Displaying 20 results from an estimated 1000 matches similar to: "An selinux issue"
2005 Dec 15
1
RE: ssh in rc.local stalls xenU [SOLVED]
Karsten M. Self wrote:
> on Thu, Dec 15, 2005 at 01:38:29PM -0500, Steve Brueckner
> (steve@atc-nycorp.com) wrote:
>> I''m using Fedora Core 4. I need to create an ssh port forwarding
>> tunnel to my xen0 domain when my xenU domain starts up, so I added
>> this to the xenU''s /etc/rc.d/rc.local:
>>
>> ssh -v -f -L 5500:localhost:5501 xen0_ip
2012 Jun 15
1
Puppet + Passenger SELinux issues
I recently setup my Puppetmaster server to run through Passenger via Apache
instead of on the default webrick web server. SELinux made that not work
and I've found some documentation on making rules to allow it however mine
won't load. This is the policy I found via this website,
http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/
.
module
2010 Apr 06
1
SELinux restorecon does not work
Hi All,
I have this following issue in SELinux. I did what instruction said but the
security context has still never changed. Do I need to create local SELinux
module? I hope anyone could help me out of this. Thank you.
-------------------------------------------------------
# sealert -b
........................................
Summary:
SELinux is preventing postmaster (postgresql_t)
2020 Feb 04
0
Relabel /usr directory
On 2/4/20 9:59 AM, Sergio Belkin wrote:
> Hi,
> I've done the following:
> - Copy usr content with rsync to another partition:
>
> rsync -av --partial --progress /usr/ /mnt
>
> Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
> the directory itself). But I've found that is bad labeled:
>
> ls -Z /usr
>
2020 Feb 04
5
Relabel /usr directory
Hi,
I've done the following:
- Copy usr content with rsync to another partition:
rsync -av --partial --progress /usr/ /mnt
Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
the directory itself). But I've found that is bad labeled:
ls -Z /usr
unconfined_u:object_r:unlabeled_t:s0 bin
unconfined_u:object_r:unlabeled_t:s0 local
unconfined_u:object_r:unlabeled_t:s0
2015 Feb 09
0
SELinux context for ssh host keys?
On 02/09/2015 11:14 AM, James B. Byrne wrote:
> So, I decided to run restorecon -v to
> presumably set the SELinux user correctly for the new keys: But that
> is not what happened:
>
> restorecon -v *
>
> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context
> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0
>
> restorecon reset
2008 May 22
1
Re: Need help with rsync. [solved]
In-Reply-To: <f4e013870805211022r36194b29gb74ca4421dc2ee77 at mail.gmail.com>
On: Wed, 21 May 2008 10:22:19 -0700, MHR <mhullrich at gmail.com>
wrote:
>> On Wed, May 21, 2008 at 8:37 AM, James B. Byrne <byrnejb at harte-lyne.ca>
>> wrote:
>>
>> This indeed turned out to be an SELinux policy problem which I have since
>> resolved.
>
> Whoa,
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2015 Feb 10
1
SELinux context for ssh host keys?
> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
>
> On 02/09/2015 11:14 AM, James B. Byrne wrote:
>> So, I decided to run restorecon -v to
>>
...
>> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context
>> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0
>>
...
>> There is no
2007 Apr 20
2
Learning SELINUX management, help?
OK, so setup CENTOS-5 on a laptop to learn about Xen stuff.
KDE Desktop, wanted to print the virt.108.com xen howto.
Needed to setup printer first.
Open KDE control center, go to printers.
Hear error sound, message says
"Unable to retrieve the printer list....
Connection to CUPS server failed. ..."
So I check to see that cups is running (it is).
I check /var/log/messages
2012 Feb 24
0
SELinux killed my qemu-kvm
All of a sudden, Virtual Machine Manager (VMM) on a CentOS 5.7 load will
no longer run any VMs.
The VM worked A-OK on the morning of 23 Feb, when I brought it up,
applied the Microsoft updates, rebooted it, installed an application,
rebooted again and ran several tests. Later that day, it wouldn't run.
