similar to: selinux: how to allow access?

On 03/16/2018 12:14 PM, Richard Grainger wrote: >> Yet again I could not find any documentation explaining how to do basic >> things like this :( Selinux is more like a curse than anything else :( Why >> is there not even a good documentation? > > More trolling? Show me a good documentation and/or name good reasons not to disable selinux. Considering how much trouble

I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow

On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: >I am asking if you run it again, does it change. If the boolean is set >the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

Hi all, I'm load balancing 4 mysql databases using HAProxy. The setup seems to be working pretty well. Except I keep seeing these messages turning up in syslog: Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0

Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql with mysql, nat.) thanks On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017

for more information : https://www.mankier.com/8/haproxy_selinux On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > >> Hi all, >> >> I'm load balancing 4 mysql databases using HAProxy. The setup seems to be >> working pretty well. Except I keep seeing these messages turning up in

On 06/06/2017 09:17 AM, Vanhorn, Mike wrote: > I keep seeing this in my audit.logs: > > type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket > > Was caused by: > The boolean allow_ypbind was

On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: > On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: > >> I am asking if you run it again, does it change. If the boolean is set >> the audit2why should say that the AVC is allowed. > Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset

Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > Hi all, > > I'm load balancing 4 mysql databases using HAProxy. The setup seems to be > working pretty well. Except I keep seeing these messages turning up in > syslog: > > > Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 > audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 >

On 16/03/18 18:37, Alexander Dalloz wrote: > Am 16.03.2018 um 13:09 schrieb hw: >> On 03/16/2018 12:14 PM, Richard Grainger wrote: >>>> Yet again I could not find any documentation explaining how to do basic >>>> things like this :(? Selinux is more like a curse than anything else >>>> :( Why >>>> is there not even a good documentation?

V?Mon, Oct 16, 2023 at 12:34:42PM -0700,?Jordan Erickson napsal(a): > On 10/16/23 10:37, Michael C Cambria wrote: > > I'm using icecast via Fedora 37 package and systemd service to start. > > > > I've added multiple <listen-socket> but get: > > > > "EROR connection/connection_setup_sockets Could not create listener > > socket on port

Hi, I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }

Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

I have some centos 4.4 server. i have disable selinux for some software problem: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disable #

Hi. Has anyone figured out how to get Bugzilla working on CentOS 5.2 WITHOUT TURNING OFF SELINUX? I've run chcon -R --reference=/var/www/html /path/to/bugzilla and added the following module (generated by audit2allow), but am still getting errors in my Web browser tryinig to use Bugzilla: Software error: Can't connect to the database. Error: could not connect to server:

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for