similar to: selinux disable but still working

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand

Yesterday I activated SELinux in targeted mode, then I rebooted and started receiving some error messages in the system services initialization: ====================================================================== audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd" name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t

Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot talk to the BackupPC socket: type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied { connectto } for pid=11767 comm=httpd path=/var/log/BackupPC/BackupPC.sock scontext=user_u:system_r:httpd_t:s0 tcontext=user_u:system_r:initrc_t:s0

Hello, I was using CentOS 5.5 as a "playground" VM at my WinXP notebook and now I'm migrating to a new CentOS 5.6 install and everything has worked well - except samba. I have this very permissive config to export my ~/src dir: # cat /etc/samba/smb.conf [global] guest ok = yes guest account = afarber security = share hosts allow = 172.16.6. 127.0.0.1 [src]

Hi, I have a new CentOS sever install. I've also installed suPHP to replicate a live server. When I upload file via FTP the permissions seem OK, however the directories copied are not writable?? Any ideas? I have tried chmod 777 and that's not working either. Could is be a suPHP issue? I have 'suPHP_UserGroup GROUP USER' setup in my virtual directory and the user is also in the

I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t

Hello, Running httpd-2.2.3-43.el5.centos.3 on CentOS release 5.5 (Final), I have : $ ps -Ze LABEL PID TTY TIME CMD user_u:system_r:httpd_t 12833 ? 00:00:00 httpd Is it normal for httpd to have this context (user_u:system_r:httpd_t) ? I was expecting system_u:system_r:httpd_t. And if it is not normal, is it because I have restarted httpd by

I'm probably dense - CentOS 4.1 # cat /etc/sysconfig/selinux ..snip... SELINUXTYPE=targeted # su - Alec # tail -n 3 /var/log/messages Aug 31 08:48:26 srv1 su(pam_unix)[31435]: session opened for user Alec by root(uid=0) Aug 31 08:48:26 srv1 su[31435]: Warning! Could not relabel /dev/pts/0 with user_u:object_r:devpts_t, not relabeling.Operation not permitted Aug 31 08:48:27 srv1

I want to put the document root for an application on a separate paritition that has more space. When I try to configure this I can't access the files in the new location. I've got the SELinux attributes set on the directory and its files, so I'm thinking it's something about the parent path that SELinux doesn't like, but I don't know where that's handled. My

CentOS-5.1 I need some help with setting up the SELinux context for a custom httpd directory so that I can write log files into it. This is what I have: In my virtual host config file: RewriteEngine on RewriteLog /etc/httpd/virtual.d/trac-rewrite.log # RewriteLogLevel 0=off 1=basic 2=verbose 3+=module developer debuging RewriteLogLevel 0 If /etc/httpd/virtual.d/trac-rewrite.log does

I am getting tons of these messages since I updated to 4.2 Nov 12 12:21:39 srv1 dbus: Can't send to audit system: USER_AVC pid=2839 uid=81 loginuid=-1 message=avc: denied { send_msg } for scontext=user_u:system_r:unconfined_t tcontext=user_u:system_r:initrc_t tclass=dbus Now I can see this process... # ps aux|grep 2839 dbus 2839 0.0 0.3 16168 1888 ? Ssl Nov11 0:13 dbus-

Hello, I received the below SELinux message today and I am trying to figure out what caused it. I see what it says under Allow Access but I am not sure this is what I really want to do without know why it happened in the first place. What should I be looking at to understand what or why this has happened? Any help I would be most grateful for. Here is the output form SELinux SUMMARY:

I am configuring a new mail server on RHEL 5 x64. I have configured dovecot as follows: ... protocols = imaps ... ssl_cert_file = /etc/pki/dovecot/certs/mailserver.cer ssl_key_file = /etc/pki/dovecot/private/mailserver.pem ... login_process_size = 64 ... mail_location = maildir:~/Maildir ... passdb pam { args = "session=yes cache_key=%u%s dovecot" } ... I'm getting the following

I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server. I downloaded and installed the latest RPMs: ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm ocfs2-tools-1.0.2-1.i386.rpm ocfs2console-1.0.2-1.i386.rpm I was able to start the console, but when I try to run cluster->configure_nodes, I get the following error message: Could not start cluster stack. This must be resolved before any

Lordy, I've been having problems with this darn thing, so I hope someone can help me. :s My troubles started when I downloaded the latest erlang and ejabberd packages. I crashed and burned very quickly, trying two or three different versions of erlang along with several of ejabberd 2.0.x. Finally, after a week of pain, I admitted defeat, wiped the whole lot and installed the binary on the

up until a week or so ago, I had no problem using IMAP logging into a server running Fedora Core (I think 4 or 5 ) with dovecot 1.0. Had used squirrelmail and other mail agents using IMAP with no problem. as of 2 days ago, I get a squirrelmail error "ERROR: Connection dropped by IMAP server. Query: CAPABILITY" and turning on dovecot debugging shows the following:

hi i just installed my system then shutit down. after booting it up i can't login to root so i did a linux rescue with the CD and when i tried to type passwd this error message appear? "user_u:system_r:unconfined_t is not authorized to change the password of root" -- Regards, Mark Quitoriano, CCNA Fan the flame... http://www.spreadfirefox.com/?q=user/register&r=19441

Hi all, Just want to enable squid's SNMP support to get information about its perfomance through snmp client. I set "snmp_port 3401" in squid.conf SELinux is in enforcing state with targeted policy. But squid daemon doesn't start. There are some messages in audit.log like type=SYSCALL msg=audit(1176946812.492:244): arch=40000003 syscall=102 success=no exit=-13 a0=2 a1=bf880060

Hi all, I have been putting a small (simple?)dedicated email server together to (ultimately) host a couple of domains. I am currently getting the configuration to work with one domain w/local mbox users and then plan to extend it to virtual users and an additional domain. Dovecot has been a problem to integrate in the configuration. The basic pieces are FC5, Postfix, Dovecot, with