On Sunday, August 24, 2014 06:45:14 Daniel J Walsh wrote:
On 08/23/2014 10:45 AM, Bill Gee wrote:
On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote:
On 08/21/2014 10:03 AM, Bill Gee wrote:
On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote:
Re: [CentOS] SELinux
On Thu, Aug 28, 2014 at 07:05:49AM -0500, Bill Gee wrote:
Another curious thing is that it all works perfectly when I run-parts
/etc/cron.daily from a root login. Why should SELinux regard that as
different from when it is run by cron???
Cron runs processes in a different SELinux domain
On Thursday, August 28, 2014 08:24:32 Jonathan Billings wrote:
On Thu, Aug 28, 2014 at 07:05:49AM -0500, Bill Gee wrote:
Another curious thing is that it all works perfectly when I run-parts
/etc/cron.daily from a root login. Why should SELinux regard that as
different from when it is run
On Thu, Aug 28, 2014 at 08:16:58AM -0500, Bill Gee wrote:
But that means that SELinux contexts are NOT stable ... They are
NOT the same for all instances of a process. It seems to me that
defeats the whole purpose of SELinux.
I think you're confusing the account the process is running under
On Thursday, August 28, 2014 10:20:06 Jonathan Billings wrote:
On Thu, Aug 28, 2014 at 08:16:58AM -0500, Bill Gee wrote:
But that means that SELinux contexts are NOT stable ... They are
NOT the same for all instances of a process. It seems to me that
defeats the whole purpose of SELinux.
On Thu, Aug 28, 2014 at 10:29:50AM -0500, Bill Gee wrote:
Hmmm... OK, let's go back to my original goal. I want
logwatch to include the output of hddtemp /dev/sda and virsh
--list all in its daily reports. How is that to be accomplished?
Based on what you said above, I think the way
On Sunday, August 24, 2014 06:45:14 Daniel J Walsh wrote:
On 08/23/2014 10:45 AM, Bill Gee wrote:
On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote:
On 08/21/2014 10:03 AM, Bill Gee wrote:
On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote:
Re: [CentOS] SELinux
On 08/23/2014 10:45 AM, Bill Gee wrote:
On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote:
On 08/21/2014 10:03 AM, Bill Gee wrote:
On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote:
Re: [CentOS] SELinux vs. logwatch and virsh
From: Daniel J Walsh dwa...@redhat.com
On Friday, August 22, 2014 08:50:26 Daniel J Walsh wrote:
On 08/21/2014 10:03 AM, Bill Gee wrote:
On Thursday, August 21, 2014 12:00:03 centos-requ...@centos.org wrote:
Re: [CentOS] SELinux vs. logwatch and virsh
From: Daniel J Walsh dwa...@redhat.com
To: CentOS mailing list centos
the machine in permissive mode, run your tests and then add
the allow rules using
audit2allow -M mylogwatch
Message: 8
Date: Fri, 15 Aug 2014 11:22:40 -0400
From: Daniel J Walsh dwa...@redhat.com
Subject: Re: [CentOS] SELinux vs. logwatch and virsh
To: CentOS mailing list centos@centos.org
Walsh dwa...@redhat.com
Subject: Re: [CentOS] SELinux vs. logwatch and virsh
To: CentOS mailing list centos@centos.org
Message-ID: 53ee25c0.3040...@redhat.com
Content-Type: text/plain; charset=windows-1252
On 08/14/2014 11:02 AM, Bill Gee wrote:
Hello everyone -
I am stumped ... Does anyone
On 08/14/2014 11:02 AM, Bill Gee wrote:
Hello everyone -
I am stumped ... Does anyone have suggestions on how to proceed? Is there a
way
to get what I want?
The environment: CentOS 7.0 with latest patches.
The goal: I want logwatch to include a report on the status of kvm virtual
On 08/14/2014 11:02 AM, Bill Gee wrote:
Hello everyone -
I am stumped ... Does anyone have suggestions on how to proceed? Is there a
way
to get what I want?
The environment: CentOS 7.0 with latest patches.
The goal: I want logwatch to include a report on the status of kvm virtual
Hello everyone -
I am stumped ... Does anyone have suggestions on how to proceed? Is there a
way
to get what I want?
The environment: CentOS 7.0 with latest patches.
The goal: I want logwatch to include a report on the status of kvm virtual
computers.
