Displaying 20 results from an estimated 3000 matches similar to: "Relabel /usr directory"
2020 Feb 04
0
Relabel /usr directory
On 2/4/20 9:59 AM, Sergio Belkin wrote:
> Hi,
> I've done the following:
> - Copy usr content with rsync to another partition:
>
> rsync -av --partial --progress /usr/ /mnt
>
> Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not
> the directory itself). But I've found that is bad labeled:
>
> ls -Z /usr
>
2015 Jun 02
3
Try II: selinux, xfs, and CentOS 6 and 5 issue
Tried just the selinux list yesterday, no answers, so I'm trying again.
I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS
6 system, which has selinux in permissive mode. I then moved the drive to
a CentOS 5 system. When we run a copy (it mirror-copies from another
system), we get a ton of errors. I discovered that the CentOS 5 system was
enforcing. I changed it to
2016 Oct 17
3
SELinux context not applied
Hi,
I tried to apply a security context on a directory with the following
commands:
[root@ local]# semanage fcontext -a -t httpd_sys_rw_content_t "netdot(/.*)?"
[root@ local]# restorecon -R netdot/
When I list the contexts, it is part of the list....
[root@ local]# semanage fcontext -l | grep netdot
./netdot(/.*)? all files
2020 Jan 01
2
Nginx and SELinux on CentOS 7
Hi,
I'm currently fiddling with Nginx on CentOS 7. Eventually I want to use it
instead of Apache on some servers.
Apache works more or less out of the box with SELinux. My websites are all
stored under /var/www, and ls -Z shows me that all files created under /var/www
are correctly labeled httpd_sys_content_t.
On my sandbox server I don't have Apache (httpd) installed, only Nginx
2013 Nov 25
2
ltsp & Selinux
Hello All,
I set up ltsp regulary, on Centos6 machines.
This morning I have a Selinux problem that usualy does not occur:
after setting everything up, the thinclients boot, but nobody can login.
It only works after the command :
# echo 0 > /selinux/enforce
I tried this semanage command:
# semanage fcontext -a -t bin_t /usr/bin/xauth
but it makes no difference.
The message I'm now
2013 Dec 19
1
quota and selinux on centos 6.5
??? Hi,
I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here.
I have decided to mount /var/spool/cron on a separate partition? and apply quota for regular users. But quotacheck replyes with a "permission denied" .
quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied
2015 Feb 09
2
SELinux context for ssh host keys?
I generated a new host key for one of our systems using:
ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096
I then ran 'ls -Z on the keys'
ll -Z *key*
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key
-rw-r--r--. root root system_u:object_r:sshd_key_t:s0
ssh_host_dsa_key.pub
-rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key
-rw-r--r--. root
2013 Jun 03
3
puppet master fails to set selinux context on /etc/puppet/auth.conf
I am running puppet 3.2.1, using the puppetlabs repos, on centos 6.4. I
keep getting these messages in the log: (every 30 minutes)
Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context
system_u:object_r:puppet_etc_t:s0 on /etc/puppet/auth.conf
Jun 3 11:24:55 yoda puppet-master[20292]: Failed to set SELinux context
system_u:object_r:puppet_etc_t:s0 on
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2009 Jul 10
6
DO NOT REPLY [Bug 6546] New: lremovexattr problems
https://bugzilla.samba.org/show_bug.cgi?id=6546
Summary: lremovexattr problems
Product: rsync
Version: 3.0.6
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P3
Component: core
AssignedTo: wayned@samba.org
ReportedBy: Dave@Yost.com
QAContact:
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2015 Feb 10
1
SELinux context for ssh host keys?
> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote:
>
> On 02/09/2015 11:14 AM, James B. Byrne wrote:
>> So, I decided to run restorecon -v to
>>
...
>> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context
>> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0
>>
...
>> There is no
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system installed on mirrors based on sda and sdb physical disks.
sd{c..f} disks attached to KVM guest (whole disks, not partitions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks
2017 Jan 08
1
Dovecot Selinux Setting
Hello,
can any tell me the correct selinux Settings for the Maildir Setting ?
in the Moment I have this setting
Jan 8 15:04:52 2017 from 192.168.100.100
[root at mx03 ~]# ls -Z /srv/vmail
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.com
drwx------. vmail vmail unconfined_u:object_r:mail_home_rw_t:s0 example.at
drwx------. vmail vmail
2014 Dec 17
4
selinux-policy update resets /etc/selinux/targeted/contexts/files/file_contexts?
Hi,
On an internal webserver (latest C6) I want smb-access to /var/www/html/
In april I did
chcon -R -t public_content_rw_t /var/www/html/
setsebool -P allow_smbd_anon_write 1
setsebool -P allow_httpd_anon_write 1
echo "/var/www/html/ -- unconfined_u:object_r:public_content_rw_t:s0" >> /etc/selinux/targeted/contexts/files/file_contexts
After the latest round
2017 Mar 15
2
Having problem getting Asterisk to work on CentOS 7
What are you using for the database - SQLite?
I am using mysql (mariadb).
I am not familiar with SQLlite. Can you access the database from the
console - look up the list of tables - display the contents from a
table? Anything to see if your SQLite is working and has asterisk data
in it.
From your Asterisk console,
|CLI> core show help database|
should give you a list of commands that you
2014 Jun 16
1
SELinux issue?
I've recently built a new mail server with centos6.5, and decided to bite the
bullet and leave SELinux running. I've stumbled through making things work and
am mostly there.
I've got my own spam and ham corpus as mbox files in /home/user/Mail/learned.
These files came from my backup of the centos 5 server this machine is replacing.
The folder is owned by the user (the following is
2016 Oct 24
2
SElinux suggestions needed: migrating backup service
Hi folks,
normally I have not so much to do with SElinux but I expected to get in touch sooner or later :-)
I migrated a backup-system from El5 to EL6 and the rsync backup process is complaining about selinux attr's now.
client <-> server (fetches via rsync -aHAX)
client# sestatus
SELinux status: disabled
server# sestatus
SELinux status: enabled
2012 Feb 16
3
Baffled by selinux
Apache DocumentRoot on an NFS directory:
[root at localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost ~]#
After some research, I found this (dated) link
2012 Oct 09
8
Service Resources and Selinux
Hi list,
I''ve got an issue at the moment, which isn''t really a big problem, but
an untidy annoyance really, and I''d just like to understand what the
best practice might be when dealing with the issue.
As a really quick summary, the issue is that Puppet is starting up the
mysqld service for the first time as unconfined_u, and then when MySQL
goes and creates a load