similar to: Very odd: /proc/sys/net/ipv6/conf/all/disable_ipv6

When using nat and the new 2.4.0 providers functionality, the following error is produced on boot with FC4: Cannot open "/proc/sys/net/ipv4/route/flush The box is running the latest update: selinux-policy-targeted-1.23.18-17 >From /var/log/audit/audit.log: type=PATH msg=audit(1120675555.415:78677): item=0 name="/sbin/ip" type=AVC_PATH msg=audit(1120675555.415:78677):

Hi, I'm running dovecot (1.1.7) deliver and sieve (1.1.5) on a Fedora 9 platform, using selinux targetet mode. Most of the mail deliveries goes well, but once deliver tried to copy the mail to the /tmp directory, which it seems it not allowed by selinux. I guess that deliver wants to sanitize the mail or something and therefore copies it to /tmp. Before I ask for selinux to allow this, I

Hi all, On my newly up-and-running nameserver (CentOS 5), I noticed the following alerts in /var/log/messages after restarting BIND. (lines inserted to aid in reading). As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an issue which simply *must* be addressed, or if it's something I should live with, and 2) how to eliminate the warming messages without sacrificing

Looks like turning on three booleans will solve most of the problem. httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write On 12/03/2014 03:55 AM, John Beranek wrote: > Mark: Labels look OK, restorecon has nothing to do, and: > > -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > I'll

All of a sudden, Virtual Machine Manager (VMM) on a CentOS 5.7 load will no longer run any VMs. The VM worked A-OK on the morning of 23 Feb, when I brought it up, applied the Microsoft updates, rebooted it, installed an application, rebooted again and ran several tests. Later that day, it wouldn't run. I didn't have time to diagnose, so I did some investigation a few minutes ago. Working

Restarting one of our named services produces this entry in the system log file: Oct 12 08:47:45 inet08 setroubleshoot: SELinux is preventing /usr/sbin/named from search access on the directory . For complete SELinux messages. run sealert -l 9eabadb9-0e03-4238-bdb8-c5204333a0bf Checking the selinux incident reference shows this: # sealert -l 9eabadb9-0e03-4238-bdb8-c5204333a0bf SELinux is

Indeed, thanks Dan - it doesn't get us to a completely clean running that would allow us to run our Node app as we are under Passenger with SELinux enforcing, but it at least has stopped the excessive amount of AVCs we were getting. John On 3 December 2014 at 10:01, Daniel J Walsh <dwalsh at redhat.com> wrote: > Looks like turning on three booleans will solve most of the problem.

$ R /usr/bin/R: line 238: /usr/lib64/R/etc/ldpaths: Permission denied $ rpm -q R R-3.2.3-2.fc23.x86_64 That /usr/bin/R#L238 is: . "${R_HOME}/etc${R_ARCH}/ldpaths" I noticed the error began bursting shortly after I ran dnf update. An excerpt from dnf's transaction logs: $ dnf history info <ID> Upgraded setroubleshoot-3.3.5-2.fc23.x86_64 @updates Upgrade

OK, so setup CENTOS-5 on a laptop to learn about Xen stuff. KDE Desktop, wanted to print the virt.108.com xen howto. Needed to setup printer first. Open KDE control center, go to printers. Hear error sound, message says "Unable to retrieve the printer list.... Connection to CUPS server failed. ..." So I check to see that cups is running (it is). I check /var/log/messages

Does anyone recognize this sort of message or have any idea what might cause it? May 28 11:00:06 inet09 setroubleshoot: [avc.ERROR] Plugin Exception catchall #012Traceback (most recent call last):#012 File "/usr/lib64/python2.6/site-packages/setroubleshoot/analyze.py", line 191, in analyze_avc#012 report = plugin.analyze(avc)#012 File

I am seeing these in the log of one of our off-site NX hosts running CentOS-6.6. type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0 tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket Was caused by: Missing type enforcement (TE) allow rule. You can use

Mark: Labels look OK, restorecon has nothing to do, and: -rwxr-xr-x. root root system_u:object_r:bin_t:s0 /bin/ps dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc I'll send the audit log on to Dan. Cheers, John On 2 December 2014 at 16:10, Daniel J Walsh <dwalsh at redhat.com> wrote: > Could you send me a copy of your audit.log. > > You should not be

I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I keep getting these messages in the log: (every 30 minutes) Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context system_u:object_r:puppet_etc_t:s0 on

Hi, I'm running Centos 5 32bit and installed openvpn-2.0.9-1.el5.rf from Dag Wieers Repo. When OpenVPN is started during boot-up it just shows an SElinux related error message. When I start OpenVPN manually after the system has come up completely it works fine. Here are all the messages from /var/log/messages that are SElinux related: May 28 21:39:15 srsblnfw01 kernel:

Robert Moskowitz wrote: > > > On 12/28/2016 03:32 PM, J Martin Rushton wrote: >> >> On 28/12/16 20:11, Robert Moskowitz wrote: >>> >>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote: >>>> Robert Moskowitz wrote: >>>>> On 12/28/2016 05:11 AM, Todor Petkov wrote: >>>>>> On Wed, Dec 28, 2016 at 5:18 AM, Robert

Whenever tcpdump fills a savefile to capacity (-C option) and tries to open a new one, I get the following AVC denial: kernel: audit(1204485464.409:106): avc: denied { search } for pid=2702 comm="tcpdump" name="/" dev=hdb1 ino=2 scontext=system_u:system_r:netutils_t:s0 t context=system_u:object_r:default_t:s0 tclass=dir Any suggestions as the the proper fix to make this

On Tue, Sep 5, 2017 at 9:49 AM, Gregory P. Ennis <PoMec at pomec.net> wrote: > Thanks for your help. > > I did pick up an additional entry in the audit file : > > > type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for > pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0" > ino=537182029

On 12/28/2016 06:05 PM, J Martin Rushton wrote: > > On 28/12/16 21:24, m.roth at 5-cent.us wrote: >> Robert Moskowitz wrote: >>> >>> On 12/28/2016 03:32 PM, J Martin Rushton wrote: >>>> On 28/12/16 20:11, Robert Moskowitz wrote: >>>>> On 12/28/2016 01:53 PM, m.roth at 5-cent.us wrote: >>>>>> Robert Moskowitz wrote:

Hello List, after the last update I have a selinux "Problem" with dovecot. My system is a centos 7. After a new start from dovecot selinux block a connection. Jul 12 16:24:24 mx01 systemd: Starting Dovecot IMAP/POP3 email server... Jul 12 16:24:54 mx01 systemd: Started Dovecot IMAP/POP3 email server. Jul 12 16:24:54 mx01 dovecot: Warning: Corrected permissions for login directory

Just installed 7.2, and I'm seeing this - is this a bug in the policy? ************************** SELinux is preventing systemd-readahe from add_name access on the directory .readahead.new. ***** Plugin catchall_labels (83.8 confidence) suggests ******************* If you want to allow systemd-readahe to have add_name access on the .readahead.new directory Then you need to change the