similar to: shellinabox

Anybody else? Anybody has gotten shellinabox working witout modification to SE policies? > On 05. juli 2018 16:08, lejeczek via CentOS wrote: >> hi guys, >> >> shellinabox, do you use it? >> >> I in pretty vanilla setup get selinux denials and cannot login. >> >> Selinux says: >> >> #============= unconfined_service_t ==============

hi guys, cannot get it to work - shellinabox - not being programmer nor selinux sorcerer. shellinabox via apache, when I ausearch it all I get is: #============= unconfined_service_t ============== #!!!! The file '/usr/bin/bash' is mislabeled on your system. #!!!! Fix with $ restorecon -R -v /usr/bin/bash allow unconfined_service_t unconfined_t:process transition; I have shellinabox

On 05. juli 2018 16:08, lejeczek via CentOS wrote: > hi guys, > > shellinabox, do you use it? > > I in pretty vanilla setup get selinux denials and cannot login. > > Selinux says: > > #============= unconfined_service_t ============== > > #!!!! The file '/usr/bin/bash' is mislabeled on your system. > #!!!! Fix with $ restorecon -R -v /usr/bin/bash

Hi, is there anyone using shellinabox[1] (Web based AJAX terminal emulator): I'm trying to run it on a Centos 6.2 x86_64 but I cannot past inserting username and I get "session closed". Actually I'm using SELINUX in Enforcing mode but nothing strange is logged in /var/log/audit/audit.log. Actually nothing strange is logged anywhere but I still get only "session

On 04/26/2017 04:22 AM, Gordon Messmer wrote: > On 04/25/2017 03:25 PM, Robert Moskowitz wrote: >> This made the same content as before that caused problems: > > I still don't understand, exactly. Are you seeing *new* problems > after installing a policy? What are the problems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.

Hello, This is somehow off-topic, since the problem appears on a modified CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and I'm not able to understand them. From audit2why : type=AVC msg=audit(1343724164.898:298772): avc: denied { mac_admin } for pid=12399 comm="restore" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open

Andreas- On Thu, Apr 3, 2008 at 8:31 AM, Andreas Rogge <a.rogge@solvention.de> wrote: > Do you have SELinux enabled? When starting puppet from init.d with SELinux enabled it runs in xinitrc_t while it should (at least imo) run in unconfined_t. Running in xinitrc_t lead to *really* strange things. Everything way fixed once I deployed a policy that made puppetd run in unconfined_t. >

Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled, and audit.log / audit2allow tell me I need to add the local policy: #============= httpd_t ============== allow httpd_t unconfined_t:shm { unix_read unix_write }; which I think will allow the httpd access to read and write from shared memory? Is that right? What are the risks involved in opening this? I notice it is

On 07/22/2013 11:12 AM, Daniel P. Berrange wrote: > On Mon, Jul 22, 2013 at 11:08:07AM -0400, Matt Hicks wrote: >> Warning - I'm fairly new to libvirt, lxc and systemd so there is a >> good chance I'm doing something terribly wrong here. However, >> instead of continuing to struggle, I figured I would mail the list >> for some advice. What I'm trying to

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > Thanks Laurent. You obviously know a LOT more about SELinux than I. I > pretty much just use commands and not build policies. So I need some > more information here. > > From what you provided below, how do I determine what is currently in > place and how do I add your stuff (changing postgresql with

[Moving this to the libguestfs mailing list] On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/13/2014 11:49 AM, Richard W.M. Jones wrote: > > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > >> Secondly we prevent even unconfined_t from putting down labels on the > >>

Hello, I have a strange (for me) problem with these two machines : - Client, a CentOS-5.7 workstation ; - Server, a CentOS-6.2 headless, up-to-date server. From Client, I want to use xauth on Server with the help of rsh (yes, I know, ssh and all this sort of things... another time.) When SELinux is in permissive mode on Server, all these commands perform as expected : rsh Server

These commands let you set and get the SELinux context of the daemon and all operations in the API and processes run from the daemon: $ ./fish/guestfish --ro -a /dev/mapper/vg_trick-F11x64 \ selinux 1 : \ run : \ mount /dev/vg_f11x64/lv_root / : \ sh "/usr/sbin/load_policy" : \ getcon : \ setcon "system_u:system_r:unconfined_t:s0" : \ getcon

Hi - can someone please tell me where I can find Centos 3.6 or Centos 3.7 for x86_64? On the mirrors, there are directories labeled 3.6 and 3.7 but it's appears to be a lie. All the directories on the mirrors appear to be linked to 3.8 (and hence are mislabeled.) Thanks! -- Ken

Hi I would like to contribute to the wiki.centos.org: username: boel subject: nagios incompatibility with centos 5.2 location: http://wiki.centos.org/HowTos/Nagios content: A security feature of centos 5.2 SELinux prevents the access from the apache httpd server to the needed /var/nagios files. The error manifests itself in the /var/log/messages as "SELinux is preventing the tac.cgi from

With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t. Do you want to choose a different one? [n] kde's kdesu barfs on this second prompt. Any way to disable this second prompt? -- Rex

hi i just installed my system then shutit down. after booting it up i can't login to root so i did a linux rescue with the CD and when i tried to type passwd this error message appear? "user_u:system_r:unconfined_t is not authorized to change the password of root" -- Regards, Mark Quitoriano, CCNA Fan the flame... http://www.spreadfirefox.com/?q=user/register&r=19441

Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : > > On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: > > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : > >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I > >> pretty much just use commands and not build policies. So I need some > >> more