similar to: selinux policy (& engine) broken in C7

> Am 20.11.2020 um 19:50 schrieb lejeczek via CentOS <centos at centos.org>: > > hi guys > > I've just gotten a bunch of updates via yum and something > weird seems to be going on after the update. > System has: > > selinux-policy-3.13.1-268.el7_9.2.noarch > selinux-policy-targeted-3.13.1-268.el7_9.2.noarch > > actually three different boxes, all

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

CentOS Errata and Bugfix Advisory 2020:5027 Upstream details at : https://access.redhat.com/errata/RHBA-2020:5027 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 90862c0f721b1d5b253c6c69c26a15f9b8e4f492615fda39d9aa26a36263853d selinux-policy-3.13.1-268.el7_9.2.noarch.rpm

Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp

Hi all, Note: selinux was in permissive prior to error Got this with a yum update: abrt_version: 2.0.8 cgroup: cmdline: semodule -n -r oracle-port -b base.pp.bz2 -i accountsd.pp.bz2 ada.pp.bz2 cachefilesd.pp.bz2 cpufreqselector.pp.bz2 chrome.pp.bz2 awstats.pp.bz2 abrt.pp.bz2 aiccu.pp.bz2 amanda.pp.bz2 afs.pp.bz2 apache.pp.bz2 arpwatch.pp.bz2 audioentropy.pp.bz2 asterisk.pp.bz2

Updating a system from CentOS 5.4 (current) to 5.5, and I see: libsepol.scope_copy_callback: zosremote: Duplicate declaration in module: type/attribute zos_remote_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Any ideas as to what's going on, or why? mark "glad selinux is disabled on that box"

Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at

> > What turns up in myzabbix.te? Same deal. :( #semodule -i myzabbix.te semodule: Failed on myzabbix.te! sigh... but thanks any other clues? On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote: > On 17/06/15 16:29, Tim Dunphy wrote: > >> That's because there's already a zabbix module loaded (the message isn't >>> very

CentOS Errata and Security Advisory 2020:5003 Low Upstream details at : https://access.redhat.com/errata/RHSA-2020:5003 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8552fe474d6c38b9a301d6273b81897005c2a518b97ad149df81dca168a8bdc6 fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm

CentOS Errata and Security Advisory 2020:5011 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:5011 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 10a06eabffcd2d73d1de3fa1821108cbfe10fb4977603c9f495854984a91542b bind-9.11.4-26.P2.el7_9.2.x86_64.rpm

CentOS Errata and Bugfix Advisory 2020:5007 Upstream details at : https://access.redhat.com/errata/RHBA-2020:5007 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 18263e1b0a03802679269ba3b6efec82086ba491183c1ab84bd9de4e5a98c071 libgudev1-219-78.el7_9.2.i686.rpm

On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote: > >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit : >> SELinux is preventing /usr/bin/python2.7 from read access on the file disable. >> ***** Plugin catchall (100. confidence) suggests ***** >> If you believe that python2.7 should be allowed read access on the disable file by default.

On 02/12/2017 10:40 AM, Gordon Messmer wrote: > I'm not seeing those errors logged, either, so maybe your system > differs from mine. If I'm misreading, hopefully someone will chime in > to clarify. ... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd need to enable debugging (semodule -DB, and later use semodule -B to