Re: [CentOS] SELinux and KVM

> Of course, virt-manager now does not work. It opens but it does > not provide any means of adding a new virtual host. What are the symptoms? Does virt-manager ask for your root password when starting? Did you try with SELinux in permissive mode? I recommend that you install setroubleshoot, i

Re: [CentOS] SELinux and KVM

I removed qemu and reinstalled virt-manager using the -x qemu switch. Everything installs and I get kvm-qemu-img instead of qemu. Of course, virt-manager now does not work. It opens but it does not provide any means of adding a new virtual host. This places me back at my point of departure, alb

Re: [CentOS] SELinux and KVM

On Mon, November 9, 2009 10:44, James B. Byrne wrote: > I'm not running KVM (but Xen). From the snippets above I deduce: > > - qemu is not part of CentOS, you probably got it from rpmforge. > - that means you do not need qemu for KVM usage > - SELinux cannot know about it > - there's probably a d

Re: [CentOS] SELinux and KVM

> - qemu is not part of CentOS, you probably got it from rpmforge. > - that means you do not need qemu for KVM usage > - SELinux cannot know about it > - there's probably a different preferred way to use KVM on CentOS > >From a recent mail in this list: > > Well, it turns out that qemu is require

Re: [CentOS] SELinux and KVM

James B. Byrne wrote on Mon, 9 Nov 2009 10:44:36 -0500 (EST): > Install qemu. > SELinux denied access requested by qemu-system-x86. I'm not running KVM (but Xen). From the snippets above I deduce: - qemu is not part of CentOS, you probably got it from rpmforge. - that means you do not need qemu

[CentOS] SELinux and KVM

I am trying to set up a test kvm virtual machine on a core2 quad system. I have managed to thread my way through bridging eth0 and I have a CentOS-5.4 dvd iso prepared. Using virt-manager, when I try and add a new guest then I get the error reproduced below. Now, I know that I can 'fix' this by

Re: [CentOS] SELinux is preventing httpd from loading /usr/local/apache/modules/libphp5.so

Recommend you dump a copy of the selinux error message and send it to the selinux forum. Can't remember the full name off the top of my head but I believe if you google for selinux-list, you will hit it. DaveM On Sat, 2009-11-07 at 14:36 +0700, Ricky Tompu Breaky wrote: > Dear my friends... > >

Re: [CentOS] SELinux is preventing httpd from loading /usr/local/apache/modules/libphp5.so

Ricky Tompu Breaky wrote: > Dear my friends... > > Anybody would be so nice for telling me the solution of my problem. > > My Apache2 can not start. > > I find this error in /var/log/messages: > Nov 7 14:20:47 cencen setroubleshoot: SELinux is preventing httpd from > loading /usr/local/apache/m

Re: [CentOS] SELinux is preventing httpd from loading /usr/local/apache/modules/libphp5.so

On Sat, Nov 07, 2009 at 02:36:13PM +0700, Ricky Tompu Breaky wrote: > > My Apache2 can not start. > > I find this error in /var/log/messages: > Nov 7 14:20:47 cencen setroubleshoot: SELinux is preventing httpd from > loading /usr/local/apache/modules/libphp5.so which requires text > relocation. F

[CentOS] SELinux is preventing httpd from loading /usr/local/apache/modules/libphp5.so

Dear my friends... Anybody would be so nice for telling me the solution of my problem. My Apache2 can not start. I find this error in /var/log/messages: Nov 7 14:20:47 cencen setroubleshoot: SELinux is preventing httpd from loading /usr/local/apache/modules/libphp5.so which requires text reloca

Re: [CentOS] selinux...

> m.r...@5-cent.us wrote: > >> You begin to see my frustration, esp. when I have to skim through logs >> that have a dozen, or two dozen, of these (and others) every hour, to >> find other more important messages. > > How about log filtering? Since your in such a high security > environment to need

Re: [CentOS] selinux...

m.r...@5-cent.us wrote: > You begin to see my frustration, esp. when I have to skim through logs > that have a dozen, or two dozen, of these (and others) every hour, to find > other more important messages. How about log filtering? Since your in such a high security environment to need SELinux I

Re: [CentOS] selinux...

