similar to: QEMU/KVM: SELinux denial on /dev/zero when starting a VM

Displaying 20 results from an estimated 900 matches similar to: "QEMU/KVM: SELinux denial on /dev/zero when starting a VM"

2009 Nov 09
4
SELinux and KVM
I am trying to set up a test kvm virtual machine on a core2 quad system. I have managed to thread my way through bridging eth0 and I have a CentOS-5.4 dvd iso prepared. Using virt-manager, when I try and add a new guest then I get the error reproduced below. Now, I know that I can 'fix' this by building a local mod via audit2allow and installing via semodule. However, I cannot seem to
2007 Aug 16
1
SELinux questions, upon restarting BIND
Hi all, On my newly up-and-running nameserver (CentOS 5), I noticed the following alerts in /var/log/messages after restarting BIND. (lines inserted to aid in reading). As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an issue which simply *must* be addressed, or if it's something I should live with, and 2) how to eliminate the warming messages without sacrificing
2010 Jan 12
2
optimization challenge
I have a challenge that I want to share with the group. This is not homework (but I may assign it as such if I teach the appropriate class again) and I have found one solution, so don't need anything urgent. This is more for fun to see if others can find a better solution than I did. The challenge: I want to read a book in a given number of days. I want to read an integer number of
2003 Jul 21
0
strange WIS entries
Hi! I have a samba file server (192.168.1.2) and wins server (192.168.1.2) with ~70 clients. The server's netbios names are ALMA and KORTE. The Workgroup's name is ALMA. Issue 1: -------- nmblookup -U 192.168.1.2 -R korte querying korte on 192.168.1.2 192.168.1.2 korte<00> nmblookup -U 192.168.1.2 -R alma querying alma on 192.168.1.2 255.255.255.255 alma<00> strange.... I
2015 Dec 23
1
CentOS 7 pcp-pmda-nvidia-gpu SELinux problems
Hi all, I installed Performance Co-Pilot 3 days ago, and installed the nVidia PMDA according to the instructions at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Performance_Tuning_Guide/ch03s03s02.html and was able to view metrics about my video card using pmchart. I then played around a little with the lmsensors PMDA (but it doesn't look too useful to me -
2015 Jul 09
3
C-6.6 - sshd_config chroot SELinux issues
CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if
2008 Mar 03
1
Unable open raw socket in CentOS 5 - SE Linux and kernel capability interaction?
I am wondering what is the interaction between SE Linux and the kernel "capabilities" in CentOS 5.1? I'm trying to open a raw socket and keep getting permission denied errors. I've tried using the lcap library to find that CAP_SETPCAP appears to be off in the kernel. For compliance reasons, I don't want to turn this on. I've also tried a hand-crafted SE Linux
2004 Jul 20
0
Benutzer nicht gefunden (Passwort)
Automatisch generierte Meldung ! ################################ Hallo, leider wurde die von Ihnen verwendete EMail-Adresse 'r-devel@r-project.org' in unseren Datenbanken (Bewerber/Firmen-Ansprechpartner) nicht gefunden. Ihre Userdaten k?nnen Sie auch ?ber unsere Homepage www.alma-mater.de unter Hilfe/Passwort direkt abfragen. Bitte verwenden Sie als Absendeadresse die
2020 Jul 09
0
NVDIMM in devdax mode and SELinux (was: Two questions about NVDIMM devices)
Milan Zamazal <mzamazal@redhat.com> writes: > Daniel P. Berrangé <berrange@redhat.com> writes: > >> On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >>> The second problem is that a VM fails to start with a backing NVDIMM in >>> devdax mode due to SELinux preventing access to the /dev/dax* device (it >>> doesn't happen with any
2006 Aug 12
1
url_for and :defaults
Hello, in my routes there are (just for testing): map.connect '':controller/:id/:action'', :defaults => {:action => ''alma''} in my controller: def alma render :text => url_for(:id => 123) end so I go to: http://localhost:3000/music/store which generates: http://localhost:3000/music/store/123/index Where the
2008 Mar 07
1
Unable open raw socket in CentOS 5 - SE Linux and kernelcapability interaction?