The problem: When run from
On Sun, June 29, 2014 06:59, Daniel J Walsh wrote:
On 06/27/2014 11:47 AM, James B. Byrne wrote:
CentOS-6.5
The questions I have are: What is an appropriate SELinux context for such a
directory structure given it is used by a httpd service? Is the default
user
home setting of
Not sure if this got through - nixspam was being aggravating, so I'm
reposting.
James B. Byrne wrote:
CentOS-6.5
We deploy web applications written with the Ruby on Rails framework
using Capistrano (2.x). Each 'family' of web applications are 'owned' by
a dedicated user id. The present httpd
On 06/27/2014 11:47 AM, James B. Byrne wrote:
CentOS-6.5
We deploy web applications written with the Ruby on Rails framework using
Capistrano (2.x). Each 'family' of web applications are 'owned' by a
dedicated user id. The present httpd service is Apache 2.2.15 and we use
Passenger
CentOS-6.5
We deploy web applications written with the Ruby on Rails framework using
Capistrano (2.x). Each 'family' of web applications are 'owned' by a
dedicated user id. The present httpd service is Apache 2.2.15 and we use
Passenger 3.0.11. We are moving shortly to a new deployment host
James B. Byrne wrote:
CentOS-6.5
We deploy web applications written with the Ruby on Rails framework
using Capistrano (2.x). Each 'family' of web applications are 'owned'
by a dedicated user id. The present httpd service is Apache 2.2.15 and
we use Passenger 3.0.11. We are moving shortly to
I've recently built a new mail server with centos6.5, and decided to bite the
bullet and leave SELinux running. I've stumbled through making things work and
am mostly there.
I've got my own spam and ham corpus as mbox files in /home/user/Mail/learned.
These files came from my backup of the
Chuck Campbell wrote:
I've recently built a new mail server with centos6.5, and decided to bite
the bullet and leave SELinux running. I've stumbled through making
things work
and am mostly there.
I've got my own spam and ham corpus as mbox files in
/home/user/Mail/learned.
These files came
On 06/16/2014 11:13 AM, m.r...@5-cent.us wrote:
Chuck Campbell wrote:
I've recently built a new mail server with centos6.5, and decided to bite
the bullet and leave SELinux running. I've stumbled through making
things work
and am mostly there.
I've got my own spam and ham corpus as mbox
On 6/16/2014 10:13 AM, m.r...@5-cent.us wrote:
Chuck Campbell wrote:
I've recently built a new mail server with centos6.5, and decided to bite
the bullet and leave SELinux running. I've stumbled through making
things work
and am mostly there.
I've got my own spam and ham corpus as mbox
On 04/25/2014 10:52 AM, James B. Byrne wrote:
On Wed, April 23, 2014 16:44, Daniel J Walsh wrote:
Looks like this is allowed in rhel6.5 policy. You could try
selinux-policy-3.7.19-235.el6
on people.redhat.com/dwalsh/SELinux/RHEL6
yum --enablerepo=localfile update selinux\*
Loaded plugins:
On Wed, April 23, 2014 16:44, Daniel J Walsh wrote:
Looks like this is allowed in rhel6.5 policy. You could try
selinux-policy-3.7.19-235.el6
on people.redhat.com/dwalsh/SELinux/RHEL6
yum --enablerepo=localfile update selinux\*
Loaded plugins: downloadonly, fastestmirror, priorities
Loading
Installed Packages
Name: postfix
Arch: x86_64
Epoch : 2
Version : 2.6.6
Release : 6.el6_5
Size: 9.7 M
Repo: installed
From repo : updates
I am seeing several of these in our maillog file after a restart of the
Postfix service:
Apr 23 12:48:27
Looks like this is allowed in rhel6.5 policy. You could try
selinux-policy-3.7.19-235.el6
on people.redhat.com/dwalsh/SELinux/RHEL6
On 04/23/2014 01:51 PM, James B. Byrne wrote:
Installed Packages
Name: postfix
Arch: x86_64
Epoch : 2
Version : 2.6.6
Release :
On 16/11/2013 21:46, Andrew Holway wrote:
[root@ipa tftpboot]# semanage fcontext -l | grep tftp
/tftpboot directory
system_u:object_r:tftpdir_t:s0
/tftpboot/.* all files
system_u:object_r:tftpdir_t:s0
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/18/2013 08:20 AM, Tris Hoar wrote:
On 16/11/2013 21:46, Andrew Holway wrote:
[root@ipa tftpboot]# semanage fcontext -l | grep tftp /tftpboot
directory system_u:object_r:tftpdir_t:s0 /tftpboot/.*
all files system_u:object_r:tftpdir_t:s0
Gordon Messmer wrote:
On 07/22/2013 07:41 AM, Ken Smith wrote:
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS,
On 23 Jul 2013 07:42, Ken Smith k...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running bind chrooted and
various other tweeks mean I need to set SELinux accordingly.