> Then we can go to: > <...> avc:  denied  { write } for  pid=5898 comm="LLAWP" > path="/var/log/httpd/smagent.log" dev=sda3 ino= > scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:httpd_log_t:s0 > tclass=file When selinux is configured for permissive mode, the action is permitted, but sel

Re: [CentOS] selinux...

> On Wed, Oct 7, 2009 at 11:45 AM, wrote: >>> Quoting m.r...@5-cent.us: >>> Have I mentioned that I am less than enthralled with selinux? My latest issue is continuing messages in the /var/log/messages, which complain, for example, that siteminder can't write to smagent log >

Re: [CentOS] selinux...

On Wed, Oct 7, 2009 at 11:45 AM, wrote: >> Quoting m.r...@5-cent.us: >> >>> Have I mentioned that I am less than enthralled with selinux? >>> >>> My latest issue is continuing messages in the /var/log/messages, which >>> complain, for example, that siteminder can't write to smagent log (well, >>>

Re: [CentOS] selinux...

> Quoting m.r...@5-cent.us: > >> Have I mentioned that I am less than enthralled with selinux? >> >> My latest issue is continuing messages in the /var/log/messages, which >> complain, for example, that siteminder can't write to smagent log (well, >> it can, since we've got selinux in permissive mo

Re: [CentOS] selinux...

Quoting m.r...@5-cent.us: > Have I mentioned that I am less than enthralled with selinux? > > My latest issue is continuing messages in the /var/log/messages, which > complain, for example, that siteminder can't write to smagent log (well, > it can, since we've got selinux in permissive mode, and

[CentOS] selinux...

Have I mentioned that I am less than enthralled with selinux? My latest issue is continuing messages in the /var/log/messages, which complain, for example, that siteminder can't write to smagent log (well, it can, since we've got selinux in permissive mode, and no, we have no control over using ei

Re: [CentOS] SELinux Relabeling

On Saturday 12 September 2009 03:31:25 pm A. Kirillov wrote: > Read this thread: > https://www.redhat.com/archives/fedora-selinux-list/2009-July/msg00141.html Arrgh Sasha right on!!! Thanks so much! I had no idea about "Customizable Types" and indeed httpd_sys_content_t is o

Re: [CentOS] SELinux Relabeling

> > If I perform "matchpathcon /var/whatever" I still get var_t as > > its default type. Then again, why it kept the httpd_sys_content_t after the > > relabel? > > I did the same test on Fedora 10 (which of course is way newer than Centos) > and it behaves different (the way I had in mind): af

Re: [CentOS] SELinux Relabeling

On Wednesday 09 September 2009 08:08:27 am Jorge Fábregas wrote: > If I perform "matchpathcon  /var/whatever" I still get var_t as > its default type. Then again, why it kept the httpd_sys_content_t after the > relabel? I did the same test on Fedora 10 (which of course is way newer than Centos)

[CentOS] SELinux Relabeling

Hello everyone, If create a folder called "whatever" under /var, the context is: root:object_r:var_t /var/whatever/ That's expected as it is under /var. If I then change its type: chcont -t httpd_sys_content_t /var/whatever The context looks like: root:object_r:httpd_sys_content_t /var/wha

Re: [CentOS] SELinux messages after compiling new kernel

Sergio Belkin wrote: > 2009/8/27 Johnny Hughes : >> Sergio Belkin wrote: >>> 2009/8/27 Filipe Brandenburger : Hi, On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: > Jim, thanks for the suggestion, but Firstly: I need a newer kernel in > order to get IO statistics from tool

Re: [CentOS] SELinux messages after compiling new kernel

2009/8/27 Johnny Hughes : > Sergio Belkin wrote: >> 2009/8/27 Filipe Brandenburger : >>> Hi, >>> >>> On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And

Re: [CentOS] SELinux messages after compiling new kernel

2009/8/27 Johnny Hughes : > Sergio Belkin wrote: >> 2009/8/27 Filipe Brandenburger : >>> Hi, >>> >>> On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And

Re: [CentOS] SELinux messages after compiling new kernel

Sergio Belkin wrote: > 2009/8/27 Jim Perrin : > >> On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkin wrote: >> >> >>> How can I fix these errors? >>> >> Easy. Use the kernel provided in the distribution. >> >> > > Jim, thanks for the suggestion, but Firstly: I need a newer kernel

