similar to: Can't get Samba 4.4.4 going on CentOS 7.3.1611

Hi folks, I've been googling for an hour on this which seems to be awfully basic. But I cannot find anything definitive. [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: Access denied [root at centos-gig ~]# setenforce 0 [root at centos-gig ~]# systemctl enable smb.service Failed to execute operation: No such file or directory Have tried things like : chcon

On 04/26/2017 12:29 AM, Robert Moskowitz wrote: > But the policy generates errors. I will have to submit a bug report, > it seems A bug report would probably be helpful. I'm looking back at the message you wrote describing errors in ld-2.17.so. I think what's happening is that the policy on your system includes a silent rule that somehow breaks your system. You'll need

How to resolve this SElinux problem? type=USER_AVC msg=audit(1513478641.700:1920): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { reload } for auid=0 uid=0 gid=0 cmdline="/usr/bin/systemctl reload named-chroot.service" scontext=system_u:system_r:logrotate_t:s0-s0:c0.c1023 tcontext=system_u:system_r:init_t:s0 tclass=service

Hi Guys, After some moths the server has been running in SELinux Permesive mode ... Some avc: denied messages has been recored ... I thought it was time to go to the next step and set SELinux Enforcing mode in the server ... it is a mail(postfix+cyrus+sasl), web, snmp with mrtg, squid sever with a local TLS configured for webmail access ... I took a look to the Deployment Guide about how to do

hi guys I've just gotten a bunch of updates via yum and something weird seems to be going on after the update. System has: selinux-policy-3.13.1-268.el7_9.2.noarch selinux-policy-targeted-3.13.1-268.el7_9.2.noarch actually three different boxes, all the same: $ semodule -l No modules. and an attempt to install modules fails: $ semodule -i openvpn.pp Failed to resolve typeattributeset

PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1 a1=0x7ffc1df3b0d0 a2=0x0 a3=0x7f5d77c3a300 items=0 ppid=19417 pid=19418 auid=unset uid=lighttpd gid=lighttpd euid=root

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with

Daniel Walsh wrote: > On 09/22/2017 06:58 AM, hw wrote: >> >> PS: Now I found this: >> >> >> type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp >> type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not permitted) a0=0x1

Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" 0 0 # df -a |grep php tmpfs 16384 0 16384 0%

I get: Failed to download prestodelta for repository cr: [Errno 256] No more mirrors to try. java-1.8.0-openjdk-1.8.0.111-2 FAILED http://mirror.centos.org/centos/7/cr/x86_64/Packages/java-1.8.0-openjdk-1.8.0.111-2.b15.el7_3.x86_64.rpm: [Errno 14] HTTP Error 404 - Not Found Trying other mirror. java-1.8.0-openjdk-devel-1.8.0 FAILED

Hi everyone, Is there anything else we could do to check on this problem and try to fix it? The issue is definitively related to either the samba vfs gluster plugin or gluster itself. I am not sure how to pin it down futher. I went ahead and created a new share in the samba server which is on a local filesystem where the OS is installed, not part of gluster: # mount | grep home ]# ls -ld /home

My system is 7.2.1511. When I run "yum update", it wants to install about 900 packages total. Most are labeled just "el7". A few "el7_1" and a lot are "el7_3" or 7.3. None are 7.2. I'm not surprised when I see 50-100 packages needing an update. But 900? And none specific to the installed system? My last update, of 4 packages, was Dec 31, 2016. I

Thanks for taking the time to look into this. Since we needed downtime due to the gluster update, we also updated the OS, including samba. We went from 4.2.x to 4.4.4 and many other packages for CentOS were updated as well. OS and samba updates were installed, then server rebooted, then gluster was updated. Created a new test samba share to minimize logs, etc: [VfsGluster] path = /vfsgluster

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: > > ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >> Hi all, >> >> I have some AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs

On 03-Jun-2017 3:27 AM, "Diego Remolina" <dijuremo at gmail.com> wrote: Hi everyone, Is there anything else we could do to check on this problem and try to fix it? The issue is definitively related to either the samba vfs gluster plugin or gluster itself. I am not sure how to pin it down futher. I don't think it is vfs plugin because you haven't updated samba packages

I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port. To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy. I have done exactly that, reassign port contexts, in the past without encountering

Did the logs provide any hints as to what the issue may be? Diego On Sat, Jun 3, 2017 at 12:16 PM, Diego Remolina <dijuremo at gmail.com> wrote: > Thanks for taking the time to look into this. Since we needed downtime > due to the gluster update, we also updated the OS, including samba. We > went from 4.2.x to 4.4.4 and many other packages for CentOS were > updated as well. OS

> > That's because there's already a zabbix module loaded (the message isn't > very informative!). I forgot that the received wisdom is to insert "my" in > front of ones own modules i.e.: > grep zabbix /var/log/audit/audit.log | audit2allow -M myzabbix > semodule -i myzabbix.pp Hmm no luck there either: [root at monitor2:~] #semodule -i myzabbix.pp

> > Try something like: > grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix > semodule -i zabbix.pp Thanks for your response! However this is what happens when I try to install the module: [root at monitor2:~] #semodule -i zabbix.pp libsepol.print_missing_requirements: zabbix's global requirements were not met: type/attribute zabbix_t (No such file or directory).

Gordon, Thank you for your help on this. Still not working... On 04/26/2017 06:27 PM, Gordon Messmer wrote: > On 04/26/2017 12:29 AM, Robert Moskowitz wrote: >> But the policy generates errors. I will have to submit a bug report, >> it seems > > > A bug report would probably be helpful. > > I'm looking back at the message you wrote describing errors in >