Bind chroot via the standard chroot
James Hogarth wrote:
On 23 Jul 2013 07:42, Ken Smithk...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running bind chrooted and
various other tweeks mean I need to set SELinux accordingly.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/23/2013 07:15 AM, Ken Smith wrote:
James Hogarth wrote:
On 23 Jul 2013 07:42, Ken Smithk...@kensnet.org wrote:
For some reason auditd wasn't running or enabled. I'm now seeing the
messages I needed in /var/log/messages. I'm running
Hello Ken
Try this search term site:danwalsh.livejournal.com in your searches.
Also this is a good book
http://www.amazon.com/SELinux-Example-Using-Security-Enhanced/dp/0131963694/ref=sr_1_2?ie=UTF8qid=1374504654sr=8-2keywords=selinux
This is the best I can do as I don't understand. What
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS, but sealert -b is not listing any alerts. I can see raw audit
messages.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/22/2013 10:55 AM, Paul Norton wrote:
Hello Ken Try this search term site:danwalsh.livejournal.com in your
searches. Also this is a good book
On 07/22/2013 07:41 AM, Ken Smith wrote:
Hi Guys, My google foo is failing me this afternoon. Just configuring a
new C6 install. I know there are SELinux alerts happening, eg: I know I
need to enable named to write to the local .jnl file as part of dynamic
DNS, but sealert -b is not listing
Hi,
i am seeing an unsigned package here:
rpm -K
http://mirror.centos.org/centos/6/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm
http://mirror.centos.org/centos/6/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm:
sha1 md5 OK
i came across this while
On Mon, May 13, 2013 at 8:06 AM, Leon Fauster
leonfaus...@googlemail.com wrote:
Hi,
i am seeing an unsigned package here:
rpm -K
http://mirror.centos.org/centos/6/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm
Am 13.05.2013 um 17:38 schrieb Akemi Yagi amy...@gmail.com:
On Mon, May 13, 2013 at 8:06 AM, Leon Fauster leonfaus...@googlemail.com
wrote:
i am seeing an unsigned package here:
rpm -K
http://mirror.centos.org/centos/6/updates/x86_64/Packages/selinux-policy-3.7.19-195.el6_4.3.noarch.rpm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2013 09:11 AM, Ilyas -- wrote:
Dear Daniel,
BTW This will be fixed in the RHEL6.4 version of policy.
is new policy already available in rhel6.4?
Yes I believe so.
On Mon, Jan 14, 2013 at 9:33 PM, Daniel J Walsh dwa...@redhat.com
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2013 09:11 AM, Ilyas -- wrote:
Yes.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlE96q4ACgkQrlYvE4MpobNeIgCg333iYi55Q09gtyXYJ07RB8le
In which package/version?
I've updated my home NAS to CentOS6.4 but it still has problem with
access drives which passed to virtual machines.
On Mon, Mar 11, 2013 at 6:31 PM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/10/2013 09:11 AM, Ilyas
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 03/11/2013 01:10 PM, Ilyas -- wrote:
In which package/version?
I've updated my home NAS to CentOS6.4 but it still has problem with access
drives which passed to virtual machines.
On Mon, Mar 11, 2013 at 6:31 PM, Daniel J Walsh
Dear Daniel,
BTW This will be fixed in the RHEL6.4 version of policy.
is new policy already available in rhel6.4?
On Mon, Jan 14, 2013 at 9:33 PM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2013 07:35 AM, Ilyas -- wrote:
Hello,
I'm
tinydns starts up fine, selinux reports no issues (now after a day
of
clearing errors).
If I turn selinux back to permissive in /etc/sysconfig/selinux, and
reboot, tinydns responds to queries.
If I turn selinux back to enforcing and reboot, tinydns does not
respond.
