similar to: selinux blocks rsync client in systemd service

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

Not a problem ... sharing a solution (this time)! Please correct my understanding of the process, if required. "i_stream_read() failed: Permission denied" is an error message generated when a large-ish file (>128kb in my case) is attached to a message that has been passed to Dovecot's deliver program when SELinux is being enforced. In my case, these messages are first run

On 04/25/2017 11:12 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017 ? 11:07 +0200, Robert Moskowitz a ?crit : >> On 04/25/2017 10:58 AM, Laurent Wandrebeck wrote: >>> Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit : >>>> Thanks Laurent. You obviously know a LOT more about SELinux than I. I >>>> pretty much just use commands and not

On 04/25/2017 06:45 PM, Gordon Messmer wrote: > On 04/25/2017 01:58 AM, Laurent Wandrebeck wrote: >> Quick?n?(really) dirty SELinux howto: > > > Alternate process: > > 1: setenforce permissive > 2: tail -f /var/log/audit/audit.log | grep AVC > 3: use the service, exercise each function that's constrained by the > existing policy > 4: copy and paste the

Hello CentOS Docs People! I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines. My wiki username is WilliamFong.

I am wondering what is the interaction between SE Linux and the kernel "capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep getting permission denied errors. I've tried using the lcap library to find that CAP_SETPCAP appears to be off in the kernel. For compliance reasons, I don't want to turn this on. I've also tried a hand-crafted SE Linux

Hi Leon, have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ? Best Regards, Strahil Nikolov ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >Hi all, > >I have some AVC in the logs and wonder how to resolve this: Under >EL8 (enforcing SElinux) I have /var/lib/php/session mounted as

The raw socket option in the kernel only allows privileged processes to open them. Selinux controls which privileged processes have the right to. To allow an unprivileged process to access a raw socket you will need to write a proxy daemon that runs privileged and is allowed in selinux to create a raw socket. This daemon can then provide a unix socket to unprivileged processes whose access can

Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs defaults,noatime,mode=770,gid=apache,size=16777216,context="system_u:object_r:httpd_var_run_t:s0" 0 0 # df -a |grep php tmpfs 16384 0 16384 0%

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: > > ?? 25 ??? 2020 ?. 14:20:19 GMT+03:00, Leon Fauster via CentOS <centos at centos.org> ??????: >> Hi all, >> >> I have some AVC in the logs and wonder how to resolve this: Under >> EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. >> >> >> # tail -1 /etc/fstab >> tmpfs

http://wiki.centos.org/HowTos/SELinux says: "Access is only allowed between similar types, so Apache running as httpd_t can read /var/www/html/index.html of type httpd_sys_content_t." however the doc doesn't define what "similar types" means. I assumed it just meant "beginning with the same prefix". However that can't be right because on my system with

On 04/26/2017 04:22 AM, Gordon Messmer wrote: > On 04/25/2017 03:25 PM, Robert Moskowitz wrote: >> This made the same content as before that caused problems: > > I still don't understand, exactly. Are you seeing *new* problems > after installing a policy? What are the problems? > >> #!!!! The file '/var/lib/mysql/mysql.sock' is mislabeled on your system.

Hi all, I need to redirect an output from python script that runs as a systemd service. I have tried to redirect its output in Exec statement without luck. I have tried to use StandardOutput and StandardError options also, but outpu log goes to /var/log/messages. Any tip? Thanks. -- Greetings, C. L. Martinez

Hello, I have Samba 4 installed with some correctly configured shares so I can access them from my Windows box. It is a proven setup from an older Fedora+Samba setup, though on that other machine I have SELinux disabled. So I set samba_export_all_rw=1 to be able to access the shares whose files and directories are labelled public_content_rw_t by issuing: semanage fcontext -a -t

thanks. On 04/26/2017 08:55 AM, Phoenix, Merka wrote: > Robert, > > in regards to your Postfix and Dovecot issue with MySQL and SELinux, > >> Apr 26 01:25:45 z9m9z dovecot: dict: Error: >> mysql(/var/lib/mysql/mysql.sock): Connect failed to database >> (postfix): Can't connect to local MySQL server through socket >> '/var/lib/mysql/mysql.sock' (13)

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

Hello CentOS / RedHat / IBM folks! I am wondering if I can get a communication channel opened with someone who can affect changes win upstream RHEL? I don't have support accounts with RHEL, and use CentOS almost exclusively. I did have a direct email conversation with Mr. Daniel Walsh regarding these problems, but his answer was to create custom policy to allow what's being denied, as

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

Hello, I update my dovecot to the last Version, now I have this error in the audit Log. Can any tell me what I can do, without selinux disabled // SELinux hindert /usr/sbin/dovecot daran, mit getattr-Zugriff auf Datei /proc/ sys/fs/suid_dumpable zuzugreifen. ***** Plugin catchall (100. Wahrscheinlichkeit) schl?gt vor ************** If you believe that dovecot should be allowed getattr