Re: [CentOS] SELInux conflict with Postfixadmin

2017-02-21 Thread Daniel J Walsh
On 02/21/2017 11:52 AM, Robert Moskowitz wrote: > > > On 02/21/2017 11:46 AM, Zdenek Sedlak wrote: >> On 2017-02-21 17:30, Robert Moskowitz wrote: >>> postfixadmin setup.php is claiming: >>> >>> *Error: Smarty template compile directory templates_c is not writable.* >>> *Please make it writable.*

Re: [CentOS] SELinux upgrade

2017-01-19 Thread Daniel J Walsh
On 01/19/2017 08:57 AM, Marcin Trendota wrote: > W dniu 19.01.2017 o 14:54, Johnny Hughes pisze: > >>> So, it looks like something with docker-selinux and container-selinux... >> Right, I wanted to mention that docker-selinux was replaced with >> container-selinux in the lasest version. > Shouldn

Re: [CentOS] username.pem

2016-04-26 Thread Daniel J Walsh
Best label available I can see is sshd_var_run_t. Not exactly named well but it would work. chcon -R -t sshd_var_run_t /var/lib/ssh-x509-auth On 04/26/2016 11:31 AM, m.r...@5-cent.us wrote: Hi, folks, Our system gets/creates /var/lib/ssh-x509-auth/,pem, then deletes it when the log ou

Re: [CentOS] CentOS 7, selinux issue

2016-04-06 Thread Daniel J Walsh
Can you attach one of the AVC's. Mos likely ssh-x509-auth needs to be labeled sshd_key_t or ssh_home_t On 04/06/2016 02:54 PM, m.r...@5-cent.us wrote: I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /va

Re: [CentOS] puppet files denied by SELinux

2015-06-29 Thread Daniel J Walsh
I have no idea of the current dependency problem. I think your original problem was caused by mv'ing files from an nfs share to /etc which maintained the context. And SELinux prevented puppet from accessing nfs_t type. If you had just run restorecon on the object it would have set it back to the

Re: [CentOS] more newbie questions -- init 5 works, init 3 doesn't for "normal" users

2015-06-17 Thread Daniel J Walsh
On 06/11/2015 05:27 PM, m.r...@5-cent.us wrote: > Kay Schenk wrote: >> On 06/11/2015 08:28 AM, m.r...@5-cent.us wrote: >>> Kay Schenk wrote: On 06/10/2015 10:06 PM, Gordon Messmer wrote: > On 06/10/2015 05:25 PM, Kay Schenk wrote: >> I get /home/ not found when it's there and >>

Re: [CentOS] selinux allow apache log access

2015-06-17 Thread Daniel J Walsh
On 06/17/2015 04:03 PM, Jonathan Billings wrote: > On Wed, Jun 17, 2015 at 03:30:51PM -0400, Tim Dunphy wrote: >> No prob! Thanks for all the help! But in searching my system I don't find >> anything of the sort. >> >> [root@monitor2:~] #updatedb >> [root@monitor2:~] #locate myzabbix.te >> [root@

Re: [CentOS] Try II: selinux, xfs, and CentOS 6 and 5 issue

2015-06-02 Thread Daniel J Walsh
On 06/02/2015 11:30 AM, m.r...@5-cent.us wrote: > Tried just the selinux list yesterday, no answers, so I'm trying again. > > I partitioned GPT, and formatted, as xfs, a large (3TB) drive on a CentOS > 6 system, which has selinux in permissive mode. I then moved the drive to > a CentOS 5 system.

Re: [CentOS] CentOS 7 selinux policy bug

2015-05-30 Thread Daniel J Walsh
On 05/29/2015 09:20 AM, m.r...@5-cent.us wrote: > Hi, folks, > >CentOS 7.1. Selinux policy, and targetted, updated two days ago. > > May 28 17:02:41 python: SELinux is preventing /usr/bin/bash > from execute access on the file /usr/bin/bash.#012#012* <...> > May 28 17:02:45 python: SELi

Re: [CentOS] SEmodule dependency hell.

2015-04-07 Thread Daniel J Walsh
You should be able to modify the definition of a port. Or create a new port type and modify the existing port to use it. http_port_t is just a name (type) that we can use to group a number of ports together. Sadly we do not separate the port types of incoming and outgoing connections. So if you

Re: [CentOS] building RPMs with SELinux

2015-01-26 Thread Daniel J Walsh
On 01/22/2015 05:40 AM, Andrew Holway wrote: > Hello, > > Im trying to find some good info on building RPMs that set the correct > SELinux contexts for the installed packages. > > Any ideas? > > Thanks, > > Andrew > ___ > CentOS mailing list > CentOS@cen

Re: [CentOS] How to prevent root from managing/disabling SELinux

2015-01-26 Thread Daniel J Walsh
On 01/23/2015 06:01 PM, Stephen Harris wrote: > At work I'm used to tools like eTrust Access Control (aka SEOS). eTrust > takes away the ability to manage the eTrust config from root and puts it > in the hands of "security admin". So there's a good separation of duties; > security admin control