Monitoring
I was getting permission errors (seen in /var/log/messages) in accessing
these two directories within my chroot tree. I was pulling out what
little hair I have, as the permissions were identical to those on my
Centos 5.5 server. So I switched selinux into permissive mode and now I
have
Robert,
Send output of this two commands:
ps -eZ | grep named
ls -alZ into directorys that you want to allow bind to write
Att,
Frederico Madeira
fmade...@gmail.com
www.madeira.eng.br
2013/2/14 Robert Moskowitz r...@htt-consult.com
I was getting permission errors (seen in
On 14/02/13 7:23 PM, Robert Moskowitz wrote:
I was getting permission errors (seen in /var/log/messages) in accessing
these two directories within my chroot tree. I was pulling out what
little hair I have, as the permissions were identical to those on my
Centos 5.5 server. So I switched
On 02/14/2013 11:09 PM, Peter Brady wrote:
On 14/02/13 7:23 PM, Robert Moskowitz wrote:
I was getting permission errors (seen in /var/log/messages) in accessing
these two directories within my chroot tree. I was pulling out what
little hair I have, as the permissions were identical to those
Hi all,
tinydns starts up fine, selinux reports no issues (now after a day of
clearing errors).
If I turn selinux back to permissive in /etc/sysconfig/selinux, and
reboot, tinydns responds to queries.
If I turn selinux back to enforcing and reboot, tinydns does not respond.
Monitoring
On Thu, Feb 14, 2013 at 11:33 AM, Philip Manuel p...@zomojo.com wrote:
Hi all,
tinydns starts up fine, selinux reports no issues (now after a day of
clearing errors).
If I turn selinux back to permissive in /etc/sysconfig/selinux, and
reboot, tinydns responds to queries.
If I turn
Hi list,
any working selinux policy for nginx on centos 6.3 ?
this is not working on centos: http://sourceforge.net/projects/selinuxnginx/
--
Eero
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
On 01/29/2013 12:32 AM, Eero Volotinen wrote:
Hi list,
any working selinux policy for nginx on centos 6.3 ?
this is not working on centos: http://sourceforge.net/projects/selinuxnginx/
Dan Walsh (the Red Hat SELinux guru) has a yum repo with the latest and
greatest SElinux policies which
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/13/2013 08:40 PM, Gordon Messmer wrote:
On 01/13/2013 04:11 AM, Ilyas -- wrote:
Where my mistake?
Good question. I don't see { read } in your early AVC list, so it's
possible that you hadn't yet run through all of the standard operations
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 01/12/2013 07:35 AM, Ilyas -- wrote:
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system
Daniel!
Great news!
Thank you.
On Mon, Jan 14, 2013 at 9:33 PM, Daniel J Walsh dwa...@redhat.com wrote:
On 01/12/2013 07:35 AM, Ilyas -- wrote:
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
Mode set to permissive:
[r...@srv-1.home ~]# cat /tmp/1.log | grep type=AVC
type=AVC msg=audit(1358078455.215:9598): avc: denied { getattr } for
pid=2521 comm=smartd path=/dev/sdc dev=devtmpfs ino=6327
scontext=unconfined_u:system_r:fsdaemon_t:s0
On 01/13/2013 04:11 AM, Ilyas -- wrote:
Where my mistake?
Good question. I don't see { read } in your early AVC list, so it's
possible that you hadn't yet run through all of the standard operations
for smartd when you generated the policy. However, { getattr }
appears both before and after,
Hello,
I'm using HP homeserver where host system run CentOS 6.3 with KVM
virtualization with SELinux enabled, guests too run the same OS (but
without SELinux, but this does not matter).
Host system installed on mirrors based on sda and sdb physical disks.
sd{c..f} disks attached to KVM guest
On 01/12/2013 04:35 AM, Ilyas -- wrote:
[r...@srv-1.home ~]# cat /var/log/audit/audit.log | grep smartd |
audit2allow -M smartd_svirt_image
[r...@srv-1.home ~]# semodule -i smartd_svirt_image.pp
but it not helped to solve problem.
How I can create permissive rule for selinux in my case?
Everyone,
I recently had a disc drive failure on a centos 5.8 internal mail
server. I replaced the drive and installed centos 6.3. I had selinux
turned off on the 5.8 machine, and with the upgrade to 6.3 decided to
leave selinux active with the hopes I had learned enough to be able to
use it.
Everyone,
I recently had a disc drive failure on a centos 5.8 internal mail
server. I replaced the drive and installed centos 6.3. I had selinux
turned off on the 5.8 machine, and with the upgrade to 6.3 decided to
leave selinux active with the hopes I had learned enough to be able to
use it.
On Mon, Dec 24, 2012 at 9:51 AM, Gregory P. Ennis po...@pomec.net wrote:
Everyone,
I recently had a disc drive failure on a centos 5.8 internal mail
server. I replaced the drive and installed centos 6.3. I had selinux
turned off on the 5.8 machine, and with the upgrade to 6.3 decided to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to have stopped it was
a) setsebool -P httpd_setrlimit 1 b) yum downgrade
On 11/21/12 05:17, Daniel J Walsh wrote:
On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to have stopped it was
a) setsebool -P httpd_setrlimit 1 b) yum downgrade
On 11/21/12 00:55, Banyan He wrote:
On 2012-11-21 4:56 AM, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to have stopped it was
a) setsebool -P httpd_setrlimit 1
b) yum downgrade
tried to install a new centos6.3 and apache. No luck to reproduce what
you've been through. Don't know what the error is you had but I dont get
any error from my log files.
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 2012-11-21 9:08 PM, mark wrote:
On
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/21/2012 08:05 AM, mark wrote:
On 11/21/12 05:17, Daniel J Walsh wrote:
On 11/20/2012 03:56 PM, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing
selinux errors to the log. I googled. What finally
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to have stopped it was
a) setsebool -P httpd_setrlimit 1
b) yum downgrade selinux-policy\*
This is on a 6.3 box. Has anyone else seen this behaviour?
mark
On 20/11/12 20:56, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to have stopped it was
a) setsebool -P httpd_setrlimit 1
b) yum downgrade selinux-policy\*
This is on a 6.3 box. Has anyone
what's the error? How do you produce it?
Banyan He
Blog: http://www.rootong.com
Email: ban...@rootong.com
On 2012-11-21 4:56 AM, m.r...@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux
errors to the log. I googled. What finally *seems* to
Hi,
I guess this is a bit OT but perhaps someone has encountered this issue
before. On a CentOS 6.3 x86_64 box I have installed postfix and dspam
from EPEL. Dspam is configured to listen on port 10026. After having
configured dspam and postfix I start dspam and then postfix and I see
the
On 10/22/2012 06:06 PM, Patrick Lists wrote:
[snip]
Solved with:
# semanage port -a -t smtp_port_t -p tcp 10026
Now trying to wrap my head around the next AVC which occurs when postfix
wants to pass an incoming email via lmtp to dspam via
/var/run/dspam/dspam.sock:
type=AVC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 09/14/2012 02:24 PM, m.r...@5-cent.us wrote:
James B. Byrne wrote:
On Thu, September 13, 2012 16:06, m.r...@5-cent.us wrote:
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of
On Thu, September 13, 2012 16:06, m.r...@5-cent.us wrote:
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 server setroubleshoot:
James B. Byrne wrote:
On Thu, September 13, 2012 16:06, m.r...@5-cent.us wrote:
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 server
CentOS 6.3. *Just* updated, including most current selinux-policy and
selinux-policy-targeted. I'm getting tons of these, as in it's just
spitting them out when I tail -f /var/log/messages:
Sep 13 15:20:51 server setroubleshoot: SELinux is preventing /bin/ps
from search access on the directory @2.
Hello,
This is somehow off-topic, since the problem appears on a modified
CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and
I'm not able to understand them.
From audit2why :
type=AVC msg=audit(1343724164.898:298772): avc: denied { mac_admin } for
pid=12399 comm=restore
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 08/01/2012 04:01 AM, Philippe Naudin wrote:
Hello,
This is somehow off-topic, since the problem appears on a modified
CentOS-6.2 (turned into a xen-4.1 host) : I get SELinux errors, and I'm not
able to understand them.
From audit2why :
From: Beartooth bearto...@comcast.net
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to someplace where I can disable it, or at least
set it to permissive?
Not an selinux
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Doe wrote:
From: Beartooth bearto...@comcast.net
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to someplace where I
As others have said, edit /etc/selinux/config as root set to
permissive as opposed to enforcing then reboot for the changes to take
effect.
