Displaying 20 results from an estimated 8000 matches similar to: "Build RPM packages with SELinux policy"
2006 Apr 18
3
SELinux modification
I installed SeLinux in warn mode. HOw do i check to see what it is
wanring about? This wil help me in make a decision to turn it to active
mode..:)
--
My "Foundation" verse:
Isa 54:17 No weapon that is formed against thee shall prosper; and
every tongue that shall rise against thee in judgment thou shalt
condemn. This is the heritage of the servants of the LORD, and their
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
>> pretty much just use commands and not build policies. So I need some
>> more information here.
>>
>> From what you provided below, how do I determine what is currently
2017 Apr 25
5
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> pretty much just use commands and not build policies. So I need some
> more information here.
>
> From what you provided below, how do I determine what is currently in
> place and how do I add your stuff (changing postgresql with
2010 Mar 19
0
How to disable selinux protection interfering with pppd? I tried audit2allow, but policy does not load. Is there an seboolean?
CentOS release 5.4 (Final)
I run pppd on this system, it accepts dial-in connections, logs people
in over ssh/sftp.
I had selinux disabled on this system originally, but I recently
enabled it, and selinux
is blocking this pppd service.
"audit2allow -M" has generated the following policy based on AVC
denial messages:
module fixdialinserver 1.0;
require {
type pppd_t;
2015 Apr 26
2
Broken Selinux Postfix Policy?
Trying to restart postfix installed from yum. Restart fails, I get:
type=AVC msg=audit(1430429813.721:12167): avc: denied { unlink } for
pid=31624 comm="master" name="defer" dev="dm-0" ino=981632
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:object_r:postfix_spool_maildrop_t:s0 tclass=sock_file
I guess it needs to remove the
2011 Jun 02
2
How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
and audit.log / audit2allow tell me I need to add the local policy:
#============= httpd_t ==============
allow httpd_t unconfined_t:shm { unix_read unix_write };
which I think will allow the httpd access to read and write from shared memory?
Is that right? What are the risks involved in opening this? I notice it is
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit :
>
> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
> > Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> >> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> >> pretty much just use commands and not build policies. So I need some
> >> more
2014 Dec 17
0
selinux-policy update resets /etc/selinux/targeted/contexts/files/file_contexts?
On Wed, December 17, 2014 05:07, Patrick Bervoets wrote:
> Hi,
>
> On an internal webserver (latest C6) I want smb-access to /var/www/html/
> In april I did
> chcon -R -t public_content_rw_t /var/www/html/
> setsebool -P allow_smbd_anon_write 1
> setsebool -P allow_httpd_anon_write 1
> echo "/var/www/html/ --
2005 Nov 25
0
SELinux local policy addition
When the latest version of CentOS4.2 boots I get an avc error for
portmap. Audit2allow suggests this as a cure:
allow portmap_t etc_runtime_t:file read;
Any issues that come to mind to anyone regarding adding this to
/etc/selinux/targeted/src/policy/domains/misc/local.te and
reloading?
Regards,
Jim
P.S. I am a digest subscriber. The favour of a direct reply is
requested in addition to any
2008 Dec 06
0
Trying to setting a selinux policy to Nagios 3.0.6 on CentOS 5.2 .
Hello,
I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but
it is not working.
I'm using the following packages:
httpd-2.2.3-11.el5_2.centos.4
nagios-3.0.6-1.el5.rf
nagios-plugins-1.4.12-1.el5.rf
I followed the steps bellow to try to create a selinux policy to Nagios but it
is failing.
Any help, please?
# setenforce Permissive
# service nagios start
#
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
> Quick?n?(really) dirty SELinux howto:
Alternate process:
1: setenforce permissive
2: tail -f /var/log/audit/audit.log | grep AVC
3: use the service, exercise each function that's constrained by the
existing policy
4: copy and paste the output from the terminal used for #2 into
"audit2allow -M <modulename>"
5:
2017 Apr 25
0
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote:
> Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit :
>> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote:
>>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
>>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
>>>> pretty much just use commands and not
2007 Dec 08
9
distributing selinux policy module
Using audit2allow, I was able to create a policy module for
selinux:
audit2allow -i /var/log/audit/audit.log -M mysqld
(creates mysqld.pp and mysqld.te)
I want to distribute this to all my puppet clients.
I can easily put this file in
/etc/selinux/targeted/modules/active/modules
But even after reboot, although I can see the module listed:
semodule -l
... it doesn''t seem to actually
2017 Apr 25
3
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
On 04/25/2017 06:45 PM, Gordon Messmer wrote:
> On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote:
>> Quick?n?(really) dirty SELinux howto:
>
>
> Alternate process:
>
> 1: setenforce permissive
> 2: tail -f /var/log/audit/audit.log | grep AVC
> 3: use the service, exercise each function that's constrained by the
> existing policy
> 4: copy and paste the
2015 Jun 17
2
selinux allow apache log access
>
> Try something like:
> grep zabbix /var/log/audit/audit.log | audit2allow -M zabbix
> semodule -i zabbix.pp
Thanks for your response! However this is what happens when I try to
install the module:
[root at monitor2:~] #semodule -i zabbix.pp
libsepol.print_missing_requirements: zabbix's global requirements were not
met: type/attribute zabbix_t (No such file or directory).
2015 Jun 17
1
selinux allow apache log access
On 06/17/2015 04:03 PM, Jonathan Billings wrote:
> On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote:
>> No prob! Thanks for all the help! But in searching my system I don't find
>> anything of the sort.
>>
>> [root at monitor2:~] #updatedb
>> [root at monitor2:~] #locate myzabbix.te
>> [root at monitor2:~] #find / -name "myzabbix.*"
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2008 Oct 06
1
Customizing SELinux Policy
Hi Guys,
After some moths the server has been running in SELinux Permesive mode
... Some avc: denied messages has been recored ... I thought it was
time to go to the next step and set SELinux Enforcing mode in the
server ... it is a mail(postfix+cyrus+sasl), web, snmp with mrtg,
squid sever with a local TLS configured for webmail access ... I took
a look to the Deployment Guide about how to do
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use