Re: [CentOS] SELinux messages after compiling new kernel

Sergio Belkin wrote: > 2009/8/27 Filipe Brandenburger : >> Hi, >> >> On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: >>> Jim, thanks for the suggestion, but Firstly: I need a newer kernel in >>> order to get IO statistics from tools like atop, pidstat, etc. And >>> secondly and most important:

Re: [CentOS] SELinux messages after compiling new kernel

On Thu, Aug 27, 2009 at 11:15 AM, Sergio Belkin wrote: > 2009/8/27 Filipe Brandenburger : >> Hi, >> >> On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: >>> Jim, thanks for the suggestion, but Firstly: I need a newer kernel in >>> order to get IO statistics from tools like atop, pidstat, etc. And

Re: [CentOS] SELinux messages after compiling new kernel

On 27.8.2009 17:15, Sergio Belkin wrote: > 2009/8/27 Filipe Brandenburger: > >> Hi, >> >> On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: >> >>> Jim, thanks for the suggestion, but Firstly: I need a newer kernel in >>> order to get IO statistics from tools like atop, pidstat, etc. An

Re: [CentOS] SELinux messages after compiling new kernel

2009/8/27 Filipe Brandenburger : > Hi, > > On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: >> Jim, thanks for the suggestion, but Firstly: I need a newer kernel in >> order to get IO statistics from tools like atop, pidstat, etc. And >> secondly and most important: my boss wants that :) > > The

Re: [CentOS] SELinux messages after compiling new kernel

Hi, On Thu, Aug 27, 2009 at 12:46, Sergio Belkin wrote: > Jim, thanks for the suggestion, but Firstly: I need a newer kernel in > order to get IO statistics from tools like atop, pidstat, etc. And > secondly and most important: my boss wants that :) Then CentOS is not what you want. There is a r

Re: [CentOS] SELinux messages after compiling new kernel

On Thu, Aug 27, 2009 at 9:46 AM, Sergio Belkin wrote: > 2009/8/27 Jim Perrin : >> On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkin wrote: >> >>> >>> How can I fix these errors? >> >> Easy. Use the kernel provided in the distribution. >> > > Jim, thanks for the suggestion, but Firstly: I need a newer

Re: [CentOS] SELinux messages after compiling new kernel

2009/8/27 Jim Perrin : > On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkin wrote: > >> >> How can I fix these errors? > > Easy. Use the kernel provided in the distribution. > Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat

Re: [CentOS] SELinux messages after compiling new kernel

On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkin wrote: > > How can I fix these errors? Easy. Use the kernel provided in the distribution. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell ___ CentOS mail

[CentOS] SELinux messages after compiling new kernel

Hi, I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors: SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission o

[CentOS] SELinux errors on my CentOS 5.3 (32 bit) Desktop after upgrade from 5.2

I am running SELinux in Permissive mode. GNOME and KDE are installed. Following the upgrade from CentOS 5.2 to 5.3 (32 bit) I am getting SELinux messages. Possibly of interest to someone here or upstream? (Since I'm using Permissive mode, this is not a problem for me). If these are known issues, pl

Re: [CentOS] SELinux - different context on subdirectories

Marcus Moeller wrote: > Dear Ned. > >> You may also need to manually change the context first: >> >> chcon -v --type=samba_share_t /srv/samba > > chcon did the trick. > > Thanks a lot > Marcus semanage will make the changes persistent through a complete filesystem relabel (chcon will persist t

Re: [CentOS] SELinux - different context on subdirectories

Dear Ned. > > You may also need to manually change the context first: > > chcon -v --type=samba_share_t /srv/samba chcon did the trick. Thanks a lot Marcus ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux - different context on subdirectories

Ned Slider wrote: > Marcus Moeller wrote: >> Hi all, >> >> I have created a directory /srv with the following SELinux context: >> >> system_u:object_r:var_t >> >> Now I want to create a subdirectory within /srv which should get a >> different context. So I tried to set e.g.: >> >> semanage fcontex

