similar to: selinux question

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

On 08/21/2018 02:20 PM, Warren Young wrote: > On Aug 21, 2018, at 1:27 PM, Nataraj <incoming-centos at rjl.com> wrote: >> I have a web application which uses sudo to invoke python scripts as the >> user under which the application runs (NO root access). > Why is the web app not running with that user?s permissions in the first place? > > If your answer is that it

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

Apache DocumentRoot on an NFS directory: [root at localhost ~]# service httpd start Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist Syntax error on line 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a directory [FAILED] [root at localhost ~]# After some research, I found this (dated) link

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root

I'm setting up a dedicated database server, and since this will be a central service to my various web servers I wanted it to be as secure as possible...so I am leaving SELinux enabled. However I'm having trouble getting Apache to use mod_auth_pam. I also now can't get setroubleshootd working to send me notifications of the denials and provide tips to solve the problem. The Apache

Is this really supposed to get easier over time? :) Now my audit.log file shows that SELinux is blocking my cgi script, index.cgi (which is what's actually served when the user visits the front page of one of our proxy sites like sugarsurfer.com) from having '"read write" to socket (httpd_t)'. I have no idea what that means, except that I thought that cgi scripts were

Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >> Any SElinux expert here - briefly: >> >> # getenforce >> Enforcing >> >> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t >> <no output> >> >> # sesearch -ACR -s httpd_t -c file

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce

Hello, Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I have : $ ps -Ze LABEL PID TTY TIME CMD user_u:system_r:httpd_t 12833 ? 00:00:00 httpd Is it normal for httpd to have this context (user_u:system_r:httpd_t) ? I was expecting system_u:system_r:httpd_t. And if it is not normal, is it because I have restarted httpd by

I have some centos 4.4 server. i have disable selinux for some software problem: # cat /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disable #

Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

On 12/28/2016 05:11 AM, Todor Petkov wrote: > On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> wrote: >> Which is why I wonder if there is some different config for the C7.3 version >> of apache. >> >> Or something with the C7-arm build... > Can you check for SELinux warnings/errors in /var/log/audit/audit.log? Good advice. As I

On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: > On 2017-02-21 17:30, Robert Moskowitz wrote: >> postfixadmin setup.php is claiming: >> >> *Error: Smarty template compile directory templates_c is not writable.* >> *Please make it writable.* >> *If you are using SELinux or AppArmor, you might need to adjust their >> setup to allow write access.* >>

Hi gents, I seem to have a small issue with fping and Observium(a monitoring solution). The particular VPS I'm using does have SELinux enabled and it seems to be causing issues when the httpd process is attempting to use Fping? Here is what I know so far : Output from "audit2why -a" : --------------- type=AVC msg=audit(1414265994.125:6744): avc: denied { create } for

Hello members I really have ran out of options here, and I don't know how to resolve this issue. I have a Samba LDAP primary domain controller. I have been using LAM - LDAP Account Manager to manage the accounts. The command line appears to be working correctly ie - getent passwd, getent group, id username, id computer, adding and removing accounts. Problem: When I logon to the LAM page

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote: > Robert Moskowitz wrote: >> On 12/28/2016 05:11 AM, Todor Petkov wrote: >>> On Wed, Dec 28, 2016 at 5:18 AM, Robert Moskowitz <rgm at htt-consult.com> >>> wrote: >>>> Which is why I wonder if there is some different config for the C7.3 >>>> version >>>> of apache.