Displaying 20 results from an estimated 2000 matches similar to: "SElinux AVC signull"
2019 Jan 17
0
SElinux AVC signull
I have some perl scripts running via CGI to print some monitoring informations out.
# cat /etc/redhat-release
CentOS release 6.10 (Final)
# getenforce
Enforcing
# LANG=C ausearch -m avc --start today
type=SYSCALL msg=audit(1547733474.941:28): arch=c000003e syscall=62 success=no exit=-13 a0=641 a1=0 a2=7f33500079b0 a3=31372f656d6f7268 items=0 ppid=1399 pid=1439 auid=4294967295 uid=48 gid=48
2012 Jan 11
2
SELinux blocking cgi script from "writing to socket (httpd_t)"
Is this really supposed to get easier over time? :) Now my audit.log
file shows that SELinux is blocking my cgi script, index.cgi (which is
what's actually served when the user visits the front page of one of our
proxy sites like sugarsurfer.com) from having '"read write" to socket
(httpd_t)'. I have no idea what that means, except that I thought that
cgi scripts were
2017 Sep 22
2
selinux prevents lighttpd from printing
PS: Now I found this:
type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root
2017 Sep 22
1
selinux prevents lighttpd from printing
Daniel Walsh wrote:
> On 09/22/2017 06:58 AM, hw wrote:
>>
>> PS: Now I found this:
>>
>>
>> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
>> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1
2006 Jun 07
1
Apache php and exim
Hello,
I'm using the targeted policy.
PHP's mail() function fails because of selinux.
audit(1149662369.454:2): avc: denied { setgid } for pid=18085
comm="sendmail" capability=6 scontext=root:system_r:httpd_sys_script_t
tcontext=root:system_r:httpd_sys_script_t tclass=capability
When i turn to permisive mode:
audit(1149668677.105:12): avc: denied { setuid } for pid=29159
2017 Sep 22
0
selinux prevents lighttpd from printing
On 09/22/2017 06:58 AM, hw wrote:
>
> PS: Now I found this:
>
>
> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) :
> proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp
> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64
> syscall=setgroups success=no exit=EPERM(Operation not permitted)
> a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300
2017 Sep 23
2
more selinux problems ...
Hi,
how do I allow lighttpd access to a directory like this:
dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles
I tried to create and install a selinux module, and it didn?t work.
The non-working module can not be removed, either:
semodule -r lighttpd-files_articles.pp
libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All,
I'm running CentOS 5.2 with SELinux in enforcing mode (default
targeted policy). The server hosts a PHP web app that sends mail. I'm
getting the following errors (see end of message) in my selinux
audit.log file every time the app sends an email. The email always
seems to get sent successfully, despite the log messages. However,
they do concern me and I would like to understand
2017 Sep 20
2
selinux prevents lighttpd from printing
On 09/20/2017 07:19 AM, hw wrote:
> hw wrote:
>>
>> Hi,
>>
>> how do I allow CGI programs to print (using 'lpr -P some-printer
>> some-file.pdf') when
>> lighttpd is being used for a web server?
>>
>> When selinux is permissive, the printer prints; when it?s enforcing,
>> the printer
>> does not print, and I?m getting the log
2008 Aug 01
2
BackupPC 3.1.0 on CentOS 5.2 triggers SE Linux denial
Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent
OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot
talk to the BackupPC socket:
type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied {
connectto } for pid=11767 comm=httpd
path=/var/log/BackupPC/BackupPC.sock
scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:initrc_t:s0
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2015 Jun 16
2
selinux allow apache log access
Hey guys,.
I have a centos 7 machine I'm using as a zabbix server. And I noticed that
apache won't start, with this complaint in the error log:
(13)Permission denied: AH00091: httpd: could not open error log file
/var/log/zabbix_error_log.
AH00015: Unable to open logs
I tried having a look at audit2allow and this is the response I get back:
[root at monitor2:/etc/httpd] #grep http
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
I'm setting up a dedicated database server, and since this will be a
central service to my various web servers I wanted it to be as secure as
possible...so I am leaving SELinux enabled. However I'm having trouble
getting Apache to use mod_auth_pam. I also now can't get setroubleshootd
working to send me notifications of the denials and provide tips to solve
the problem.
The Apache
2017 Sep 04
5
selinux denial of cgi script with httpd using ssl
Thanks for your help.
I did pick up an additional entry in the audit file :
type=AVC msg=audit(1504561395.709:10196): avc: denied { execute } for
pid=19163 comm="/usr/sbin/httpd" name="s.check.cgi" dev="dm-0"
ino=537182029 scontext=system_u:system_r:httpd_t:s0
tcontext=unconfined_u:object_r:httpd_sys_content_t:s0 tclass=file
Unfortunately, I am not sure how the
2014 Oct 25
1
Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule
Hi gents,
I seem to have a small issue with fping and Observium(a monitoring
solution). The particular VPS I'm using does have SELinux enabled and it
seems to be causing issues when the httpd process is attempting to use
Fping?
Here is what I know so far :
Output from "audit2why -a" :
---------------
type=AVC msg=audit(1414265994.125:6744): avc: denied { create } for
2011 Jun 02
2
How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
and audit.log / audit2allow tell me I need to add the local policy:
#============= httpd_t ==============
allow httpd_t unconfined_t:shm { unix_read unix_write };
which I think will allow the httpd access to read and write from shared memory?
Is that right? What are the risks involved in opening this? I notice it is
2008 Jul 24
1
selinux & httpd & portmap
Having problems starting httpd & portmapper
#service httpd start
/usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot
open shared object file: No such file or directory
and I traced it to selinux, which I had just turned on for the first time:
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode:
2008 Nov 04
1
How to get Bugzilla working on CentOS 5.2 with SELinux turned on?
Hi. Has anyone figured out how to get Bugzilla working on CentOS 5.2
WITHOUT TURNING OFF SELINUX?
I've run
chcon -R --reference=/var/www/html /path/to/bugzilla
and added the following module (generated by audit2allow), but am
still getting errors in my Web browser tryinig to use Bugzilla:
Software error:
Can't connect to the database.
Error: could not connect to server:
2018 Sep 09
2
Type enforcement / mechanism not clear
Any SElinux expert here - briefly:
# getenforce
Enforcing
# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
<no output>
# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
<no output>
# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf
-rw-r--r--. root root
2018 Sep 09
3
Type enforcement / mechanism not clear
Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>:
>
> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote:
>> Any SElinux expert here - briefly:
>>
>> # getenforce
>> Enforcing
>>
>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
>> <no output>
>>
>> # sesearch -ACR -s httpd_t -c file