similar to: selinux: how to allow access?

Displaying 20 results from an estimated 3000 matches similar to: "selinux: how to allow access?"

2018 Mar 16
3
selinux: how to allow access?
On 03/16/2018 12:14 PM, Richard Grainger wrote: >> Yet again I could not find any documentation explaining how to do basic >> things like this :( Selinux is more like a curse than anything else :( Why >> is there not even a good documentation? > > More trolling? Show me a good documentation and/or name good reasons not to disable selinux. Considering how much trouble
2017 Jun 06
2
weird SELinux denial
I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket Was caused by: The boolean allow_ypbind was set incorrectly. Description: Allow system to run with NIS Allow
2017 Jun 06
2
weird SELinux denial
On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: >I am asking if you run it again, does it change. If the boolean is set >the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset allow_ypbind, and then reset it to 1, audit2why then says
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get
2016 Mar 12
2
SELinux denies haproxy
Hi all, I'm load balancing 4 mysql databases using HAProxy. The setup seems to be working pretty well. Except I keep seeing these messages turning up in syslog: Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql with mysql, nat.) thanks On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017
2016 Mar 12
1
SELinux denies haproxy
for more information : https://www.mankier.com/8/haproxy_selinux On Sun, Mar 13, 2016 at 2:05 AM, Alexander Dalloz <ad+lists at uni-x.org> wrote: > Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > >> Hi all, >> >> I'm load balancing 4 mysql databases using HAProxy. The setup seems to be >> working pretty well. Except I keep seeing these messages turning up in
2017 Jun 06
0
weird SELinux denial
On 06/06/2017 09:17 AM, Vanhorn, Mike wrote: > I keep seeing this in my audit.logs: > > type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket > > Was caused by: > The boolean allow_ypbind was
2017 Jun 06
0
weird SELinux denial
On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: > On 6/6/17, 12:38 PM, "Daniel Walsh" <dwalsh at redhat.com> wrote: > >> I am asking if you run it again, does it change. If the boolean is set >> the audit2why should say that the AVC is allowed. > Well, if I just run audit2why again, it always tells me the same thing. However, I have now discovered that if I unset
2016 Mar 12
0
SELinux denies haproxy
Am 12.03.2016 um 23:18 schrieb Tim Dunphy: > Hi all, > > I'm load balancing 4 mysql databases using HAProxy. The setup seems to be > working pretty well. Except I keep seeing these messages turning up in > syslog: > > > Mar 12 22:11:31 db1 kernel: [6058125.959624] type=1400 > audit(1457820691.824:3029129): avc: denied { name_connect } for pid=801 >
2018 Mar 16
3
selinux: how to allow access?
On 16/03/18 18:37, Alexander Dalloz wrote: > Am 16.03.2018 um 13:09 schrieb hw: >> On 03/16/2018 12:14 PM, Richard Grainger wrote: >>>> Yet again I could not find any documentation explaining how to do basic >>>> things like this :(? Selinux is more like a curse than anything else >>>> :( Why >>>> is there not even a good documentation?
2023 Oct 17
1
"Could not create listener socket on port" error only when using systemd service
V?Mon, Oct 16, 2023 at 12:34:42PM -0700,?Jordan Erickson napsal(a): > On 10/16/23 10:37, Michael C Cambria wrote: > > I'm using icecast via Fedora 37 package and systemd service to start. > > > > I've added multiple <listen-socket> but get: > > > > "EROR connection/connection_setup_sockets Could not create listener > > socket on port
2012 Oct 22
1
SELinux AVC problem postfix <-> dspam
Hi, I guess this is a bit OT but perhaps someone has encountered this issue before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam from EPEL. Dspam is configured to listen on port 10026. After having configured dspam and postfix I start dspam and then postfix and I see the following AVC message in audit.log: type=AVC msg=audit(1350920492.936:400): avc: denied { name_bind }
2012 Jan 13
1
SELinux and rsh+xauth
Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We
2007 Mar 12
2
selinux disable but still working
I have some centos 4.4 server. i have disable selinux for some software problem: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disable #
2008 Nov 04
1
How to get Bugzilla working on CentOS 5.2 with SELinux turned on?
Hi. Has anyone figured out how to get Bugzilla working on CentOS 5.2 WITHOUT TURNING OFF SELINUX? I've run chcon -R --reference=/var/www/html /path/to/bugzilla and added the following module (generated by audit2allow), but am still getting errors in my Web browser tryinig to use Bugzilla: Software error: Can't connect to the database. Error: could not connect to server:
2009 Oct 04
2
deliver stopped working
Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an
2009 Apr 14
3
Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow
2018 Sep 09
1
Type enforcement / mechanism not clear
On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for