Re: [CentOS] SELinux - different context on subdirectories

Marcus Moeller wrote: > Hi all, > > I have created a directory /srv with the following SELinux context: > > system_u:object_r:var_t > > Now I want to create a subdirectory within /srv which should get a > different context. So I tried to set e.g.: > > semanage fcontext -a -t samba_share_t /srv

[CentOS] SELinux - different context on subdirectories

Hi all, I have created a directory /srv with the following SELinux context: system_u:object_r:var_t Now I want to create a subdirectory within /srv which should get a different context. So I tried to set e.g.: semanage fcontext -a -t samba_share_t /srv/samba /sbin/restorecon -v /srv/samba but

Re: [CentOS] SELinux resource hog

Noob Centos Admin wrote: > This again reflects my original experience with SELinux: massive > resource hog and this is just a lowly loaded webserver. Naturally it > seems to me that this doesn't seem like it should be the norm. You do not need setroubleshoot to run selinux, so your comment up ther

Re: [CentOS] SELinux resource hog

On Fri, Mar 6, 2009 at 12:11 PM, Craig White wrote: > did you 'relabel' the entire filesystem? - that's pretty much necessary > if you've been running the system without having SELinux running, at > least in permissive mode. SELinux had been running in permissive. I did not disable during install

Re: [CentOS] SELinux resource hog

On Fri, 2009-03-06 at 12:00 +0800, Noob Centos Admin wrote: > Spinning off from the other thread about SELinux, I just tried to > re-enable SELinux on my personal server hosting just email and forum > for a small local community. > > Average load for this Intel Core 2 Duo box with 2GB of ram (usua

[CentOS] SELinux resource hog

Spinning off from the other thread about SELinux, I just tried to re-enable SELinux on my personal server hosting just email and forum for a small local community. Average load for this Intel Core 2 Duo box with 2GB of ram (usually with some 1GB free) was generally below 0.4 for the last 24hrs, av

Re: [CentOS] SELinux - null security context

On 1/29/09, Rob Kampen wrote: . > Does anyone use SELinux on their work-station i.e. the place where you try > things out, debug things etc?? or is it really only for stable systems where > not many OS changes and new program trials occur? > I know that asterisk doesn't play nice with SELinux, eve

Re: [CentOS] SELinux - null security context

Craig White wrote: On Wed, 2009-01-28 at 23:00 -0500, Rob Kampen wrote: Last resort was the 'touch /.autorelabel' and reboot. This took nearly an hour but once it came up all was well. Thanks for the pointers Filipe. At what point would it be safe to go to enforcing? What logs should I be i

Re: [CentOS] SELinux - null security context

On Wed, 2009-01-28 at 23:00 -0500, Rob Kampen wrote: > Last resort was the 'touch /.autorelabel' and reboot. This took nearly > an hour but once it came up all was well. > Thanks for the pointers Filipe. > At what point would it be safe to go to enforcing? What logs should I > be inspecting for war

Re: [CentOS] SELinux - null security context

Filipe Brandenburger wrote: Hi, 2009/1/28 Rob Kampen : I'm seeing this every hour when the hourly cron job runs NULL security context for user, but SELinux in permissive mode, continuing Try to use "ps -Z" to see if all your processes have appropriate security contexts. It's unlikel

Re: [CentOS] SELinux - null security context

Hi, 2009/1/28 Rob Kampen : > I'm seeing this every hour when the hourly cron job runs > NULL security context for user, but SELinux in permissive mode, continuing Try to use "ps -Z" to see if all your processes have appropriate security contexts. It's unlikely (impossible?) that one of them will

[CentOS] SELinux - null security context

I'm seeing this every hour when the hourly cron job runs NULL security context for user, but SELinux in permissive mode, continuing () I've tried fixfiles but obviously I'm missing something Any SELinux gurus that can point me in the right direction? Thanks Rob begin:vcard fn:Rob Kampen n:

Re: [CentOS] selinux & httpd & portmap

Just to follow up with a summary on this . . . Followed the email HowTo on the Centos wiki by installing postfix, dovecot, postgrey, amavisd and setting up SSL/TLS. Set selinux to permissive, targeted. Sent many, many emails with attachments, spam, etc. to & from the box. Removed previous s

Re: [CentOS] selinux & httpd & portmap

Ralph Angenendt wrote: MHR wrote: Tony, 1) Please edit your replies to remove unnecessary information. 2) If you need to present this large of an amount of data, please include it in an attachment. Maybe that would have broken the list limit ... Not sure of your meaning - by being 53k or

Re: [CentOS] selinux & httpd & portmap

On Mon, Jul 28, 2008 at 11:51 AM, Ralph Angenendt <[EMAIL PROTECTED]> wrote: > MHR wrote: >> Tony, >> >> 1) Please edit your replies to remove unnecessary information. >> >> 2) If you need to present this large of an amount of data, please >> include it in an attachment. > > Maybe that would have b

Re: [CentOS] selinux & httpd & portmap

MHR wrote: > Tony, > > 1) Please edit your replies to remove unnecessary information. > > 2) If you need to present this large of an amount of data, please > include it in an attachment. Maybe that would have broken the list limit ... 53k * several thousand mails ... Cheers, Ralph pgpfGtywm

Re: [CentOS] selinux & httpd & portmap

On Mon, Jul 28, 2008 at 11:26 AM, Toby Bluhm <[EMAIL PROTECTED]> wrote: > > I was waiting for you :) > I knew it! Furses! Coiled again! > BTW - my name is Toby. > Then I wasn't talking to you! Either that, or it was a typo - the n and the b are right next to each other on my keyboard, and I do

Re: [CentOS] selinux & httpd & portmap

MHR wrote: Tony, 1) Please edit your replies to remove unnecessary information. 2) If you need to present this large of an amount of data, please include it in an attachment. Thanks. I was waiting for you :) BTW - my name is Toby. -- Toby Bluhm Alltech Medical Systems America, Inc. 308

Re: [CentOS] selinux & httpd & portmap

Tony, 1) Please edit your replies to remove unnecessary information. 2) If you need to present this large of an amount of data, please include it in an attachment. Thanks. mhr ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/l

Re: [CentOS] selinux & httpd & portmap

Craig White wrote: On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote: I just want to point out that the issue isn't with postfix but rather amavisd and how/where amavisd connects/communicates with the various parts and pieces. I'm afraid that I can't be too much help here because I u

Re: [CentOS] selinux & httpd & portmap

On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote: > >> SO - is it normal to have to update policies on basic services? Am I > >> missing an rpm? > > > > those aren't basic services but are packages that are supplied by > > postfix is centos, the rest are from rpmforge > > > repositories

Re: [CentOS] selinux & httpd & portmap

On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote: > Summary: > > SELinux is preventing clamd (clamd_t) "read" to ./daily.cld (var_t). > > Detailed Description: > > [SELinux is in permissive mode, the operation would have been denied > but was > permitted due to permissive mode.] > > SELinux

Re: [CentOS] selinux & httpd & portmap

On Mon, 2008-07-28 at 09:24 -0400, Toby Bluhm wrote: > Sometimes labeling problems can cause SELinux denials. You could try to > restore > the default system file context for ./kernel, > > restorecon -v './kernel' did you try this? > > If this does not work, there is currently no auto

Re: [CentOS] selinux & httpd & portmap

Craig White wrote: On Fri, 2008-07-25 at 10:36 -0400, Toby Bluhm wrote: Ian Blackwell wrote: Craig White wrote: Suggest that you make sure you are fully updated, then 'touch /.autorelabel' then reboot (reboot at a time you choose because it may take a long time to relabel every file on your sy

Re: [CentOS] selinux & httpd & portmap

On Fri, 2008-07-25 at 10:36 -0400, Toby Bluhm wrote: > Ian Blackwell wrote: > > Craig White wrote: > >> Suggest that you make sure you are fully updated, then > >> 'touch /.autorelabel' then reboot (reboot at a time you choose because > >> it may take a long time to relabel every file on your syste

Re: [CentOS] selinux & httpd & portmap

Ian Blackwell wrote: Craig White wrote: Suggest that you make sure you are fully updated, then 'touch /.autorelabel' then reboot (reboot at a time you choose because it may take a long time to relabel every file on your system - especially if you have a lot of files). Craig What Craig implie

Re: [CentOS] selinux & httpd & portmap

Craig White wrote: Suggest that you make sure you are fully updated, then 'touch /.autorelabel' then reboot (reboot at a time you choose because it may take a long time to relabel every file on your system - especially if you have a lot of files). Craig What Craig implies is that your system

