similar to: chcon failed to change context Permission denied

Am 10.02.2017 um 16:59 schrieb Tim Smith: > Hi, > > I'm confused, why can root not change context of a directory ? > > I've moved a mysql dir from /var/lib to another drive. > > But running sudo chcon -R -t mysqld_t ./mysql > > Yields a screen full of messages such as > > chcon: failed to change context of ?schema_table_lock_waits.frm? to >

Hi, I'm trying to move the MySQL data directory to /home/mysql like I have done with every other install I have done before but the difference is this time I am trying to have SELinux active instead of turning it off. I seem to need some help in a) Understanding what the selinux failure messages are saying; and b) How to correct the issue I've read the selinux docs and all I got was a

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

Thanks, I managed to fix /var/lib/mysql # ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql To fix it, I tried: semanage fcontext -d -e /var/lib/mysql this command returned: KeyError: /var/lib/mysql I tried restorecon anyway: restorecon -Rv /var/lib/mysql But not better: ls -ldZ /var/lib/mysql drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0

CentOS-6.1 KVM guest on CentOS-6.1 host. I am seeing this SEAlert in the /var/log/audit/audit.log file a new guest immediately after startup. Can someone tell me what it means and what I should do about it? A Google search reveals a number of Fedora issues with similar errors dating back a few years; most of which seem to have something to do with package ownership. This guest starts without

Darned thing is suddenly failing. We had a reboot last night, and I changed a couple of files today too, so either one could somehow be responsible. But I can''t figure out how from this crash. First I noticed that my changes weren''t updating. Then I noticed that puppet wasn''t running. Then I found that it won''t, in fact, run. /selinux contains only a

Interesting to see the Equivalence. As a first thing, I tried: semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql then restorecon -R /var/lib/mysql # semanage fcontext -lC SELinux fcontext type Context /home/users(/.*)? all files system_u:object_r:user_home_dir_t:s0 /var/lib/mysql all

Hello, A server was configured in /var/lib/myslq in the root fs. I added a LV specifically for mysql. I stopped myql and renamed /var/lib/mysql to /var/lib/mysql.old. I created a new dir /var/lib/mysql and mounted the LV on /var/lib/mysql. I then copied with "cp -prZ" all mysql files in /var/lib/mysql.old to /var/lib/mysql. But then I got a selinux problem: # ls -ldZ mysql.old/

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

I tried to run chcon to set SELinux labels on a guestmounted dir and got: chcon: failed to change context of `authorized_keys' to `system_u:object_r:ssh_home_t:s0': Operation not supported I'm guessing that you need to pass 'seclabel' or 'user_xattr' or some such mount option to guestmount to support this. I notice you can pass such options through the -m option to

On Fri, 2018-05-04 at 14:55 -0700, Akemi Yagi wrote: > On Fri, May 4, 2018 at 2:26 PM, Warren Young <warren at etr-usa.com> > wrote: > > On May 4, 2018, at 3:03 PM, Akemi Yagi <amyagi at gmail.com> wrote: > > > > > > On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren at etr-usa.com > > > > wrote: > > > > > > > >

postfixadmin setup.php is claiming: *Error: Smarty template compile directory templates_c is not writable.* *Please make it writable.* *If you are using SELinux or AppArmor, you might need to adjust their setup to allow write access.* This goes away with 'setenforce 0', so it is an SELinux issue. I have tried both: restorecon -Rv /usr/share/postfixadmin and chcon -R -t

On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: > On 2017-02-21 17:30, Robert Moskowitz wrote: >> postfixadmin setup.php is claiming: >> >> *Error: Smarty template compile directory templates_c is not writable.* >> *Please make it writable.* >> *If you are using SELinux or AppArmor, you might need to adjust their >> setup to allow write access.* >>

On May 4, 2018, at 3:03 PM, Akemi Yagi <amyagi at gmail.com> wrote: > > On Fri, May 4, 2018 at 12:03 PM, Warren Young <warren at etr-usa.com> wrote: >> >> $ sudo chcon -R -t samba_share_t /path/to/share > > Updated the page as suggested. Thanks. Thanks! I now see another instance of this in section 3. Instead of copying the text verbatim, it should

Hey all, I have a simple php app working that writes some info to a text file. The app will only work correctly if SELinux is disabled. If it's enabled and try to use the app, it fails. It seems that SELinux is denying the app ability to write to the text file. So I tried running the following command: chcon -R -t httpd_sys_content_t /var/www And tried veriying the command with the

Hey all, There's a website I help run that uses the Cassandra DB as its database. I notice that if I run the web server in SELinux permissive mode, the site works fine. But if I put it into enforcing mode, the site goes down with this error: Warning: require_once(/McFrazier/PhpBinaryCql/CqlClient.php): failed to open stream: Permission denied in

In this wiki article: https://wiki.centos.org/HowTos/SetUpSamba ?there is a command down in section 2 that gives an error here on CentOS 7: $ sudo semanage fcontext ?at samba_share_t /path/to/share ?noise noise noise? semanage: error: unrecognized arguments: samba_share_t /path/to/share That and the following restorecon command can be replaced by a single shorter command, which

Hey Jeremy, > Have you tried changing the folder where it's writing into with these > lables? httpd_sys_content_rw_t or httpd_user_content_rw_t Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip! Tim On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote: > Have you tried changing

Ok, I was able to fix both of my problems and they are both related to SELinux problems First: I am assuming that you are like me and that you have an excellent background in systems administration (I teach it at a university for a living.) So you've configured chmod permissions and chown user and group ownerships on directories and files to correctly allow the desired access. You have

Thanks for your help. I did pick up an additional entry in the audit file : type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" ino=537182029 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file Unfortunately, I am not sure how the