Re: [CentOS] CentOS-6.6 Fail2Ban and Postfix Selinux AVCs

2015-01-21 Thread Daniel J Walsh
On 01/19/2015 01:59 PM, James B. Byrne wrote: > On Mon, January 19, 2015 11:50, James B. Byrne wrote: >> I am seeing these in the log of one of our off-site NX hosts running >> CentOS-6.6. >> >> type=AVC msg=audit(1421683972.786:4372): avc: denied { create } for >> pid=22788 comm="iptables" scon

Re: [CentOS] CentOS 6, CUPS and Canon printers problem

2015-01-21 Thread Daniel J Walsh
On 01/21/2015 04:11 AM, Emmanuel Noobadmin wrote: > Just to follow up to myself and leave a record, the problem is SELinux > blocking the driver from creating/reading/writing temporary files > under CUPS. > ___ > CentOS mailing list > CentOS@centos.org >

Re: [CentOS] SELinux-alert: aide wants to write to /var/run/winbindd/pipe

2015-01-14 Thread Daniel J Walsh
On 01/13/2015 05:09 AM, Patrick Bervoets wrote: > Hi, > > does anyone know if aide should have access to this socket? > > SELinux is preventing /usr/sbin/aide from write access on the > sock_file /var/run/winbindd/pipe. > > Thanks > Patrick > Looks like it is doing some call to getpw* which is usi

Re: [CentOS] How to configure xguest Firefox home page

2014-12-19 Thread Daniel J Walsh
On 12/09/2014 02:39 PM, James B. Byrne wrote: > On Mon, December 8, 2014 21:12, David McGuffey wrote: >> I've installed CentOS 6.6 on a workstation at a local non-profit as a >> kiosk machine. I used xguest. Works great, except now the customer >> wants the Firefox homepage to be one pointing to

Re: [CentOS] How to configure xguest Firefox home page

2014-12-19 Thread Daniel J Walsh
This is actually an old problem with pulseaudio processes no dying properly on exit. I think if you remove the exclusive flag from /etc/security/sepermit.conf This will work in all situations. The exclussive flag is there to make sure two different users can not login at the same time. On 12/

Re: [CentOS] selinux-policy update resets /etc/selinux/targeted/contexts/files/file_contexts?

2014-12-17 Thread Daniel J Walsh
On 12/17/2014 05:07 AM, Patrick Bervoets wrote: > Hi, > > On an internal webserver (latest C6) I want smb-access to /var/www/html/ > In april I did > chcon -R -t public_content_rw_t /var/www/html/ > setsebool -P allow_smbd_anon_write 1 > setsebool -P allow_httpd_anon_write 1 > echo

Re: [CentOS] Postfix avc (SELinux)

2014-12-08 Thread Daniel J Walsh
On 12/05/2014 01:24 PM, James B. Byrne wrote: > On Fri, December 5, 2014 04:53, Daniel J Walsh wrote: >> On 12/04/2014 03:22 PM, James B. Byrne wrote: >>> On Thu, December 4, 2014 12:29, James B. Byrne wrote: >>>> Re: SELinux. Do I just build a local policy or is t

Re: [CentOS] Postfix avc (SELinux)

2014-12-05 Thread Daniel J Walsh
On 12/04/2014 03:22 PM, James B. Byrne wrote: > On Thu, December 4, 2014 12:29, James B. Byrne wrote: >> Re: SELinux. Do I just build a local policy or is there some boolean setting >> needed to handle this? I could not find one if there is but. . . >> > Anyone see any problem with generating a c

Re: [CentOS] SEtroubleshootd Crashing

2014-12-04 Thread Daniel J Walsh
unt of AVCs we were > getting. > > John > > On 3 December 2014 at 10:01, Daniel J Walsh wrote: > >> Looks like turning on three booleans will solve most of the problem. >> >> httpd_execmem, httpd_run_stickshift, allow_httpd_anon_write >> >> >>

Re: [CentOS] SEtroubleshootd Crashing

2014-12-03 Thread Daniel J Walsh
/bin/ps > > dr-xr-xr-x. root root system_u:object_r:proc_t:s0 /proc > > I'll send the audit log on to Dan. > > Cheers, > > John > > On 2 December 2014 at 16:10, Daniel J Walsh wrote: > >> Could you send me a copy of your audit.log. &g

Re: [CentOS] SEtroubleshootd Crashing

2014-12-02 Thread Daniel J Walsh
-18c4040be03c > Dec 2 10:04:06 server setroubleshoot: last message repeated 2 times > Dec 2 10:04:06 server sedispatch: AVC Message for setroubleshoot, dropping > message > Dec 2 10:04:06 server sedispatch: last message repeated 3 times > > Cheers, > > John > > O

