similar to: selinux prevents lighttpd from printing

Displaying 20 results from an estimated 10000 matches similar to: "selinux prevents lighttpd from printing"

2017 Sep 20
2
selinux prevents lighttpd from printing
On 09/20/2017 07:19 AM, hw wrote: > hw wrote: >> >> Hi, >> >> how do I allow CGI programs to print (using 'lpr -P some-printer >> some-file.pdf') when >> lighttpd is being used for a web server? >> >> When selinux is permissive, the printer prints; when it?s enforcing, >> the printer >> does not print, and I?m getting the log
2017 Sep 22
2
selinux prevents lighttpd from printing
PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root
2017 Sep 22
1
selinux prevents lighttpd from printing
Daniel Walsh wrote: > On 09/22/2017 06:58 AM, hw wrote: >> >> PS: Now I found this: >> >> >> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1
2017 Sep 22
0
selinux prevents lighttpd from printing
Johnny Hughes wrote: > On 09/20/2017 07:19 AM, hw wrote: >> hw wrote: >>> >>> Hi, >>> >>> how do I allow CGI programs to print (using 'lpr -P some-printer >>> some-file.pdf') when >>> lighttpd is being used for a web server? >>> >>> When selinux is permissive, the printer prints; when it?s enforcing,
2017 Sep 22
0
selinux prevents lighttpd from printing
On 09/22/2017 06:58 AM, hw wrote: > > PS: Now I found this: > > > type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : > proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp > type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 > syscall=setgroups success=no exit=EPERM(Operation not permitted) > a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300
2017 Sep 20
0
selinux prevents lighttpd from printing
hw wrote: > > Hi, > > how do I allow CGI programs to print (using 'lpr -P some-printer some-file.pdf') when > lighttpd is being used for a web server? > > When selinux is permissive, the printer prints; when it?s enforcing, the printer > does not print, and I?m getting the log message '/bin/lpr: Permission denied'. > > 'getsebool -a | grep
2016 Apr 12
3
selinux getsebool request
On 04/12/2016 02:31 PM, James Hogarth wrote: > For example: > > unless => "/usr/sbin/getsebool httpd_can_network_connect | /usr/bin/grep on > &> /dev/null" D'oh! That's what I get for overcomplicating the whole darn thing. :) > > Incidentally one nice trick if you're dealing with potentially changing > multiple booleans and the policy compile
2016 Apr 12
3
selinux getsebool request
Out of faint curiosity, how do we push change requests upstream to RHEL? I'm using puppet to automate systems, including the application of SELinux policy. While setsebool -P is non-damaging to repeat, it is time consuming -- taking about 45 seconds per execution to process the existing policy and re-commit to disk. I'd like a simple ability to put an unless in the execution of
2008 Jun 03
1
SELinux and samba/winbind w/ADS on RHEL 4.6
SELinux appears to be interfering with winbind's functionality. I have the lastest policy package installed: selinux-policy-targeted-1.17.30-2.149 which allegedly solves this problem according to the RedHat knowledge base, but clearly does not. I have to turn off SELinux by using setenforce 0 (permissive) to get winbind to work at all, and based on what I see in the log files,
2017 Jan 11
1
Trouble removing files in chrooted sftp
Hi On Thu, Jan 12, 2017 at 12:07 AM, Myyr?, Timo <timo.myyra at edita.fi> wrote: > I just did a bit of testing on OpenBSD and there the above setup seems to > work and I can remove the files just fine over sftp. > So this thing should work but there's still something causing it to fail on > CentOS's side. > Just as a question is SELinux enabled ? ]# getenforce
2017 Sep 23
2
more selinux problems ...
Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2017 Jun 06
2
weird SELinux denial
I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow
2017 Oct 09
3
Samba won't start on Centos 7.3.1611
Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon
2016 Apr 12
0
selinux getsebool request
On 12 Apr 2016 6:10 p.m., "John Jasen" <jjasen at realityfailure.org> wrote: > > Out of faint curiosity, how do we push change requests upstream to RHEL? > > I'm using puppet to automate systems, including the application of > SELinux policy. While setsebool -P is non-damaging to repeat, it is time > consuming -- taking about 45 seconds per execution to
2016 Apr 13
0
selinux getsebool request
On Tue, 12 Apr 2016, John Jasen wrote: > On 04/12/2016 02:31 PM, James Hogarth wrote: >> For example: >> >> unless => "/usr/sbin/getsebool httpd_can_network_connect | /usr/bin/grep on >> &> /dev/null" > > D'oh! That's what I get for overcomplicating the whole darn thing. :) >> >> Incidentally one nice trick if you're
2009 Jul 10
1
vsftpd not able to log in
Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0
2015 Jan 23
2
How to prevent root from managing/disabling SELinux
At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust takes away the ability to manage the eTrust config from root and puts it in the hands of "security admin". So there's a good separation of duties; security admin control the security ruleset, but are limited by the OS permissions (so even if they granted themselves permission to modify /etc/shadow, the
2016 Dec 28
1
Help with httpd userdir recovery
On 12/28/16, 3:28 PM, "CentOS on behalf of Robert Moskowitz" <centos-bounces at centos.org on behalf of rgm at htt-consult.com> wrote: On 12/28/2016 06:13 PM, Greg Cornell wrote: > On 12/28/16, 3:09 PM, "CentOS on behalf of Robert Moskowitz" <centos-bounces at centos.org on behalf of rgm at htt-consult.com> wrote: > > > > On 12/28/2016 06:05 PM, J
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6 virtual guest: ---- time->Thu Dec 4 12:14:58 2014 type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2 success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698 pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=2784 comm="trivial-rewrite"
2012 Apr 01
7
selinux on/off percentage
hi Just wondering if there is any statiscs report of selinxu usages in production environment? I know some still turn it off. thanks. min