Re: [CentOS] tmpfs / selinux issue

Am 26.07.20 um 17:23 schrieb Leon Fauster: Am 26.07.20 um 12:23 schrieb Strahil Nikolov: На 25 юли 2020 г. 14:20:19 GMT+03:00, Leon Fauster via CentOS написа: Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session

Re: [CentOS] tmpfs / selinux issue

On Jul 25, 2020, at 07:20, Leon Fauster via CentOS wrote: > > I wonder about the "remount" and the comm="ostnamed". > > I do not found any ostnamed application, the closest is hostnamed. You don’t happen to have snapd installed, do you? I can see several bugs posted related to snapd and

Re: [CentOS] tmpfs / selinux issue

Am 26.07.20 um 12:23 schrieb Strahil Nikolov: На 25 юли 2020 г. 14:20:19 GMT+03:00, Leon Fauster via CentOS написа: Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs

Re: [CentOS] tmpfs / selinux issue

Hi Leon, have you tried mounting with 'httpd_sys_rw_content_t' instead of 'httpd_var_run_t' ? Best Regards, Strahil Nikolov На 25 юли 2020 г. 14:20:19 GMT+03:00, Leon Fauster via CentOS написа: >Hi all, > >I have some AVC in the logs and wonder how to resolve this: Under >EL8 (enforcing

[CentOS] tmpfs / selinux issue

Hi all, I have some AVC in the logs and wonder how to resolve this: Under EL8 (enforcing SElinux) I have /var/lib/php/session mounted as tmpfs. # tail -1 /etc/fstab tmpfs /var/lib/php/session tmpfs

[CentOS] An selinux issue

CentUS 7.4 >From sealert: SELinux is preventing /usr/sbin/sshd from read access on the file /etc/ssh/moduli. * Plugin restorecon (94.8 confidence) suggests If you want to fix the label. /etc/ssh/moduli default label should be etc_t. Then you can run restorecon.

Re: [CentOS] CentOS 7, selinux issue

Can you attach one of the AVC's. Mos likely ssh-x509-auth needs to be labeled sshd_key_t or ssh_home_t On 04/06/2016 02:54 PM, m.r...@5-cent.us wrote: I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory

[CentOS] CentOS 7, selinux issue

I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /var/lib/ssh-x509-auth as well as others related to find, cat, etc on .pem's in that directory. Is this a policy bug, or just no policy covering this?

Re: [CentOS] CentOS 7 SELinux issue

On 02/25/2016 07:23 AM, Brandon Vincent wrote: On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox wrote: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to

Re: [CentOS] CentOS 7 SELinux issue

On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox wrote: > Turns out you get the "Could not downgrade policy file > /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux > disabled and something tries to install or reload policy: semodule -vR does

Re: [CentOS] CentOS 7 SELinux issue

On 02/24/2016 11:34 PM, Frank Cox wrote: On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote: I don't ordinarily run SELinux and do not have it enabled. https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html QUOTE: Turns out you get the "Could not downgrade policy file

Re: [CentOS] CentOS 7 SELinux issue

On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote: > I don't ordinarily run SELinux and do not have it enabled. https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html QUOTE: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error

[CentOS] CentOS 7 SELinux issue

Trying to add SELinux support to my bitcoin package. Keep getting this on install: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or

[CentOS] Centos and Selinux issue

Hi list, I'm new to Centos and I've a very small knowledge of selinux use. I can disable it, but I prefer take it on for study. I've a second mirrored device that I use for file sharing. This is the scenario: /dev/md2 mounted on /mnt/data To make samba working I must set the file context to

Re: [CentOS] Centos and Selinux issue

Alessandro Baggi wrote: Hi list, I'm new to Centos and I've a very small knowledge of selinux use. I can disable it, but I prefer take it on for study. Ok, first thing you want to do is set it to permissive mode (setenforce 0, and edit /etc/selinux/config to Permissive from Enforcing). That

Re: [CentOS] Centos and Selinux issue

On 3/31/2014 7:18 AM, Alessandro Baggi wrote: It's a better choice mount /dev/md2 on /mnt/data, make to dirs, one for pgsql and another for sambashare, set relative context and start services? well, its not a good practice to have your postgres data directory in a shared location, as nothing

Re: [CentOS] Centos and Selinux issue

Do you actually want the data to be available to both domains at the same time? Or could you setup different directories? If you want them to be both available you could label it postgresql_db_t, and then turn on the samba_export_all_ro_boolean or samba_export_all_rw_boolean. If this was to