similar to: SELinux denies login

Hello, My problem is to add selinux policies can any help to say what is wrong with my policies I write this! semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" I have more instances from typo3 I found this construct in the selinux policies "/var/www/html(/.*)?/uploads(/.*)?" but my is not working ? and I have only errors? neverallow

Hello, On Sonntag, 30. April 2017 18:40:23 CEST Gordon Messmer wrote: > On 04/30/2017 07:03 AM, G?nther J. Niederwimmer wrote: > > I write this! > > > > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ > > typo3conf(/.*)?" > > OK. Did you get an error? I have only Errors ;-). when I like to set this Rule ? semanage fcontext -a

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

Hello, I have set up IPA on a private network and have hit some bumps configuring sudo access for the clients. kinit seems to work fine for both client and server, user and root. When I run sudo on the server I see the following in /var/log/messages: Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]: Decrypt integrity check failed Oct 17 17:53:52 192-168-0-100 [sssd[krb5_child[29237]]]:

trying to do an observe_field, but i''m getting a javascript "Form is not defined" error [code] <label>Account Type:</label> <%= select :user, ''tmp_type'', [''choice_one'',''choice_two''], { :prompt=>"select account type" } %> </p> <%= observe_field :user_tmp_type, :update

On Tue, Jul 14, 2020 at 6:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 04:02:17PM +0300, Ram Lavi wrote: > > On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> > > wrote: > > > > > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > > > Hello all, > > > > > >

HI All. We've been having some problems the past couple days with one of our Samba Servers. We currently have it running two instances. One instance is using local auth (historical) the other instances is using our newish domain for authentication. We're slowly migrating users over to the domain so having both methods available was the solution we came up with. Yesterday we had

Hi, I'm running dovecot (1.1.7) deliver and sieve (1.1.5) on a Fedora 9 platform, using selinux targetet mode. Most of the mail deliveries goes well, but once deliver tried to copy the mail to the /tmp directory, which it seems it not allowed by selinux. I guess that deliver wants to sanitize the mail or something and therefore copies it to /tmp. Before I ask for selinux to allow this, I

On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: > Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>> Any SElinux expert here - briefly: >>> >>> # getenforce >>> Enforcing >>> >>> # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t

Am 09.09.2018 um 16:19 schrieb Daniel Walsh <dwalsh at redhat.com>: > > On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: >> Am 09.09.2018 um 14:49 schrieb Daniel Walsh <dwalsh at redhat.com>: >>> On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: >>>> Any SElinux expert here - briefly: >>>> >>>> # getenforce

If I understand well, I could add a type to another type?!?!?! If that is the case, I did not know about it.... like many things in the SELinux world. It is so complex and so badly documented. :-( On Tue, Jul 5, 2016 at 1:24 PM, ????????? ???????? <nevis2us at infoline.su> wrote: > ????????? ???????? ????? 2016-07-05 19:58: > >> I need to have the tftpdir_rw_t and

On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: > Any SElinux expert here - briefly: > > > # getenforce > Enforcing > > # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t > <no output> > > # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t > <no output> > > # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf >

On Thu, December 4, 2014 12:29, James B. Byrne wrote: > > Re: SELinux. Do I just build a local policy or is there some boolean setting > needed to handle this? I could not find one if there is but. . . > Anyone see any problem with generating a custom policy consisting of the following? grep avc /var/log/audit/audit.log | audit2allow #============= amavis_t ============== allow

On Fri, December 5, 2014 04:53, Daniel J Walsh wrote: > > On 12/04/2014 03:22 PM, James B. Byrne wrote: >> On Thu, December 4, 2014 12:29, James B. Byrne wrote: >>> Re: SELinux. Do I just build a local policy or is there some boolean >>> setting >>> needed to handle this? I could not find one if there is but. . . >>> >> Anyone see any problem

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary rules to your

On 09/09/2018 07:19 AM, Daniel Walsh wrote: > sesearch -A -s httpd_t -t system_conf_t -p read > > If you feel that these files should not be part of the base_ro_files > then we should open that for discussion. I think the question was how users would know that the policy allowed access, as he was printing rules affecting httpd_t's file read access, and looking for

Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t <no output> # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t <no output> # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf -rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf -rw-r--r--. root root

On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc

Hi. I just installed Centos 4. I''m pretty sure that I chose to have it install postgresql but when the system came up, it wasn''t there. No worries. I installed it from the net with ''yum''. Unfortunately, when I started it up and it tried to init the database, I got a bunch of SELinux errors: Mar 3 13:24:22 dirty kernel: audit(1109874262.006:0): avc: