similar to: more selinux problems ...

Asterisk version 1.2.14 I use snom190 and xliteV3 as sip phones. asterisk send the rtp stream never to the xlite softphone. Any hits for me? *CLI> rtp debug RTP Debugging Enabled -- Executing Dial("SIP/xlite-007918f0", "SIP/snom") in new stack -- Called snom -- SIP/snom-00797110 is ringing -- SIP/snom-00797110 is ringing -- SIP/snom-00797110 answered

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

Hello, on my xen host, Debian 5.0 I have few domU''s running, most of them are Lenny''s, a couple is running at Etch (Debian 4.0). All domU''s are running stable except of one (Etch / Debian 4.0). This one crashes almost daily and I wasn''t able figure out the reason why. Inside the domU there is nothing installed except of base system and Zimbra ZCS 5.0 and its

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled, and audit.log / audit2allow tell me I need to add the local policy: #============= httpd_t ============== allow httpd_t unconfined_t:shm { unix_read unix_write }; which I think will allow the httpd access to read and write from shared memory? Is that right? What are the risks involved in opening this? I notice it is

Hi, Some time ago I wrote an introductory article about SELinux on my blog. I'm currently updating it for my new blog, and I found a curious change in SELinux policy. Here goes. For demonstration purposes, I'm using some static webpages, more exactly the default pages found in /usr/share/httpd/noindex, which I simply copied over to /var/www/html. As a first practical example, I'm

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce

I have a web application which uses sudo to invoke python scripts as the user under which the application runs (NO root access).? Is there any reason why sudo would would require sys_ptrace access for this?? I only get this violation intermittenly, and not with every call to sudo.? Here's the violation: Summary: SELinux is preventing sudo (httpd_t) "sys_ptrace" to <Unknown>

Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode:

Hi gents, I seem to have a small issue with fping and Observium(a monitoring solution). The particular VPS I'm using does have SELinux enabled and it seems to be causing issues when the httpd process is attempting to use Fping? Here is what I know so far : Output from "audit2why -a" : --------------- type=AVC msg=audit(1414265994.125:6744): avc: denied { create } for

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

Hello, Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I have : $ ps -Ze LABEL PID TTY TIME CMD user_u:system_r:httpd_t 12833 ? 00:00:00 httpd Is it normal for httpd to have this context (user_u:system_r:httpd_t) ? I was expecting system_u:system_r:httpd_t. And if it is not normal, is it because I have restarted httpd by

On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: > Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>> Any SElinux expert here - briefly: >>> >>> # getenforce >>> Enforcing >>> >>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t