similar to: share /var/spool/cups-pdf/SPOOL/?

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Summary: SELinux prevented mount from mounting on the file or directory "./Fedora-9-Everything-i386-DVD1.iso" (type "samba_share_t"). Detailed Description: SELinux prevented mount from mounting a filesystem on the file or directory "./Fedora-9-Everything-i386-DVD1.iso" of type "samba_share_t". By default SELinux limits the mounting of filesystems to only

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct anymore: ``` root at files:~ # ls -la -Z /var/run/samba/ total 12 drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3 20:42 . drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3 18:39 .. drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3 18:39 ncalrpc drwxr-xr-x. 2 root

On 3 Apr 2020, at 21:53, Rowland penny via samba wrote: > On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote: >> Hi, since 4.12 Samba SELinux context for /var/run/samba is not >> correct anymore: >> >> ``` >> root at files:~ # ls -la -Z /var/run/samba/ >> total 12 >> drwxr-xr-x.? 5 root root system_u:object_r:var_run_t:s0? 160 Apr 3 >>

Only Mac clients are affected? Have you tested a Linux (e.g. Fedora 25 live OS would do) client? It's necessary for all files to have selinux context system_u:object_r:samba_share_t:s0. You can either user chcon -R to apply it recursively to a particular directory you're sharing, or if it's an entire (dedicated) volume, you can apply it volume wide with a mount option, 'mount -o

> On Jan 3, 2017, at 1:24 PM, Chris Murphy <lists at colorremedies.com> wrote: > > Only Mac clients are affected? Have you tested a Linux (e.g. Fedora 25 > live OS would do) client? > > It's necessary for all files to have selinux context > system_u:object_r:samba_share_t:s0. You can either user chcon -R to > apply it recursively to a particular directory

Pretty sure smb gets "control" of a directory via the group. For my setup, each directory defined by a path in smb.conf has group smbusers, and has rwx permissions. This is applied just to that directory, it is not applied recursively. The files and folders in that directory have the actual remote user's ownership and permissions. What is applied recursively is the selinux label. I

Thanks Fabian, That's what I need! A bit more open than I wish but it is ok. One more thing... I got some problems to get the man page for tftpd_selinux. [ ]$ yum search tftpd_selinux Loaded plugins: fastestmirror, langpacks Determining fastest mirrors Warning: No matches found for: tftpd_selinux No matches found [ ~]$ yum provides tftpd_selinux Loaded plugins: fastestmirror, langpacks

On 06/07/16 21:17, Bernard Fay wrote: > I can access /depot/tftp from a tftp client but unable to do it from a > Windows client as long as SELinux is enforced. If SELinux is permissive I > can access it then I know Samba is properly configured. > > # getenforce > Enforcing > # ls -dZ /depot/tftp/ > drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ >

On Thursday 04 May 2017 17:54:57 Chris Murphy wrote: > Pretty sure smb gets "control" of a directory via the group. For my > setup, each directory defined by a path in smb.conf has group > smbusers, and has rwx permissions. This is applied just to that > directory, it is not applied recursively. The files and folders in > that directory have the actual remote user's

[root at ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd regular

??? Hi, I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here. I have decided to mount /var/spool/cron on a separate partition? and apply quota for regular users. But quotacheck replyes with a "permission denied" . quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied

Hello, I'm using HP homeserver where host system run CentOS 6.3 with KVM virtualization with SELinux enabled, guests too run the same OS (but without SELinux, but this does not matter). Host system installed on mirrors based on sda and sdb physical disks. sd{c..f} disks attached to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks

after cleaning up a bunch or selinux alerts, I update and wham, clamav/clamd/clamav-db make me assert contexts again to /var/clamav like... chcon -t clamd_t clamav -R which temporarily solves the problem but it would be better if it were policy and not file contexts. So I search and see for some reason, /var/clamav is ignored... # grep clam /etc/selinux/targeted/contexts/files/file_contexts

If anybody knows? plese tell me what is a reason of this problem, i`m novice with puppet and sorry for my english=) have error on client: [root@node13 ~]# [root@node13 ~]# puppet agent --server=head02 --test warning: peer certificate won''t be verified in this SSL session warning: peer certificate won''t be verified in this SSL session info: Creating a new SSL certificate request

Libvirt doesn't care about security during hot add disk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'>

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

Hello CentOS / RedHat / IBM folks! I am wondering if I can get a communication channel opened with someone who can affect changes win upstream RHEL? I don't have support accounts with RHEL, and use CentOS almost exclusively. I did have a direct email conversation with Mr. Daniel Walsh regarding these problems, but his answer was to create custom policy to allow what's being denied, as

I've been troubleshooting this issue for over a week and am running out of ideas. Generally everything works fine. I can copy files into the share, create and delete files and folders. However when copying *some* files from windows specifically it will say "The destination already has a file named "a"". A size 0 file by that name is then created. No files exist in the