Displaying 20 results from an estimated 4000 matches similar to: "SELinux"
2008 Aug 23
2
CentOS 5.2 + SELinux + Apache/PHP + Postfix
Hi All,
I'm running CentOS 5.2 with SELinux in enforcing mode (default
targeted policy). The server hosts a PHP web app that sends mail. I'm
getting the following errors (see end of message) in my selinux
audit.log file every time the app sends an email. The email always
seems to get sent successfully, despite the log messages. However,
they do concern me and I would like to understand
2007 Dec 08
9
distributing selinux policy module
Using audit2allow, I was able to create a policy module for
selinux:
audit2allow -i /var/log/audit/audit.log -M mysqld
(creates mysqld.pp and mysqld.te)
I want to distribute this to all my puppet clients.
I can easily put this file in
/etc/selinux/targeted/modules/active/modules
But even after reboot, although I can see the module listed:
semodule -l
... it doesn''t seem to actually
2014 Dec 05
2
Postfix avc (SELinux)
On 12/04/2014 03:22 PM, James B. Byrne wrote:
> On Thu, December 4, 2014 12:29, James B. Byrne wrote:
>> Re: SELinux. Do I just build a local policy or is there some boolean setting
>> needed to handle this? I could not find one if there is but. . .
>>
> Anyone see any problem with generating a custom policy consisting of the
> following?
>
> grep avc
2014 Dec 04
3
Postfix avc (SELinux)
I am seeing these avc messages on a newly commissioned and up-to-date CentOs-6
virtual guest:
----
time->Thu Dec 4 12:14:58 2014
type=SYSCALL msg=audit(1417713298.610:60522): arch=c000003e syscall=2
success=no exit=-13 a0=7fd70e6de1e6 a1=0 a2=1b6 a3=0 items=0 ppid=2698
pid=4294 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=2784 comm="trivial-rewrite"
2011 Jan 17
1
SELinux : semodule_package, magic number does not match
Hello,
I am trying to create a custom policy, but with no succes :
$ cat <<EOF> foo.te
module local 1.0;
require {
type httpd_sys_script_exec_t;
type httpd_sys_script_t;
class lnk_file read;
}
#============= httpd_sys_script_t ==============
allow httpd_sys_script_t httpd_sys_script_exec_t:lnk_file read;
EOF
$ checkmodule -M -m -o foo.mod foo.te
checkmodule:
2019 Apr 16
4
Time Synchronisation - SELinux Labeling and Policy
hi, i want set selinux to usw with ntpd
but when i run (as described in wiki)
semanage -a -t ntpd_t "/usr/local/samba/var/lib/ntp_signd"
i have that error
"
usage: semanage [-h]
{import,export,login,user,port,ibpkey,ibendport,interface,module,node,fcontext,boolean,permissive,dontaudit}
...
semanage: error: argument subcommand: invalid choice:
2007 Dec 10
1
SELinux and Perl script using sendmail
I have a webpage feedback form that uses a Perl script to
send e-mails with "| /usr/sbin/sendmail -t". It works
just fine, but SELinux is complaining about it:
SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t)
"getattr" to pipe:[41117] (httpd_t)
I'm a SELinux newb so I don't know what (if anything) to do
about it. Suggestions?
Miark
2009 Apr 15
2
SELinux and "i_stream_read() failed: Permission denied"
Not a problem ... sharing a solution (this time)! Please correct my
understanding of the process, if required.
"i_stream_read() failed: Permission denied" is an error message generated
when a large-ish file (>128kb in my case) is attached to a message that
has been passed to Dovecot's deliver program when SELinux is being
enforced.
In my case, these messages are first run
2014 Apr 23
1
SELInux and POSTFIX
Installed Packages
Name : postfix
Arch : x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size : 9.7 M
Repo : installed
>From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27 inet08 setroubleshoot: SELinux is preventing
/usr/libexec/postfix/smtp from 'read, write'
2020 Feb 26
3
CentOS 7 : SELinux trouble with Fail2ban
On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote:
>
>> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit :
>> SELinux is preventing /usr/bin/python2.7 from read access on the file disable.