Unless you are switching between permissive/enforcing and disabled (or
vice-versa) you done need a reboot - just use setenforce to change the
running
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 07/27/2012 05:22 AM, John Doe wrote:
From: Beartooth bearto...@comcast.net
It keeps butting in when I try to install map software from Garmin under
Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to
If you temporarily want SELinux permissive and plan on fixing it with
a custom policy module, run `setenforce 0`. Check to see the SELinux
status with `getenforce`. And you can check /var/log/audit/audit.log
to see what SELinux is saying.
I'm more inclined these days to put together policy
Phil Dobbin wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John Doe wrote:
From: Beartooth bearto...@comcast.net
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to someplace where I can disable it, or at least
set it to permissive?
___
From: Beartooth bearto...@comcast.net
To: centos@centos.org
Sent: Thursday, July 26, 2012 12:25 PM
Subject: [CentOS] SELinux in CentOS 6
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent
2012/7/26 Beartooth bearto...@comcast.net:
It keeps butting in when I try to install map software from Garmin
under Wine. I'm not nearly competent not willing to apply the remedy it
suggests. How do I get to someplace where I can disable it, or at least
set it to permissive?
On Wednesday 02 May 2012, Alan M. Evans wrote:
Hello all...
I maintain an amateurish email list for my wife's website on my CentOS 6
server. Once-a-month, she sends mail to mylista...@mydomain.com and
the /etc/aliases file redirects that to my script:
mylistaddr: | /usr/bin/php-cgi
On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote:
On Wednesday 02 May 2012, Alan M. Evans wrote:
Hello all...
I maintain an amateurish email list for my wife's website on my CentOS 6
server. Once-a-month, she sends mail to mylista...@mydomain.com and
the /etc/aliases file redirects
On Thu, 2012-05-03 at 06:54 -0700, Alan M. Evans wrote:
On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote:
On Wednesday 02 May 2012, Alan M. Evans wrote:
Hello all...
I maintain an amateurish email list for my wife's website on my CentOS 6
server. Once-a-month, she sends mail to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2012 10:02 AM, Alan M. Evans wrote:
On Thu, 2012-05-03 at 06:54 -0700, Alan M. Evans wrote:
On Thu, 2012-05-03 at 10:33 +0100, Colin Coles wrote:
On Wednesday 02 May 2012, Alan M. Evans wrote:
Hello all...
I maintain an amateurish
[ Sorry about the private message. Reply-to header wasn't set in your
message. Resending to all... ]
On Thu, 2012-05-03 at 10:19 -0400, Daniel J Walsh wrote:
What AVC messages are you seeing?
None now, as I said. But before I applied the local policy, the denials
were:
type=AVC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 05/03/2012 10:40 AM, Alan M. Evans wrote:
[ Sorry about the private message. Reply-to header wasn't set in your
message. Resending to all... ]
On Thu, 2012-05-03 at 10:19 -0400, Daniel J Walsh wrote:
What AVC messages are you seeing?
2012/5/3 Alan M. Evans a...@extratech.com:
[ Sorry about the private message. Reply-to header wasn't set in your
message. Resending to all... ]
On Thu, 2012-05-03 at 10:19 -0400, Daniel J Walsh wrote:
What AVC messages are you seeing?
None now, as I said. But before I applied the local
On Thu, 2012-05-03 at 11:04 -0400, Daniel J Walsh wrote:
On 05/03/2012 10:40 AM, Alan M. Evans wrote:
On Thu, 2012-05-03 at 10:19 -0400, Daniel J Walsh wrote:
What AVC messages are you seeing?
None now, as I said. But before I applied the local policy, the denials
were:
Hello all...
I maintain an amateurish email list for my wife's website on my CentOS 6
server. Once-a-month, she sends mail to mylista...@mydomain.com and
the /etc/aliases file redirects that to my script:
mylistaddr: | /usr/bin/php-cgi /var/www/html/mydomain/email-cgi.php
The script, in turn,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/29/2012 10:53 PM, David McGuffey wrote:
Getting module_request errors from SELinux. Errors being thrown by
metacity sendmail.postfix cleanup trivial-rewarite local postdrop pickup
All errors are essentially the same
System was working
On Mon, Apr 30, 2012 at 10:15 AM, Daniel J Walsh dwa...@redhat.com wrote:
These are caused because you disabled IPV6.
http://danwalsh.livejournal.com/47118.html
That note about HowTo disable IPV6 is in the CentOS FAQ:
201 - 300 of 771 matches
Mail list logo