Re: [CentOS] SEtroubleshootd Crashing

2014-12-01 Thread Daniel J Walsh
And see if there was something in the database that was causing it problems. Make sure there is no setroubleshootd running and >/var/lib/setroubleshoot/setroubleshoot_database.xml > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf

Re: [CentOS] SEtroubleshootd Crashing

2014-12-01 Thread Daniel J Walsh
ewer version released that will fix it. > > -Original Message- > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of Daniel J Walsh > Sent: 01 December 2014 14:58 > To: CentOS mailing list > Subject: Re: [CentOS] SEtroubleshootd Crashing &g

Re: [CentOS] SEtroubleshootd Crashing

2014-12-01 Thread Daniel J Walsh
This seems to be a problem with an updated version of libxml. On 11/28/2014 09:04 AM, Gary Smithson wrote: > When running Node.js through Phusion Passenger on Centos 6.5 ( Linux > 2.6.32-431.23.3.el6.x86_64 #1 SMP Thu Jul 31 17:20:51 UTC 2014 x86_64 x86_64 > x86_64 GNU/Linux), with SELinux enable

Re: [CentOS] Anyone have a Brother multifunction working on Centos 7?

2014-11-17 Thread Daniel J Walsh
On 11/12/2014 10:54 PM, Peter wrote: > On 11/13/2014 12:10 PM, Negative wrote: >> I have a Brother MFC 7360N, and it is refusing to print. > I have a DCP-540CN which is a similar but I think older network printer. > I haven't tried it on CentOS 7 yet, but got it to work with Fedora 18 > and 19 wh

Re: [CentOS] Xorg installation broken under docker

2014-11-11 Thread Daniel J Walsh
On 11/11/2014 02:17 PM, Jim Perrin wrote: > > On 11/11/2014 12:45 PM, Daniel J Walsh wrote: > >> We need to get systemd-container into the default centos image. >> We are working on this for RHEL7 also. That way these problems >> can be prevented and we can make

Re: [CentOS] Xorg installation broken under docker

2014-11-11 Thread Daniel J Walsh
On 11/11/2014 12:11 PM, Jim Perrin wrote: > > On 11/11/2014 04:51 AM, Wander Costa wrote: >> Hi, >> >> I have been trying to build a docker image to run unit tests for the B2G >> project [1]. However when I try to install Xorg I get this error [2]. >> I have been searching on web but is still not

Re: [CentOS] ProFTPD SFTP with SELinux

2014-11-06 Thread Daniel J Walsh
On 11/05/2014 09:41 PM, Philip Gardner, Jr. wrote: > Has anyone attempted to make SFTP on ProFTPD with SELinux work? I'd > like to keep SELinux enabled on this particular system, but I prefer > ProFTPD's SFTP solution over OpenSSH. The aureport tool reports the > following: > > 28. 11/05/2014 12:5

Re: [CentOS] DHCP chown

2014-11-04 Thread Daniel J Walsh
On 11/02/2014 02:45 PM, John R Pierce wrote: > On 11/2/2014 11:37 AM, Barry Brimer wrote: >>> I just installed 6.5 and am trying to bring up DHCP. >>> >>> service dhcpd start fails with "Can't chown new lease file: >>> Operation not >>> permitted" in /var/log/messages >> >> Check the permissions

Re: [CentOS] CentOS 6.6: KVM not found

2014-11-04 Thread Daniel J Walsh
On 11/01/2014 12:12 AM, Chris wrote: > On 10/31/2014 08:12 PM, Jonathan Billings wrote: >> Is there an AVC entry in >> the audit logs for when you try to load the module? > I cannot say for sure if those entries were created when starting the vm > or when rebooting the physical host. > These avc's

Re: [CentOS] CentOS 6.6: KVM not found

2014-11-04 Thread Daniel J Walsh
On 10/31/2014 06:06 AM, Chris wrote: > On 10/31/2014 10:47 AM, Karanbir Singh wrote: >> can you post the relevant selinux audit.log entries that were preventing >> kvm's ko to be loaded ? > Sure. > > type=VIRT_CONTROL msg=audit(1414739214.851:62): user pid=2911 uid=0 > auid=4294967295 ses=42949672

Re: [CentOS] CentOS 6.6 Bacula-SELinux issue

2014-11-04 Thread Daniel J Walsh
I see nothing about tape_device_t in bacula policy in Fedora, so I please create a local policy and then send it to us, so it can get merged into the upstream and back ported for RHEL/Centos. On 10/30/2014 03:01 PM, Paul Heinlein wrote: > I updated my backup server to CentOS 6.6 this morning. As us

Re: [CentOS] Centos 6.5 - Fping - SE Linux - Missing type enforcement (TE) allow rule

