similar to: selinux policy (& engine) broken in C7

Displaying 20 results from an estimated 1000 matches similar to: "selinux policy (& engine) broken in C7"

2020 Nov 21
0
selinux policy (& engine) broken in C7
> Am 20.11.2020 um 19:50 schrieb lejeczek via CentOS <centos at centos.org>: > > hi guys > > I've just gotten a bunch of updates via yum and something > weird seems to be going on after the update. > System has: > > selinux-policy-3.13.1-268.el7_9.2.noarch > selinux-policy-targeted-3.13.1-268.el7_9.2.noarch > > actually three different boxes, all
2017 Oct 09
2
Can't get Samba 4.4.4 going on CentOS 7.3.1611
Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon
2017 Oct 09
3
Samba won't start on Centos 7.3.1611
Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon
2015 Apr 01
1
SEmodule dependency hell.
I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering
2015 Jun 17
2
selinux allow apache log access
> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).
2020 Nov 18
0
CEBA-2020:5027 CentOS 7 selinux-policy BugFix Update
CentOS Errata and Bugfix Advisory 2020:5027 Upstream details at : https://access.redhat.com/errata/RHBA-2020:5027 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 90862c0f721b1d5b253c6c69c26a15f9b8e4f492615fda39d9aa26a36263853d selinux-policy-3.13.1-268.el7_9.2.noarch.rpm
2019 Jan 18
1
SElinux AVC signull
Hi Leon, I don't have access to a CentOS 6.10 system handy, but it looks like a policy issue. If I take you're ausearch output and pipe it to audit2allow on my CentOS 7.6 system, I get the following: #============= httpd_t ============== #!!!! This avc is allowed in the current policy allow httpd_t httpd_sys_script_t:process signull; Noting that on my 7.6 system with selinux enforcing
2007 Jul 19
1
semodule - global requirements not met
I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;
2015 Jun 20
2
puppet files denied by SELinux
Hey folks, Ok so I'm having another issue with SELinux. However I think I'm pretty close to a solution and just need a nudge in the right directtion. I wrote a puppet module that gets systems into bacula backups. Part of the formula is to distribute key/cert pairs with permissions that allow bacula to read them so that bacula can talk to the host over TLS. It's pretty slick, I must
2017 Apr 25
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the
2015 Jun 17
2
selinux allow apache log access
> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp
2014 May 20
1
abrt dump qt selinux
Hi all, Note: selinux was in permissive prior to error Got this with a yum update: abrt_version: 2.0.8 cgroup: cmdline: semodule -n -r oracle-port -b base.pp.bz2 -i accountsd.pp.bz2 ada.pp.bz2 cachefilesd.pp.bz2 cpufreqselector.pp.bz2 chrome.pp.bz2 awstats.pp.bz2 abrt.pp.bz2 aiccu.pp.bz2 amanda.pp.bz2 afs.pp.bz2 apache.pp.bz2 arpwatch.pp.bz2 audioentropy.pp.bz2 asterisk.pp.bz2
2010 May 27
5
sandbox complaint
Updating a system from CentOS 5.4 (current) to 5.5, and I see: libsepol.scope_copy_callback: zosremote: Duplicate declaration in module: type/attribute zos_remote_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Any ideas as to what's going on, or why? mark "glad selinux is disabled on that box"
2017 Sep 23
2
more selinux problems ...
Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn?t work. The non-working module can not be removed, either: semodule -r lighttpd-files_articles.pp libsemanage.semanage_direct_remove_key: Unable to remove module lighttpd-files_articles.pp at
2015 Jun 17
2
selinux allow apache log access
> > What turns up in myzabbix.te? Same deal. :( #semodule -i myzabbix.te semodule: Failed on myzabbix.te! sigh... but thanks any other clues? On Wed, Jun 17, 2015 at 11:42 AM, Harold Toms <h.toms at qmul.ac.uk> wrote: > On 17/06/15 16:29, Tim Dunphy wrote: > >> That's because there's already a zabbix module loaded (the message isn't >>> very
2020 Nov 18
0
CESA-2020:5003 Low CentOS 7 fence-agents Security Update
CentOS Errata and Security Advisory 2020:5003 Low Upstream details at : https://access.redhat.com/errata/RHSA-2020:5003 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8552fe474d6c38b9a301d6273b81897005c2a518b97ad149df81dca168a8bdc6 fence-agents-aliyun-4.2.1-41.el7_9.2.x86_64.rpm
2020 Nov 18
0
CESA-2020:5011 Moderate CentOS 7 bind Security Update
CentOS Errata and Security Advisory 2020:5011 Moderate Upstream details at : https://access.redhat.com/errata/RHSA-2020:5011 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 10a06eabffcd2d73d1de3fa1821108cbfe10fb4977603c9f495854984a91542b bind-9.11.4-26.P2.el7_9.2.x86_64.rpm
2020 Nov 18
0
CEBA-2020:5007 CentOS 7 systemd BugFix Update
CentOS Errata and Bugfix Advisory 2020:5007 Upstream details at : https://access.redhat.com/errata/RHBA-2020:5007 The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 18263e1b0a03802679269ba3b6efec82086ba491183c1ab84bd9de4e5a98c071 libgudev1-219-78.el7_9.2.i686.rpm
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote: > >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit : >> SELinux is preventing /usr/bin/python2.7 from read access on the file disable. >> ***** Plugin catchall (100. confidence) suggests ***** >> If you believe that python2.7 should be allowed read access on the disable file by default.
2017 Feb 12
2
Centos7 and old Bind bug
On 02/12/2017 10:40 AM, Gordon Messmer wrote: > I'm not seeing those errors logged, either, so maybe your system > differs from mine. If I'm misreading, hopefully someone will chime in > to clarify. ... Also, it might be useful to get the AVCs on your system. The bug entry indicated that you'd need to enable debugging (semodule -DB, and later use semodule -B to