The raw socket option in the kernel only allows privileged processes to open them. Selinux controls which privileged processes have the right to. To allow an unprivileged process to access a raw socket you will need to write a proxy daemon that runs privileged and is allowed in selinux to create a raw socket. This daemon can then provide a unix socket to unprivileged processes whose access can
2011 Nov 03
1
CentOS-5.7 + megaraid + SELinux : update problem
Hello, After updating to CentOS-5.7, I have a (small) problem : The context of /dev/megadev0 is now defined (in /etc/selinux/targeted/contexts/files/file_contexts) as system_u:object_r:removable_device_t:s0. This cause smartmontools to fail : avc: denied { read write } for pid=2847 comm="smartd" name="megadev0" dev=tmpfs ino=8284
2007 Mar 01
1
TDM400p Loaded only once
Hi when I turn on my PC I able to load the drivers and start my card, if I reboot the PC I have the following error ztcfg -vvv Zaptel Configuration ====================== Channel map: Channel 01: FXS Kewlstart (Default) (Slaves: 01) Channel 02: FXS Kewlstart (Default) (Slaves: 02) Channel 03: FXS Kewlstart (Default) (Slaves: 03) Channel 04: FXS Kewlstart (Default) (Slaves: 04) 4 channels
2015 Oct 09
2
CentOS-6 SSHD chroot SELinux problem
I run a sshd host solely to allow employees to tunnel secure connections to our internal hosts. Some of which do not support encrypted protocols. These connections are chroot'ed via the following in /etc/ssh/sshd_config Match Group !wheel,!xxxxxx,yyyyy AllowTcpForwarding yes ChrootDirectory /home/yyyyy X11Forwarding yes Where external users belong to group yyyyy (primary). We
2012 Nov 26
0
Installation and Setup of Samba4 AD DC on CentOS6
I have setup a Samba4 server and would like to report my experiences in the hope that it may be helpful to others. I basically followed the official Samba4 HowTo, which is very good. Based on what I have seen, this is the only document I would recommend people to follow. I will try not to repeat things that are covered in the HowTo, but rather focus on what I did differently or additionally,
2009 Aug 27
1
SELinux messages after compiling new kernel
Hi, I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors: SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy
2019 Feb 25
0
Policy issue: C7 and motion
Not sure who's package let an error slip in, but I don't believe I've had this issue before: SELinux is preventing /usr/bin/motion from map access on the chr_file /dev/video1 Yes, that should be allowed by default. mark
2009 Dec 29
1
Error Code: 20. Error Desc: Received SIGUSR1 or SIGINT
Hi Rsync Support, Recently we encountered issue on our prod environment because the rsync seems hanging, it took time building the list.Previously the rsync process was working before 10:24am not until 10:25am. See sample log below. We have one source server and the data files will be rsync to 2 webservers. Please advise what could be the cause of the issue. Please let me know if you need
2023 Mar 21
1
How to configure?
Killed glfsheal, after a day there were 218 processes, then they got killed by OOM during the weekend. Now there are no processes active. Trying to run "heal info" reports lots of files quite quickly but does not spawn any glfsheal process. And neither does restarting glusterd. Is there some way to selectively run glfsheal to fix one brick at a time? Diego Il 21/03/2023 01:21,
2023 Mar 24
1
How to configure?
In glfsheal-Connection.log I see many lines like: [2023-03-13 23:04:40.241481 +0000] E [MSGID: 104021] [glfs-mgmt.c:586:glfs_mgmt_getspec_cbk] 0-gfapi: failed to get the volume file [{from server}, {errno=2}, {error=File o directory non esistente}] And *lots* of gfid-mismatch errors in glustershd.log . Couldn't find anything that would prevent heal to start. :( Diego Il 21/03/2023