2014-10-26 Thread Daniel J Walsh
On 10/26/2014 12:10 AM, admin wrote: > I've just recreated the module and enabled it, yet I can't seem to > allow fping to be used by the httpd process. It seems that the last > error was just a byproduct of a bad module I had not properly removed. > Are there any additional troubleshooting steps

Re: [CentOS] SAMBA as AD DC

2014-09-23 Thread Daniel J Walsh
On 09/16/2014 10:50 AM, Markus Steinborn wrote: > Hi Daniel, > > Daniel J Walsh wrote: >> What AVC's is SELinux giving you? > Policy has been "enforcing" - and I see the folloqwing AVCs at the end > of my audit log - but those repeated several times: >

Re: [CentOS] SAMBA as AD DC

2014-09-16 Thread Daniel J Walsh
What AVC's is SELinux giving you? On 09/15/2014 02:48 AM, Markus Steinborn wrote: > Hi Miguel, > > Miguel Medalha wrote: Anyway, Sernet also provides a source rpm. Why not build up from that base? > CentOS 7 is using systemd - that would cause problems. > > > And anyway, I've used t

Re: [CentOS] SELinux alert on Centos 7 yum update

2014-09-11 Thread Daniel J Walsh
What AVC messages are you seeing? What does the setroubleshoot alert message show? On 09/10/2014 07:04 PM, Sven Kieske wrote: > On 10.09.2014 10:40, dE wrote: > > > I bet this has to do with troubleshootd (is it there in CentOS? I'm > > not sure but in Fedora 19 it was there). > > I bet this has

Re: [CentOS] SELinux vs. virsh

2014-08-24 Thread Daniel J Walsh
On 08/23/2014 10:45 AM, Bill Gee wrote: > On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote: >> On 08/21/2014 10:03 AM, Bill Gee wrote: >>> On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote: >>>> Re: [CentOS] SELinux vs. logwatch and v

Re: [CentOS] CentOS Digest, Vol 115, Issue 21

2014-08-22 Thread Daniel J Walsh
On 08/21/2014 10:03 AM, Bill Gee wrote: > On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote: >> Re: [CentOS] SELinux vs. logwatch and virsh >> From: Daniel J Walsh >> To: CentOS mailing list >> >> On 08/18/2014 02:13 PM, Bill Gee wrote: >

Re: [CentOS] HP ProLiant DL380 G5

2014-08-21 Thread Daniel J Walsh
On 08/21/2014 05:00 PM, m.r...@5-cent.us wrote: > Matt wrote: >>> Hate to change the conversation here but that's why I hate hardware >>> RAID. >>> If it was software RAID, Linux would always tell you what's going on. >>> Besides, Linux knows much more about what is going on on the disk and >>> wh

Re: [CentOS] Centos 7 lockup

2014-08-21 Thread Daniel J Walsh
On 08/21/2014 02:09 PM, Les Mikesell wrote: > On Thu, Aug 21, 2014 at 12:23 PM, wrote: >> Les Mikesell wrote: >>> A machine I set up to run OpenNMS stopped working last night - no >>> hardware alarm lights, but keyboard/monitor/network unresponsive. >>> After a reboot I see a large stack of mess

Re: [CentOS] SELinux vs. logwatch and virsh

2014-08-20 Thread Daniel J Walsh
e user cron jobs are needed. > > Thanks - Bill Gee > > > = >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > What AVC messages

Re: [CentOS] SELinux vs. logwatch and virsh

2014-08-15 Thread Daniel J Walsh
On 08/14/2014 11:02 AM, Bill Gee wrote: > Hello everyone - > > I am stumped ... Does anyone have suggestions on how to proceed? Is there a > way > to get what I want? > > The environment: CentOS 7.0 with latest patches. > > The goal: I want logwatch to include a report on the status of kvm

Re: [CentOS] SELinux vs. logwatch and virsh

2014-08-15 Thread Daniel J Walsh
On 08/14/2014 11:02 AM, Bill Gee wrote: > Hello everyone - > > I am stumped ... Does anyone have suggestions on how to proceed? Is there a > way > to get what I want? > > The environment: CentOS 7.0 with latest patches. > > The goal: I want logwatch to include a report on the status of kvm

Re: [CentOS] when will docker 1.1.2 for rhel7 be released?

