similar to: QEMU/KVM: SELinux denial on /dev/zero when starting a VM

I am trying to set up a test kvm virtual machine on a core2 quad system. I have managed to thread my way through bridging eth0 and I have a CentOS-5.4 dvd iso prepared. Using virt-manager, when I try and add a new guest then I get the error reproduced below. Now, I know that I can 'fix' this by building a local mod via audit2allow and installing via semodule. However, I cannot seem to

Hi all, On my newly up-and-running nameserver (CentOS 5), I noticed the following alerts in /var/log/messages after restarting BIND. (lines inserted to aid in reading). As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an issue which simply *must* be addressed, or if it's something I should live with, and 2) how to eliminate the warming messages without sacrificing

I have a challenge that I want to share with the group. This is not homework (but I may assign it as such if I teach the appropriate class again) and I have found one solution, so don't need anything urgent. This is more for fun to see if others can find a better solution than I did. The challenge: I want to read a book in a given number of days. I want to read an integer number of

Hi! I have a samba file server (192.168.1.2) and wins server (192.168.1.2) with ~70 clients. The server's netbios names are ALMA and KORTE. The Workgroup's name is ALMA. Issue 1: -------- nmblookup -U 192.168.1.2 -R korte querying korte on 192.168.1.2 192.168.1.2 korte<00> nmblookup -U 192.168.1.2 -R alma querying alma on 192.168.1.2 255.255.255.255 alma<00> strange.... I

Hi all, I installed Performance Co-Pilot 3 days ago, and installed the nVidia PMDA according to the instructions at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/ch03s03s02.html and was able to view metrics about my video card using pmchart. I then played around a little with the lmsensors PMDA (but it doesn't look too useful to me -

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if

I am wondering what is the interaction between SE Linux and the kernel "capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep getting permission denied errors. I've tried using the lcap library to find that CAP_SETPCAP appears to be off in the kernel. For compliance reasons, I don't want to turn this on. I've also tried a hand-crafted SE Linux

Automatisch generierte Meldung ! ################################ Hallo, leider wurde die von Ihnen verwendete EMail-Adresse 'r-devel@r-project.org' in unseren Datenbanken (Bewerber/Firmen-Ansprechpartner) nicht gefunden. Ihre Userdaten k?nnen Sie auch ?ber unsere Homepage www.alma-mater.de unter Hilfe/Passwort direkt abfragen. Bitte verwenden Sie als Absendeadresse die

Milan Zamazal <mzamazal@redhat.com> writes: > Daniel P. Berrangé <berrange@redhat.com> writes: > >> On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >>> The second problem is that a VM fails to start with a backing NVDIMM in >>> devdax mode due to SELinux preventing access to the /dev/dax* device (it >>> doesn't happen with any

Hello, in my routes there are (just for testing): map.connect '':controller/:id/:action'', :defaults => {:action => ''alma''} in my controller: def alma render :text => url_for(:id => 123) end so I go to: http://localhost:3000/music/store which generates: http://localhost:3000/music/store/123/index Where the

The raw socket option in the kernel only allows privileged processes to open them. Selinux controls which privileged processes have the right to. To allow an unprivileged process to access a raw socket you will need to write a proxy daemon that runs privileged and is allowed in selinux to create a raw socket. This daemon can then provide a unix socket to unprivileged processes whose access can

Hello, After updating to CentOS-5.7, I have a (small) problem : The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0. This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284

Hi when I turn on my PC I able to load the drivers and start my card, if I reboot the PC I have the following error ztcfg -vvv Zaptel Configuration ====================== Channel map: Channel 01: FXS Kewlstart (Default) (Slaves: 01) Channel 02: FXS Kewlstart (Default) (Slaves: 02) Channel 03: FXS Kewlstart (Default) (Slaves: 03) Channel 04: FXS Kewlstart (Default) (Slaves: 04) 4 channels

I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We

I have setup a Samba4 server and would like to report my experiences in the hope that it may be helpful to others. I basically followed the official Samba4 HowTo, which is very good. Based on what I have seen, this is the only document I would recommend people to follow. I will try not to repeat things that are covered in the HowTo, but rather focus on what I did differently or additionally,

Hi, I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors: SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy

Not sure who's package let an error slip in, but I don't believe I've had this issue before: SELinux is preventing /usr/bin/motion from map access on the chr_file /dev/video1 Yes, that should be allowed by default. mark

Hi Rsync Support, Recently we encountered issue on our prod environment because the rsync seems hanging, it took time building the list.Previously the rsync process was working before 10:24am not until 10:25am. See sample log below. We have one source server and the data files will be rsync to 2 webservers. Please advise what could be the cause of the issue. Please let me know if you need

Killed glfsheal, after a day there were 218 processes, then they got killed by OOM during the weekend. Now there are no processes active. Trying to run "heal info" reports lots of files quite quickly but does not spawn any glfsheal process. And neither does restarting glusterd. Is there some way to selectively run glfsheal to fix one brick at a time? Diego Il 21/03/2023 01:21,

In glfsheal-Connection.log I see many lines like: [2023-03-13 23:04:40.241481 +0000] E [MSGID: 104021] [glfs-mgmt.c:586:glfs_mgmt_getspec_cbk] 0-gfapi: failed to get the volume file [{from server}, {errno=2}, {error=File o directory non esistente}] And *lots* of gfid-mismatch errors in glustershd.log . Couldn't find anything that would prevent heal to start. :( Diego Il 21/03/2023