Displaying 20 results from an estimated 4000 matches similar to: "SELinux - null security context"
2006 Aug 25
1
SELinux targeted - named, portmap and syslogd errors
Yesterday I activated SELinux in targeted mode, then I rebooted and started
receiving some error messages in the system services initialization:
======================================================================
audit(1156518721.252:2): avc: denied { read } for pid=2223 comm="syslogd"
name="libc-2.3.4.so" dev=dm-0 ino=50441 scontext=user_u:system_r:syslogd_t
2015 May 15
5
[PATCH 0/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds.
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=1212807
2014 May 24
9
SELinux relabel API
[
I realized that we were discussing adding this feature, in various
private email, IRC, and this long bugzilla thread:
https://bugzilla.redhat.com/show_bug.cgi?id=1060423
That's not how we should do things. Let's discuss it on the
mailing list.
]
One thing that virt-customize/virt-sysprep/virt-builder have to do is
relabel SELinux guests.
What we do at the moment
2014 Jan 24
2
[PATCH 0/2] Implement virt-builder --selinux-relabel option.
Do SELinux relabelling properly.
2015 Jun 02
3
Try II: selinux, xfs, and CentOS 6 and 5 issue
Tried just the selinux list yesterday, no answers, so I'm trying again.
I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS
6 system, which has selinux in permissive mode. I then moved the drive to
a CentOS 5 system. When we run a copy (it mirror-copies from another
system), we get a ton of errors. I discovered that the CentOS 5 system was
enforcing. I changed it to
2005 Sep 12
1
The role of /.autorelabel
I could not get vsftpd to start; kept getting the "vsftpd Dead Subsys
Locked" error. On doing a Google search, I came across a fix (lost the
site unfortunately) and as I recall, it has something to do with copying
a file and having the incorrect SElinux settings (I have SElinux disabled).
The fix was to do a fixfiles, relabel (commands that I have never used)
or a touch of
2015 May 15
3
[PATCH v2 0/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds.
Fixes
https://bugzilla.redhat.com/show_bug.cgi?id=1212807
Since v1:
- Combine the virt-builder detection code into virt-customize.
- Enables us to delete Architecture and Uname modules completely.
Rich.
2011 Sep 08
1
Trying to understand SELinux MSG
Hello,
I received the below SELinux message today and I am trying to figure out what
caused it. I see what it says under Allow Access but I am not sure this is
what I really want to do without know why it happened in the first place.
What should I be looking at to understand what or why this has happened?
Any help I would be most grateful for.
Here is the output form SELinux
SUMMARY:
2016 Jul 14
0
[PATCH v2 4/7] customize: Add module for doing SELinux relabel of filesystem.
This implements the --selinux-relabel option for virt-customize,
virt-builder and virt-sysprep. There is no need to autorelabel
functionality now.
Thanks: Stephen Smalley
---
builder/Makefile.am | 1 +
builder/virt-builder.pod | 20 +++++++++----------
customize/Makefile.am | 2 ++
customize/SELinux_relabel.ml | 46 +++++++++++++++++++++++++++++++++++++++++++
2015 May 15
0
[PATCH 2/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds (RHBZ#1212807).
---
customize/customize_run.ml | 22 +++++++++++++---------
1 file changed, 13 insertions(+), 9 deletions(-)
diff --git a/customize/customize_run.ml b/customize/customize_run.ml
index 0f1d72a..cd4616c 100644
--- a/customize/customize_run.ml
+++ b/customize/customize_run.ml
@@ -338,15 +338,19 @@ exec >>%s 2>&1
if ops.flags.selinux_relabel then (
msg (f_"SELinux
2016 Jul 13
6
[PATCH 0/5] Fix SELinux
We can use the setfiles(8) command to relabel the guest filesystem,
even though we don't have a policy loaded nor SELinux enabled in the
appliance kernel.
This also deprecates or removes the old and broken SELinux support.
This patch isn't quite complete - I would like to add some tests to
the new API. I'm posting here to garner early feedback.
Rich.
2016 Jul 14
10
[PATCH v2 0/7] Fix SELinux
v1 -> v2:
- Add simple test of the setfiles API.
- Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel).
- Small fixes.
Rich.
2008 Aug 01
2
BackupPC 3.1.0 on CentOS 5.2 triggers SE Linux denial
Hi. I've installed BackupPC 3.1.0 from Testing repository, to Cent
OS 5.2 x86_64, and I am hitting an SE Linux denial - the httpd cannot
talk to the BackupPC socket:
type=AVC msg=audit(07/31/2008 17:18:53.623:410) : avc: denied {
connectto } for pid=11767 comm=httpd
path=/var/log/BackupPC/BackupPC.sock
scontext=user_u:system_r:httpd_t:s0
tcontext=user_u:system_r:initrc_t:s0
2014 May 26
2
[PATCH 2/2] Use setfiles from the appliance for the SELinux relabel (RHBZ#1089100).
Rewrite the relabel API to read the policy configured in the guest,
invoking setfiles (added as part of the appliance, as part of
policycoreutils) to relabel the specified root. In case of failure at
any point of the process, a touch of .autorelabel in the root is tried
as last-attempt measure to do the relabel.
Considering that running SELinux tools in the appliance might be
affected by the
2009 Nov 07
5
Serious Privileges Problem: Second Post!
I have a serious privileges problem that is making it impossible to serve
python pages on a CentOS server. I have tried to resolve this problem in my
last post, but now it appears that interest has petered out. I'm desperate
and hoping someone on this list can help.
[Fri Nov 06 11:50:40 2009] [error] [client 66.248.168.98] (2)No such file or
directory: exec of
2007 May 11
1
SELinux in %post
Does anyone know if utilities like semanage or fixfiles will be
successful if used during the %post section of a kickstart
installation?
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
2008 Jan 22
0
SELinux contexts for krb5
I have just migrated my Kerberos setup to a new machine (running inside
Xen) and it is complaining at startup about the file contexts not being
correct, even after running /sbin/fixfiles. On the previous machine I'm
sure I had set SELinux to permissive and that's why it never complained.
Here are the contexts *after* running /sbin/fixfiles -R krb5-server
restore
# ls -AlZ
2011 Jan 31
1
Squid and SELinux
Hi.
I'm trying to setup squid with SELinux, the problem i encounter is taht
i want to add another directory for cache, in this system we have a home
partition with huge space, i create a squid dir and add the path with
semanage:
semanage fcontext -a -t squid_cache_t '/home/squid(/.*)?'
i check the files and are in the good context:
drwxr-xr-x squid squid
2015 May 26
2
"selinux --disabled" in kickstart file does NOT disable SELINUX
To set selinux to permissive or disabled mode during a kickstart
installation, add the sed -i -e 's/\(^SELINUX=\).*$/\1permissive/'
/etc/selinux/config command to the %post section of the kickstart file.
Making sure to replace "permissive" with the required selinux mode.
-- https://bugzilla.redhat.com/show_bug.cgi?id=435300
On 26 May 2015 at 04:40, Rob Kampen <rkampen at
2007 Mar 12
2
selinux disable but still working
I have some centos 4.4 server. i have disable selinux for some software
problem:
# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disable
#