2014-08-12 Thread Daniel J Walsh
We are working on an update to docker within RHEL7. First we are releasing it to our High Touch Beta process. If you are on HTB you should see a release in the next week. On 08/12/2014 08:54 AM, Jim Perrin wrote: > > On 08/11/2014 07:02 PM, Dennis Jacobfeuerborn wrote: > >> Looks like docker-io

Re: [CentOS] rsyslog does not log on a separate partition/FS mounted on /var/log/

2014-08-07 Thread Daniel J Walsh
On 08/07/2014 05:48 AM, Arun Khan wrote: > SOLVED > > On Wed, Aug 6, 2014 at 10:28 PM, James A. Peltier wrote: >> - Original Message - >> | On Wed, Aug 06, 2014 at 04:50:41PM +, Tony Mountifield wrote: >> | > >> | > Probably rsyslog is being started before /var/log is mounted, and >>

Re: [CentOS] SELinux context for web application directories

2014-06-29 Thread Daniel J Walsh
On 06/27/2014 11:47 AM, James B. Byrne wrote: > CentOS-6.5 > > We deploy web applications written with the Ruby on Rails framework using > Capistrano (2.x). Each 'family' of web applications are 'owned' by a > dedicated user id. The present httpd service is Apache 2.2.15 and we use > Passenger 3

Re: [CentOS] mail delivery question

2014-06-23 Thread Daniel J Walsh
On 06/20/2014 03:15 PM, Chuck Campbell wrote: > I've built a new mail system with Centos 6.5, and I'm running fetchmail - > sendmail - procmail to maildir. I have all of this working at the moment.(I > know, postfix was the default, but for lots of other reasons, I switched, and > that isn't an is

Re: [CentOS] SELinux issue?

2014-06-16 Thread Daniel J Walsh
On 06/16/2014 11:13 AM, m.r...@5-cent.us wrote: > Chuck Campbell wrote: >> I've recently built a new mail server with centos6.5, and decided to bite >> the bullet and leave SELinux running. I've stumbled through making > things work >> and am mostly there. >> >> I've got my own spam and ham corpus

Re: [CentOS] /etc/bash_completion.d/git generates permissions errors

2014-05-28 Thread Daniel J Walsh
On 05/28/2014 12:55 PM, James B. Byrne wrote: > I did a yum update to my desktop machine as root this morning and now my > regular logon account sees this whenever I press the enter key: > > etc/audisp/audispd.conf: Permission denied > etc/audisp/plugins.d/af_unix.conf: Permission denied > etc/aud

Re: [CentOS] abrt dump qt selinux

2014-05-20 Thread Daniel J Walsh
Was the system running out of memory. semodule is very memory intensive. On 05/20/2014 01:57 PM, Zynda, Bradley V. (GSFC-423.0)[ADNET SYSTEMS INC] wrote: > Hi all, > > Note: selinux was in permissive prior to error > > Got this with a yum update: > > abrt_version: 2.0.8 > cgroup: > cmdline:

Re: [CentOS] Centos 6.5 workaround needed for selinux "Could not open policy file" bug

2014-05-20 Thread Daniel J Walsh
On 05/20/2014 12:50 PM, Michael McNulty wrote: > I read about this bug in the Centos 6.2 faq and the link showing it fixed in > https://bugzilla.redhat.com/show_bug.cgi?id=769859 > but I am still getting it updating on a Centos 6.5 server that had selinux > disabled. I want to run selinux as per

Re: [CentOS] OpenDKIM and SELinux

2014-05-13 Thread Daniel J Walsh
On 05/13/2014 09:56 AM, James B. Byrne wrote: > On Mon, May 12, 2014 14:05, Daniel J Walsh wrote: > >>> dac_read_search and dac_override are usually bad to add. They typically >>> mean the permission flags on the file in question is two tight for a >>> root proces

Re: [CentOS] OpenDKIM and SELinux

2014-05-12 Thread Daniel J Walsh
On 05/12/2014 01:26 PM, Daniel J Walsh wrote: > On 05/12/2014 09:17 AM, James B. Byrne wrote: >> Following the most recent kernel updates I restarted our outgoing SMTP MTA >> which was recently reconfigured to DKIM sign messages using OpenDKIM. This >> morning I discov

Re: [CentOS] OpenDKIM and SELinux

2014-05-12 Thread Daniel J Walsh
On 05/12/2014 09:17 AM, James B. Byrne wrote: > Following the most recent kernel updates I restarted our outgoing SMTP MTA > which was recently reconfigured to DKIM sign messages using OpenDKIM. This > morning I discovered that Postfix had stopped on that server. Whether it is > related to the P

Re: [CentOS] Opendkim and SELinux

2014-05-05 Thread Daniel J Walsh
On 05/05/2014 11:22 AM, James B. Byrne wrote: > CentOS-6.5 > OpenDKIM-2.9.0 (epel) > Postfix-2.6.6 (updates) > > I am trying to get opendkim working with our mailing lists. In the course of > that endeavour I note that these messages are appearing in our syslog: > > > May 4 20:50:02 inet08 setr

Re: [CentOS] SELInux and POSTFIX

2014-04-28 Thread Daniel J Walsh
On 04/25/2014 10:52 AM, James B. Byrne wrote: > On Wed, April 23, 2014 16:44, Daniel J Walsh wrote: >> Looks like this is allowed in rhel6.5 policy. You could try >> >> selinux-policy-3.7.19-235.el6 >> on people.redhat.com/dwalsh/SELinux/RHEL6 >> > yum -