I didn't have time to diagnose, so I did some investigation a few
minutes ago.
Working
2016 Apr 26
1
username.pem
Hi, folks,
Our system gets/creates /var/lib/ssh-x509-auth/<username>,pem, then
deletes it when the log out. selinux (in permissive mode) complains.
First, I changed the context to cert_t, and *now* it complains that
ksh93 wants write, etc access on the directory. grep ssh-x509-auth
/var/log/audit/audit.log | audit2allow offers me this:
#============= sshd_t ==============
allow sshd_t
2007 Dec 17
2
Digest Subcriber needs help with SELinux file context setting
CentOS-5.1
I need some help with setting up the SELinux context for a custom httpd
directory so that I can write log files into it. This is what I have:
In my virtual host config file:
RewriteEngine on
RewriteLog /etc/httpd/virtual.d/trac-rewrite.log
# RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging
RewriteLogLevel 0
If /etc/httpd/virtual.d/trac-rewrite.log does
2010 Jan 05
1
QEMU/KVM: SELinux denial on /dev/zero when starting a VM
Hi,
on an up to date CentOS 5.4 x86_64 (test machine), I systematically
get the following SELinux denial when I start a QEMU/KVM virtual
machine via virt-manager:
SELinux is preventing qemu-kvm (qemu_t) "execute" to /dev/zero (zero_device_t).
(full alert below)
Running the command suggested by the alert (restorecon -v '/dev/zero')
does not solve the problem.
This does not
2018 Mar 04
3
sqlinux weirdness
Every now and then I get an alert like this one. I have no clue what this
"rear" subsystem is, or why madam would be trying to write to its log
file.
Can anyone enlighten me?
thanks in advance!
-------------------------
SELinux is preventing /usr/sbin/mdadm from write access on the file /var/log/rear/rear-fcshome.log.lockless.
***** Plugin restorecon (93.9 confidence) suggests
2012 Apr 26
0
restorecon and sudo
Hello,
On CentOS-6.2, these two commands (on the same machine) give me
different results :
# restorecon -r /var/www/html/Centos/ # (as root)
$ sudo restorecon -r /var/www/html/Centos/ # (as an unprivileged user)
/var/www/html/Centos/ is a symlink to /mnt/packages/Centos/
In the first case, I get :
# ls -Z /var/www/html/Centos/
drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t
2016 Sep 01
2
[Bug 12199] New: multiple link-dest dirs not working
https://bugzilla.samba.org/show_bug.cgi?id=12199
Bug ID: 12199
Summary: multiple link-dest dirs not working
Product: rsync
Version: 3.0.6
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: core
Assignee: wayned at samba.org
Reporter: brian at
2020 Jun 27
0
C7, mdadm generating selinux warnings
Hi!
I'm getting these frequently. several times I've done the steps listed
there to suppress the messages, but I keep getting them.
Anyone got a good idea how to deal with this?
Thanks in advance!
----------------------------
SELinux is preventing mdadm from 'read, open' accesses on the file /var/log/rear/rear-fcshome.log.lockless.
***** Plugin restorecon (99.5 confidence)
2012 Jan 13
1
SELinux and rsh+xauth
Hello,
I have a strange (for me) problem with these two machines :
- Client, a CentOS-5.7 workstation ;
- Server, a CentOS-6.2 headless, up-to-date server.
From Client, I want to use xauth on Server with the help of rsh (yes, I
know, ssh and all this sort of things... another time.)
When SELinux is in permissive mode on Server, all these commands
perform as expected :
rsh Server
2017 Dec 04
0
Fwd: Qwery regarding Selinux Change Id context
Hi All,
Thanks for the information.
But after resetting the semanage User/login, and moving the targeted folder
to old one and then install the default target. then also its still showing
the
Id context as context=*system_u:system_r:unconfined_t:s0-s0:c0.c1023.*
*What I observed is after changing the permission using semanage command
also, its still showing the system_u:system_r. *
*Check the