedora issues with
similar errors dating back a few years; most of which seem
to have something to do with package ownership.
This guest starts without
2009 Feb 06
1
Darned thing is suddenly failing. We had a reboot last night, and I
changed a couple of files today too, so either one could somehow be
responsible. But I can''t figure out how from this crash. First I noticed
that my changes weren''t updating. Then I noticed that puppet wasn''t
running. Then I found that it won''t, in fact, run.
/selinux contains only a
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Interesting to see the Equivalence. As a first thing, I tried:
semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
then
restorecon -R /var/lib/mysql
# semanage fcontext -lC
SELinux fcontext type
Context
/home/users(/.*)? all files
system_u:object_r:user_home_dir_t:s0
/var/lib/mysql all
2017 Oct 23
2
Unable to apply mysqld_db_t to mysql directory
Hello,
A server was configured in /var/lib/myslq in the root fs. I added a LV
specifically for mysql. I stopped myql and renamed /var/lib/mysql to
/var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV
on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in
/var/lib/mysql.old to /var/lib/mysql.
But then I got a selinux problem:
# ls -ldZ mysql.old/
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2012 Jun 08
1
guestmount -i and xattrs
I tried to run chcon to set SELinux labels on a guestmounted dir and got:
chcon: failed to change context of `authorized_keys' to
`system_u:object_r:ssh_home_t:s0': Operation not supported
I'm guessing that you need to pass 'seclabel' or 'user_xattr'
or some such mount option to guestmount to support this.
I notice you can pass such options through the -m option
to
2018 May 04
3
Samba HOWTO wiki bug: chcon samba_share_t
On Fri, 2018-05-04 at 14:55 -0700, Akemi Yagi wrote:
> On Fri, May 4, 2018 at 2:26 PM, Warren Young <warren at etr-usa.com>
> wrote:
> > On May 4, 2018, at 3:03 PM, Akemi Yagi <amyagi at gmail.com> wrote:
> > >
> > > On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren at etr-usa.com
> > > > wrote:
> > > >
> > > >
2017 Feb 21
3
SELInux conflict with Postfixadmin
postfixadmin setup.php is claiming:
*Error: Smarty template compile directory templates_c is not writable.*
*Please make it writable.*
*If you are using SELinux or AppArmor, you might need to adjust their
setup to allow write access.*
This goes away with 'setenforce 0', so it is an SELinux issue. I have
tried both:
restorecon -Rv /usr/share/postfixadmin
and
chcon -R -t
2017 Feb 21
2
SELInux conflict with Postfixadmin
On 02/21/2017 11:46 AM, Zdenek Sedlak wrote:
> On 2017-02-21 17:30, Robert Moskowitz wrote:
>> postfixadmin setup.php is claiming:
>>
>> *Error: Smarty template compile directory templates_c is not writable.*
>> *Please make it writable.*
>> *If you are using SELinux or AppArmor, you might need to adjust their
>> setup to allow write access.*
>>
2018 May 04
2
Samba HOWTO wiki bug: chcon samba_share_t
On May 4, 2018, at 3:03 PM, Akemi Yagi <amyagi at gmail.com> wrote:
>
> On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren at etr-usa.com> wrote:
>>
>> $ sudo chcon -R -t samba_share_t /path/to/share
>
> Updated the page as suggested. Thanks.
Thanks!
I now see another instance of this in section 3. Instead of copying the text verbatim, it should
2015 Jan 22
2
SELinux permissions for apache
Hey all,
I have a simple php app working that writes some info to a text file. The
app will only work correctly if SELinux is disabled. If it's enabled and
try to use the app, it fails. It seems that SELinux is denying the app
ability to write to the text file.
So I tried running the following command:
chcon -R -t httpd_sys_content_t /var/www
And tried veriying the command with the
2015 Mar 05
2
SELinux kills Cassandra based website
Hey all,
There's a website I help run that uses the Cassandra DB as its database. I
notice that if I run the web server in SELinux permissive mode, the site
works fine. But if I put it into enforcing mode, the site goes down with
this error:
Warning: require_once(/McFrazier/PhpBinaryCql/CqlClient.php): failed to
open stream: Permission denied in
2018 May 04
4
Samba HOWTO wiki bug: chcon samba_share_t
In this wiki article:
https://wiki.centos.org/HowTos/SetUpSamba
?there is a command down in section 2 that gives an error here on CentOS 7:
$ sudo semanage fcontext ?at samba_share_t /path/to/share
?noise noise noise?
semanage: error: unrecognized arguments: samba_share_t /path/to/share
That and the following restorecon command can be replaced by a single shorter command, which
2015 Jan 22
2
SELinux permissions for apache
Hey Jeremy,
> Have you tried changing the folder where it's writing into with these
> lables? httpd_sys_content_rw_t or httpd_user_content_rw_t
Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and
that works fine! Thanks for the tip!
Tim
On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote:
> Have you tried changing
2010 May 31
1
ARGH... once again samba causes "permission" errors. SOLVED
Ok, I was able to fix both of my problems and they are both related
to SELinux problems
First: I am assuming that you are like me and that you have an excellent
background in systems administration (I teach it at a university for a
living.) So you've configured chmod permissions and chown user and
group ownerships on directories and files to correctly allow the desired
access. You have
2017 Sep 04
5
selinux denial of cgi script with httpd using ssl
Thanks for your help.
I did pick up an additional entry in the audit file :
type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for
pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0"
ino=537182029 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
Unfortunately, I am not sure how the