Re: [CentOS] SELInux and POSTFIX

2014-04-23 Thread Daniel J Walsh
Looks like this is allowed in rhel6.5 policy. You could try selinux-policy-3.7.19-235.el6 on people.redhat.com/dwalsh/SELinux/RHEL6 On 04/23/2014 01:51 PM, James B. Byrne wrote: > Installed Packages > Name: postfix > Arch: x86_64 > Epoch : 2 > Version : 2.6.6 > Release

Re: [CentOS] backuppc problem

2014-04-21 Thread Daniel J Walsh
On 04/19/2014 05:03 PM, Derrik Walker v2.0 wrote: > On 04/19/2014 04:47 PM, Les Mikesell wrote: >> On Sat, Apr 19, 2014 at 10:40 AM, Derrik Walker v2.0 >> wrote: >>> I've installed backuppc from the EPEL repository. It does backups just >>> fine, BUT, when the backups are done, the status on th

Re: [CentOS] Centos and Selinux issue

2014-03-31 Thread Daniel J Walsh
Do you actually want the data to be available to both domains at the same time? Or could you setup different directories? If you want them to be both available you could label it postgresql_db_t, and then turn on the samba_export_all_ro_boolean or samba_export_all_rw_boolean. If this was to loo

Re: [CentOS] rsyslog not loading relp

2014-03-30 Thread Daniel J Walsh
On 03/28/2014 03:19 PM, Mauricio Tavares wrote: > On Mon, Nov 4, 2013 at 5:08 PM, Mauricio Tavares wrote: >> On Mon, Nov 4, 2013 at 9:59 AM, Stephen Harris wrote: >>> On Mon, Nov 04, 2013 at 09:49:37AM -0500, Mauricio Tavares wrote: I really have nobody else but rsyslog.conf here: >>>

Re: [CentOS] Install from cdrom and Update repo

2014-03-15 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2014 05:24 PM, Eero Volotinen wrote: > Please provide complete kickstart, not just a snippet of it. 14.3.2014 > 22.47 kirjoitti "EljiUdia" : > >> Hi, >> >> I have make a kickstart file to automate the installation from cdrom and >> another

Re: [CentOS] Anyone using trac on centos?

2014-03-13 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/12/2014 04:52 PM, m.r...@5-cent.us wrote: > Peter Brady wrote: >> On 13/03/14 5:02 AM, m.r...@5-cent.us wrote: >>> (Besides Paul, who's busy?) >>> >>> I just need one question answered: I keep reading the docs, and given >>> the old traditional

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-07 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 07:07 PM, SilverTip257 wrote: > On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh wrote: > >> >> man zebra_selinux >> > > Thank you for the quick reply. > > ~]# man zebra_selinux No manual en

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 01:15 PM, Les Mikesell wrote: > On Thu, Mar 6, 2014 at 11:03 AM, Daniel J Walsh wrote: >>> >>> All in the world, or all that have been created for currently >>> installed packages? Is this as bad

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 10:39 AM, Les Mikesell wrote: > On Thu, Mar 6, 2014 at 8:02 AM, Daniel J Walsh wrote: >>>>> >>>> setsebool -P zebra_write_config 1 >>> >>> Is there some global registration facility f

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2014 02:11 PM, Les Mikesell wrote: > On Wed, Mar 5, 2014 at 9:19 AM, Daniel J Walsh wrote: >> >> man zebra_selinux ... If you want to allow zebra daemon to write it >> configuration files, you must turn on the zebra

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-05 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2014 07:56 PM, SilverTip257 wrote: > Hello All, > > Does anyone happen to be running Quagga on CentOS 5 with SELinux in > enforcing mode? Have you had to create SELinux policies or did it "just > work" out of the box? > > (I'll get around t

Re: [CentOS] CentOS 5 + Quagga + SELinux

2014-03-05 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2014 07:56 PM, SilverTip257 wrote: > Hello All, > > Does anyone happen to be running Quagga on CentOS 5 with SELinux in > enforcing mode? Have you had to create SELinux policies or did it "just > work" out of the box? > > (I'll get around t

Re: [CentOS] Strange Samba Issue

2014-02-17 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/17/2014 09:08 AM, John R Pierce wrote: > On 2/17/2014 5:36 AM, Styma, Robert E (Robert) wrote: >> Researching showed that there are a number of little selinux flags to set >> to get samba to work. I went into /etc/selinux/config and turned off >

Re: [CentOS] openswan and ipsec

2014-02-09 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/08/2014 11:05 PM, Markus Falb wrote: > # ipsec verify ... If you encounter network related SElinux errors, > especially when using KLIPS, try disabling SElinux ... > > Well, it is not running KLIPS but netkey, anyways I feel not comfortable > ab

Re: [CentOS] quota and selinux on centos 6.5

2013-12-23 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/20/2013 03:23 PM, EljiUdia wrote: > With semanage it works. > > The new rule will be included in next release? > Miroslav can you back port this role to RHEL 6.6. > > > > On Friday, December 20, 2013 7:29 PM,