>> ***** Plugin catchall (100. confidence) suggests *****
>> If you believe that python2.7 should be allowed read access on the disable file by default.
2007 Jun 12
1
Selinux custom policy issue - Centos 5
Hi,
I've got a Centos 5 box (recently replaced a Centos4 box of the
same function). The means of applying custom SELinux policy has changed
somewhat from 4->5. I've got it mostly figured out; I have a local.te
file with my custom policy and also which defines a few new file types,
and a local.fc with appropriate defintions of file contexts. When I
run:
# checkmodule -M -m -o
2009 Apr 14
3
Odd SELinux messages during+after 5.3 upgrade (system_mail_t and postfix_postdrop_t access rpm_var_lib_t)
Hey guys,
I've been getting some strange selinux messages after the 5.3 upgrade.
It appears as though my mail system (postfix) is constantly trying to
access the rpm database? Here's the audit messages (I tend to look at
my selinux messages using audit2allow < /var/log/audit.log as I find
it easier to read quickly):
allow postfix_postdrop_t rpm_t:tcp_socket { read write };
allow
2013 Jan 12
2
selinux + kvm virtualization + smartd problem
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system installed on mirrors based on sda and sdb physical disks.
sd{c..f} disks attached to KVM guest (whole disks, not partitions;
needed to use zfs (zfsonlinux) benefit features). Problem is that
disks
2008 Aug 26
3
Amavisd Howto
Hello CentOS Docs People!
I recently used the Amavisd howto to setup a couple of mailservers, which saved me from hours of searching online and reading novels of documentation. Since Ned is taking a little break from the Amavisd page, I would like to help contribute. There were a few things I'd like to add, like GTUBE/EICAR testing and SELinux config lines.
My wiki username is WilliamFong.
2017 Apr 25
5
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:39 +0200, Robert Moskowitz a ?crit :
> Thanks Laurent. You obviously know a LOT more about SELinux than I. I
> pretty much just use commands and not build policies. So I need some
> more information here.
>
> From what you provided below, how do I determine what is currently in
> place and how do I add your stuff (changing postgresql with
2017 Apr 25
2
NOT Solved - Re: SELinux policy to allow Dovecot to connect to Mysql
Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit :
> I thought I had this fixed, but I do not. I was away from this problem
> working on other matters, and came back (after a reboot) and it is still
> there, so I suspect when I thought I had it 'fixed' I was running with
> setenforce 0 from another problem (that is fixed).
>
> So anyone know how to get
2020 Feb 26
5
CentOS 7 : SELinux trouble with Fail2ban
Hi,
Some time ago I had SELinux problems with Fail2ban. One of the users on this
list suggested that it might be due to the fact that I'm using a bone-headed
iptables script instead of FirewallD.
I've spent the past few weeks getting up to date with doing things in a more
orthodox manner. So currently my internet-facing CentOS server has a nicely
configured NetworkManager, and
2008 Jul 24
1
selinux & httpd & portmap
Having problems starting httpd & portmapper
#service httpd start
/usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot
open shared object file: No such file or directory
and I traced it to selinux, which I had just turned on for the first time:
# sestatus
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode:
2016 Jul 05
4
How to have more than on SELinux context on a directory
????????? ???????? ????? 2016-07-05 19:58:
>> I need to have the tftpdir_rw_t and samba_share_t SELinux context
>> on
>> the same directory.
>>
>> How can we do this? Is it feasible to have more than one SELinux
>> context?
>
> I don't think it's possible/feasible.
> You'd probably need to add a new type and necessary rules to your
2015 Jan 19
2
CentOS-6.6 Fail2Ban and Postfix Selinux AVCs
I am seeing these in the log of one of our off-site NX hosts running
CentOS-6.6.
type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for
pid=22788 comm="iptables" scontext=system_u:system_r:fail2ban_t:s0
tcontext=system_u:system_r:fail2ban_t:s0 tclass=rawip_socket
Was caused by:
Missing type enforcement (TE) allow rule.
You can use