similar to: [Bug 12199] New: multiple link-dest dirs not working

[Moving this to the libguestfs mailing list] On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/13/2014 11:49 AM, Richard W.M. Jones wrote: > > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > >> Secondly we prevent even unconfined_t from putting down labels on the > >>

CentUS 7.4 >From sealert: SELinux is preventing /usr/sbin/sshd from read access on the file /etc/ssh/moduli. ***** Plugin restorecon (94.8 confidence) suggests ************************ If you want to fix the label. /etc/ssh/moduli default label should be etc_t. Then you can run restorecon. Do # /sbin/restorecon -v /etc/ssh/moduli <...> Additional Information: Source Context

Hi, I've done the following: - Copy usr content with rsync to another partition: rsync -av --partial --progress /usr/ /mnt Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not the directory itself). But I've found that is bad labeled: ls -Z /usr unconfined_u:object_r:unlabeled_t:s0 bin unconfined_u:object_r:unlabeled_t:s0 local unconfined_u:object_r:unlabeled_t:s0

Hello, On CentOS-6.2, these two commands (on the same machine) give me different results : # restorecon -r /var/www/html/Centos/ # (as root) $ sudo restorecon -r /var/www/html/Centos/ # (as an unprivileged user) /var/www/html/Centos/ is a symlink to /mnt/packages/Centos/ In the first case, I get : # ls -Z /var/www/html/Centos/ drwxr-xr-x. naudin biom system_u:object_r:httpd_sys_content_t

On 2/4/20 9:59 AM, Sergio Belkin wrote: > Hi, > I've done the following: > - Copy usr content with rsync to another partition: > > rsync -av --partial --progress /usr/ /mnt > > Then, unmounted, added to fstab a line for /usr, then deleted /usr/* (not > the directory itself). But I've found that is bad labeled: > > ls -Z /usr >

I've got a fresh RHEL AS 4-U2 installation on a Dell PE2850 server. I downloaded and installed the latest RPMs: ocfs2-2.6.9-22.ELsmp-1.0.7-1.i686.rpm ocfs2-tools-1.0.2-1.i386.rpm ocfs2console-1.0.2-1.i386.rpm I was able to start the console, but when I try to run cluster->configure_nodes, I get the following error message: Could not start cluster stack. This must be resolved before any

I''m trying to enable tftp traffic initiated from our dmz network to our internal network. I have: TFTP(ACCEPT) dmz loc:10.10.10.1 in /etc/shorewall/rules, and: oadmodule nf_conntrack_tftp in /etc/shorewall/modules. The module is loaded and I do see some entries come and go, e.g.: udp 17 10 src=4.28.99.164 dst=10.10.10.1 sport=2071 dport=69 [UNREPLIED]

During this last week I fired up some tests using libvirt-tck that haven't been run in awhile and ran into a couple problems with the Fedora 27 image provided by virt-builder (which is used by the libvirt-tck tests). One of them probably has a simple solution, I'm not sure about the other. 1) there is an selinux labeling error with the versions of packages in the Fedora 27 image. There

[root at ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* all files system_u:object_r:tftpdir_t:s0 /usr/sbin/atftpd regular file system_u:object_r:tftpd_exec_t:s0 /usr/sbin/in\.tftpd regular

??? Hi, I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here. I have decided to mount /var/spool/cron on a separate partition? and apply quota for regular users. But quotacheck replyes with a "permission denied" . quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied

after cleaning up a bunch or selinux alerts, I update and wham, clamav/clamd/clamav-db make me assert contexts again to /var/clamav like... chcon -t clamd_t clamav -R which temporarily solves the problem but it would be better if it were policy and not file contexts. So I search and see for some reason, /var/clamav is ignored... # grep clam /etc/selinux/targeted/contexts/files/file_contexts

Pulling out what little hair I have here, but stumbled onto a possible problem. I have a server running C6 apache that is set up with personal directories and no problem showing the files. You can see it at: medon.htt-consult.com/~rgm/pogo So I have a C7 apache server I am building. Files I create on the new server are listing fine. Files I have copied (with cp -avr ...) get permission

I'm trying to set the context on an nfs mounted /home. I believe exactly like in Redhat's Deployment Guide at http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/Deployment_Guide/ch45s02s03.html On my system running CentOS 5.2: $ ls -alZ /home drwxr-xr-x root root system_u:object_r:home_root_t . drwxr-xr-x root root system_u:object_r:root_t .. $ mount -t

Hello, I'm using HP homeserver where host system run CentOS 6.3 with KVM virtualization with SELinux enabled, guests too run the same OS (but without SELinux, but this does not matter). Host system installed on mirrors based on sda and sdb physical disks. sd{c..f} disks attached to KVM guest (whole disks, not partitions; needed to use zfs (zfsonlinux) benefit features). Problem is that disks

Hi, since 4.12 Samba SELinux context for /var/run/samba is not correct anymore: ``` root at files:~ # ls -la -Z /var/run/samba/ total 12 drwxr-xr-x. 5 root root system_u:object_r:var_run_t:s0 160 Apr 3 20:42 . drwxr-xr-x. 30 root root system_u:object_r:var_run_t:s0 1000 Apr 3 18:39 .. drwxr-xr-x. 3 root root system_u:object_r:var_run_t:s0 60 Apr 3 18:39 ncalrpc drwxr-xr-x. 2 root

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

Hello All, Does anyone happen to be running Quagga on CentOS 5 with SELinux in enforcing mode? Have you had to create SELinux policies or did it "just work" out of the box? (I'll get around to building this out on CentOS 6 as well.) I'm simply trying to write my config (for the zebra daemon) and it can't be written... Looks like this bug from Fedora 8 in 2008 [0] remains

Libvirt doesn't care about security during hot add disk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'>

On 3 Apr 2020, at 21:53, Rowland penny via samba wrote: > On 03/04/2020 20:34, Tobias Kirchhofer via samba wrote: >> Hi, since 4.12 Samba SELinux context for /var/run/samba is not >> correct anymore: >> >> ``` >> root at files:~ # ls -la -Z /var/run/samba/ >> total 12 >> drwxr-xr-x.? 5 root root system_u:object_r:var_run_t:s0? 160 Apr 3 >>

Hi, I've got a Centos 5 box (recently replaced a Centos4 box of the same function). The means of applying custom SELinux policy has changed somewhat from 4->5. I've got it mostly figured out; I have a local.te file with my custom policy and also which defines a few new file types, and a local.fc with appropriate defintions of file contexts. When I run: # checkmodule -M -m -o