Re: [CentOS] quota and selinux on centos 6.5

2013-12-20 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/19/2013 02:31 PM, EljiUdia wrote: > Hi, > > > I'm facing a challenge with selinux and because I don't got an explanation > elsewhere, I'm trying to explain here. I have decided to mount > /var/spool/cron on a separate partition and apply quota

Re: [CentOS] RHEL 7 Beta is now public

2013-12-13 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/12/2013 03:26 PM, Peter wrote: > On 12/13/2013 08:20 AM, Daniel J Walsh wrote: >> On 12/12/2013 01:49 PM, Peter wrote: >>> On 12/13/2013 02:45 AM, Daniel J Walsh wrote: > >>>> What SELInux issue did you have?

Re: [CentOS] RHEL 7 Beta is now public

2013-12-12 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/12/2013 01:49 PM, Peter wrote: > On 12/13/2013 02:45 AM, Daniel J Walsh wrote: > >> What SELInux issue did you have? What policy did you need to add? > > Unfortunately I've misplaced the audit logs and report of the pro

Re: [CentOS] RHEL 7 Beta is now public

2013-12-12 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/12/2013 06:03 AM, Peter wrote: > On 12/12/2013 11:05 PM, Karanbir Singh wrote: >> >> The overall aim is to have as many people as possible test the rhel7 beta >> and file bugs at bugzilla.redhat.com; that way everyone is testing anf >> doing fee

Re: [CentOS] ltsp & Selinux

2013-11-25 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 09:03 AM, ? wrote: >> The message I'm now seeing in /var/log/audit/audit.log : >> >> type=AVC msg=audit(1385112688.399:67769): avc: denied { write } for >> pid=8218 comm="xauth" name="caw" dev=md1 ino=262145 >> scont

Re: [CentOS] ltsp & Selinux

2013-11-25 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 07:26 AM, Johan Vermeulen wrote: > Hello All, > > I set up ltsp regulary, on Centos6 machines. > > This morning I have a Selinux problem that usualy does not occur: after > setting everything up, the thinclients boot, but nobody can log

Re: [CentOS] X11 connection rejected because of wrong authentication

2013-11-25 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 08:50 AM, James B. Byrne wrote: > > On Sun, November 24, 2013 20:08, Timothy Murphy wrote: >> I'd like to run SELinux on my CentOS server in enforcing mode, but I get >> the above message when I run sealert. I assume this is because I am

Re: [CentOS] Selinux TFTP question [was: (no subject)]

2013-11-18 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/18/2013 08:20 AM, Tris Hoar wrote: > > On 16/11/2013 21:46, Andrew Holway wrote: >> [root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot >> directory system_u:object_r:tftpdir_t:s0 /tftpboot/.* >> all files system_u:object_r:tftpdir_t

Re: [CentOS] echo 0> /selinux/enforce

2013-11-07 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/2013 12:55 PM, Les Mikesell wrote: > On Wed, Nov 6, 2013 at 11:01 AM, Daniel J Walsh wrote: > >>>> SELinux blocks "confined" processes, but usually does not block the >>>> administrator who is runni

Re: [CentOS] echo 0> /selinux/enforce

2013-11-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/2013 11:55 AM, Les Mikesell wrote: > On Wed, Nov 6, 2013 at 9:23 AM, Daniel J Walsh wrote: >> >> SELinux blocks "confined" processes, but usually does not block the >> administrator who is running as unc

Re: [CentOS] echo 0> /selinux/enforce

2013-11-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/2013 05:13 PM, Wes James wrote: > When does echo 0 > /selinux/inforce need to be used? I.e., where is > selinux enforcing itself on the system to protect it? When I do yum > install of some package, it seems to work (not being blocked). W

Re: [CentOS] echo 0> /selinux/enforce

2013-11-06 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/05/2013 05:13 PM, Wes James wrote: First you should use setenforce 0/setenforce 1. Theoretically never. It should really be discouraged. It is like the Enterprise bringing it "Shields" down. SELinux in permissive mode will continue to do acc

Re: [CentOS] read-only file system when trying to save files

2013-11-04 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/01/2013 06:55 PM, Mark LaPierre wrote: > On 11/01/2013 06:36 PM, Wes James wrote: >> I have installed emacs with yum and now I'm trying to create a .emacs >> file and put some commands in it, but I can't type anything in the emacs >> buffer. It

Re: [CentOS] Looking for input SELinux/Other & post-commit hooks.

2013-09-25 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2013 12:35 PM, James A. Peltier wrote: > Hi All, > > I'm looking for input as to how I may restrict some post commit hooks by > way of SELinux or some other mechanism. Here's a description of the > problem that I need to solve. > > I have a

Re: [CentOS] Why libnetfilter_queue is missing from CentOS, but available in, Fedora?

