similar to: SELinux and "i_stream_read() failed: Permission denied"

Hi: I have been using Dovecot for well over a year now and it has always worked with few problems. The mail setup is not simple... Postfix+MailScanner+ClamAV+Docvecot+MySql+postfix.admin... just to mention the major things. The system is CentOS 5.3 on VMware. The maildir is on an NFS share, index and control is local. About a month ago I thought I upgraded from 1.1.x to 1.2.x. by doing an

I recently setup my Puppetmaster server to run through Passenger via Apache instead of on the default webrick web server. SELinux made that not work and I've found some documentation on making rules to allow it however mine won't load. This is the policy I found via this website, http://sandcat.nl/~stijn/2012/01/20/selinux-passenger-and-puppet-oh-my/comment-page-1/ . module

I'm busy setting up amavisd-new on a CentOS 5.0 box - and believe I've got it working well enough that I can switch selinux enforcing back on again. I've done the usual- - grab a chunk of the audit.log that is relevant to all the actions that would be denied. - do 'cat audit.log | audit2allow -M amavis' to generate the module - amavis.te looks like: module amavis 1.0;

Hi, I'm running dovecot (1.1.7) deliver and sieve (1.1.5) on a Fedora 9 platform, using selinux targetet mode. Most of the mail deliveries goes well, but once deliver tried to copy the mail to the /tmp directory, which it seems it not allowed by selinux. I guess that deliver wants to sanitize the mail or something and therefore copies it to /tmp. Before I ask for selinux to allow this, I

Gordon, Thank you for your help on this. Still not working... On 04/26/2017 06:27 PM, Gordon Messmer wrote: > On 04/26/2017 12:29 AM, Robert Moskowitz wrote: >> But the policy generates errors. I will have to submit a bug report, >> it seems > > > A bug report would probably be helpful. > > I'm looking back at the message you wrote describing errors in >

Regarding the brilliant wiki site: http://wiki.centos.org/HowTos/Amavisd?highlight=%28Amavis%29 I faced the following issue on CentOS 6.2: "Spamassind" saves each message and its attached part in a folder in clamd accesses the folder, creates itself a temporary folder and deletes it afterwards. This was stopped by SELinux and caused the virus scan to fail. This action causes SE-Linux

Hello, I'm trying to run Nagios 3.0.6 on CentOS 5.2 with SELinux in enforcing mode but it is not working. I'm using the following packages: httpd-2.2.3-11.el5_2.centos.4 nagios-3.0.6-1.el5.rf nagios-plugins-1.4.12-1.el5.rf I followed the steps bellow to try to create a selinux policy to Nagios but it is failing. Any help, please? # setenforce Permissive # service nagios start #

Thanks Laurent. You obviously know a LOT more about SELinux than I. I pretty much just use commands and not build policies. So I need some more information here. From what you provided below, how do I determine what is currently in place and how do I add your stuff (changing postgresql with mysql, nat.) thanks On 04/25/2017 10:26 AM, Laurent Wandrebeck wrote: > Le mardi 25 avril 2017

Hello, I have Samba 4 installed with some correctly configured shares so I can access them from my Windows box. It is a proven setup from an older Fedora+Samba setup, though on that other machine I have SELinux disabled. So I set samba_export_all_rw=1 to be able to access the shares whose files and directories are labelled public_content_rw_t by issuing: semanage fcontext -a -t

Le mardi 25 avril 2017 ? 10:04 +0200, Robert Moskowitz a ?crit : > I thought I had this fixed, but I do not. I was away from this problem > working on other matters, and came back (after a reboot) and it is still > there, so I suspect when I thought I had it 'fixed' I was running with > setenforce 0 from another problem (that is fixed). > > So anyone know how to get

I am setting up Samba on a standalone CentOS 7 server (using LDAP with openldap for authentifcation) and things and somewhat working. There is a bit of weirdness though. smbclient is only able to access *directories* and not any of the files. Why is that? What am I missing? Here is a log of a test run: [heller at c764guest: ~]$ ls -lZAn total 8424 -rw-------. 1

I setup postfix/dovecot on a new machine and now all works well with the small exception of dovecot triggering selinux avc denials on some temp... files here is a sample alert: Summary SELinux is preventing /usr/libexec/dovecot/deliver (dovecot_deliver_t) "link" to temp.localhost.678.40caaf5592891c46 (user_home_dir_t). Detailed Description SELinux denied access requested

Hey guys, I've been getting some strange selinux messages after the 5.3 upgrade. It appears as though my mail system (postfix) is constantly trying to access the rpm database? Here's the audit messages (I tend to look at my selinux messages using audit2allow < /var/log/audit.log as I find it easier to read quickly): allow postfix_postdrop_t rpm_t:tcp_socket { read write }; allow

Hi All, I'm running CentOS 5.2 with SELinux in enforcing mode (default targeted policy). The server hosts a PHP web app that sends mail. I'm getting the following errors (see end of message) in my selinux audit.log file every time the app sends an email. The email always seems to get sent successfully, despite the log messages. However, they do concern me and I would like to understand

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

On 06.08.2019 23:17, Reio Remma via dovecot wrote: > On 24.06.2019 16:25, Reio Remma wrote: >> On 24.06.2019 8:21, Aki Tuomi wrote: >>> On 22.6.2019 22.00, Reio Remma via dovecot wrote: >>>> Jun 22 16:55:22 host dovecot: dsync-local(user at host.ee)<>: Error: >>>> Remote command returned error 84: ssh -i /home/vmail/.ssh/vmail.pem -l >>>>

Hi. I'm trying to setup squid with SELinux, the problem i encounter is taht i want to add another directory for cache, in this system we have a home partition with huge space, i create a squid dir and add the path with semanage: semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?' i check the files and are in the good context: drwxr-xr-x squid squid

On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a custom policy consisting of the > following? > > grep avc

Any ideas why bind is putting the tmp files in the [chroot]/var/named directory and not in /tmp or /var/tmp? [root at devserver21 chroot]# Aug 15 14:08:21 devserver21 named[5101]: loading configuration from '/etc/named.conf' Aug 15 14:08:21 devserver21 named: named reload succeeded Aug 15 14:08:21 devserver21 named[5101]: dumping master file: tmp-XXXXQ5X9mC: open: permission denied Aug 15

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a