2013-08-10 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/09/2013 05:47 PM, Ljubomir Ljubojevic wrote: > On 08/09/2013 04:06 PM, m.r...@5-cent.us wrote: >> Robert Moskowitz wrote: >>> >>> On 08/09/2013 08:48 AM, Mike Burger wrote: Simply put, it's likely not in RHEL, either. CentOS is, essentially

Re: [CentOS] SELinux Question

2013-07-23 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/23/2013 07:15 AM, Ken Smith wrote: > > James Hogarth wrote: >> On 23 Jul 2013 07:42, "Ken Smith" wrote: >> >>> For some reason auditd wasn't running or enabled. I'm now seeing the >>> messages I needed in /var/log/messages. I'm running

Re: [CentOS] SELinux Question

2013-07-22 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/22/2013 10:55 AM, Paul Norton wrote: > Hello Ken Try this " site:danwalsh.livejournal.com" in your > searches. Also this is a good book > http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694/ref=sr_1_2?ie=UTF8&qid=1374504

Re: [CentOS] evince file could not be saved

2013-06-17 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/11/2013 03:28 PM, Michael Hennebry wrote: > On Tue, 11 Jun 2013, Daniel J Walsh wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 06/10/2013 03:31 PM, Michael Hennebry wrote: >>> On Mon, 10

Re: [CentOS] evince file could not be saved

2013-06-11 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/10/2013 03:31 PM, Michael Hennebry wrote: > On Mon, 10 Jun 2013, m.r...@5-cent.us wrote: > >> Michael Hennebry wrote: >>> On Mon, 10 Jun 2013, Michael Hennebry wrote: On Mon, 10 Jun 2013, m.r...@5-cent.us wrote: > Michael Hennebry wrote

Re: [CentOS] r-x and r-x.

2013-05-28 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/28/2013 10:06 AM, m.r...@5-cent.us wrote: > Johan Vermeulen wrote: >> >> Op 25-04-13 19:41, m.r...@5-cent.us schreef: >>> John R Pierce wrote: On 4/25/2013 5:01 AM, mark wrote: > Two things: unless this is a laptop, shut down NetworkMan

Re: [CentOS] r-x and r-x.

2013-04-25 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/25/2013 04:54 AM, Johan Vermeulen wrote: > > > > > Op 24-04-13 22:53, m.r...@5-cent.us schreef: >> John R. Dennison wrote: >>> On Wed, Apr 24, 2013 at 03:06:11PM -0400, Daniel J Walsh wrote: >>>>

Re: [CentOS] r-x and r-x.

2013-04-24 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/24/2013 02:57 PM, Johan Vermeulen wrote: > Dear All, > > thanks for the responses. > > Indeed, on machine A, Selinux is disabled. > > -bash-4.1# selinuxenabled && echo enabled || echo disabled disabled > > and on machine B, it's enabled. > >

Re: [CentOS] silencing Passenger "ps" SELinux errors

2013-03-27 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/27/2013 10:01 AM, Paul Norton wrote: > On 27 March 2013 13:09, ign...@vault13.lt wrote: > >> Hello, >> >> how do people cope with constant SELinux errors like this from Fusion >> Passenger: >> >> 36886. 03/27/2013 14:20:05 ps unconfined_u:sy

Re: [CentOS] CentOS 6.4 x86_64 VM Install freezes

2013-03-22 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/22/2013 04:25 PM, Robert Heller wrote: > At Thu, 21 Mar 2013 20:54:04 -0400 Robert Heller > wrote: > >> >> At Thu, 21 Mar 2013 16:04:22 -0700 CentOS mailing list >> wrote: >> >>> >>> On 3/21/2013 3:42 PM, Robert Heller wrote: Is it bec

Re: [CentOS] Shorewall and upgrade from 6.3 to 6.4

2013-03-14 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2013 01:03 AM, Kahlil Hodgson wrote: > On 14/03/13 06:23, Gordon Messmer wrote: >> On 03/12/2013 04:07 PM, Kahlil Hodgson wrote: >>> If you are upgrading from 6.3 to 6.4 and you use shorewall, you will >>> want to run >>> >>> restorecon -Rv

Re: [CentOS] Kernel panic after update to 6.4

2013-03-14 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2013 05:52 PM, Nux! wrote: > On 12.03.2013 20:41, Emmett Culley wrote: >> After successfully updating three CentOS 6.3 VM guests to 6.4 I decided >> to update the host as well. And it failed to boot. >> >> Kernel panic - Not syncing: Attempt

Re: [CentOS] selinux + kvm virtualization + smartd problem

2013-03-11 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/11/2013 01:10 PM, Ilyas -- wrote: > In which package/version? > > I've updated my home NAS to CentOS6.4 but it still has problem with access > drives which passed to virtual machines. > > On Mon, Mar 11, 2013 at 6:31 PM

  1   2   3   >