Re: [CentOS] selinux & httpd & portmap

On Thu, 2008-07-24 at 15:23 -0400, Toby Bluhm wrote: > Having problems starting httpd & portmapper > > #service httpd start > /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot > open shared object file: No such file or directory > > and I traced it to selinux, which I had

[CentOS] selinux & httpd & portmap

Having problems starting httpd & portmapper #service httpd start /usr/sbin/httpd: error while loading shared libraries: libm.so.6: cannot open shared object file: No such file or directory and I traced it to selinux, which I had just turned on for the first time: # sestatus SELinux status:

[CentOS] SELinux error message on CentOS 5: "multiple same specifications"

Hi all, I just installed a CentOS 5 machine from Kickstart. I configure NSS and PAM to lookup and authenticate users from LDAP with authconfig. On my LDAP I also have some automount configuration, but I'm not running automount on this server. SELinux is installed and enforcing. Whenever I try to

[CentOS] SELinux, postfix and milters

Hi all, I'm trying to add some milters (particularly spamass-milter and clamav-milter, which I acquired through rpmforge) to my postfix configuration on Centos5 with the targeted SELinux policy.. I'm running into difficulty getting postfix to communicate through the unix domain sockets creat

Re: [CentOS] SELinux policy module sources

Jim Perrin wrote: With CentOS 5, you don't really need the selinux module source anymore. It's usually enough to clear the logs and in permissive mode, run the offending application. Then 'grep yourapp /var/log/audit/audit.log | audit2allow -M localmodname'. Check the module for sanity and make

Re: [CentOS] SELinux policy module sources

On Mon, May 5, 2008 at 12:42 PM, Ingemar Nilsson <[EMAIL PROTECTED]> wrote: > Lots of questions, but the documentation on this subject isn't exactly > stellar. :) With CentOS 5, you don't really need the selinux module source anymore. It's usually enough to clear the logs and in permissive mode

[CentOS] SELinux policy module sources

Hi. I'm trying to figure out where the SELinux policy modules shipped with the system live, and how they work. The modules listed by 'semodule -l' are the same as those available in /etc/selinux/targeted/modules/active/modules, but those are not part of any package, and are presumably added a

[CentOS] SELinux contexts for krb5

I have just migrated my Kerberos setup to a new machine (running inside Xen) and it is complaining at startup about the file contexts not being correct, even after running /sbin/fixfiles. On the previous machine I'm sure I had set SELinux to permissive and that's why it never complained. Here are

[CentOS] SELinux issue

Hey all... not exactly an SELinux veteran, but am trying to work through some issues. Specifically, setting up a simple Samba configuration on a CentOS 5 machine. Determined I needed to do setsebool -P samba_enable_home_dirs 1 In order to get access to home directory shares working correctl

[CentOS] SELinux and rsync permission on /bin

I am getting this error from the SELinux troubleshooter SELinux is preventing rsync (/usr/bin/rsync) "search" to bin (bin_t) I can fix this easily enough but I want to ask why is rsync searching /bin as a repository? Is this a bug in the program or is the default SELinux configuration wrong fo

Re: [CentOS] SELinux and Perl script using sendmail

Miark wrote: I have a webpage feedback form that uses a Perl script to send e-mails with "| /usr/sbin/sendmail -t". It works just fine, but SELinux is complaining about it: SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t) "getattr" to pipe:[41117] (httpd_t) I'm a SELinux newb so

[CentOS] SELinux and Perl script using sendmail

I have a webpage feedback form that uses a Perl script to send e-mails with "| /usr/sbin/sendmail -t". It works just fine, but SELinux is complaining about it: SELinux is preventing /usr/sbin/postdrop (postfix_postdrop_t) "getattr" to pipe:[41117] (httpd_t) I'm a SELinux newb so I don't know wh

Subject: Re:[CentOS] SELinux question - to fix bug in Webmin

On 30 August 2007, Kenneth Porter <[EMAIL PROTECTED]> wrote: > (I'm curious to know what the solution is, though, so please follow up > back here with anything you find!) Below is the latest message from Jamie Cameron: > Ok, it sounds like this will be more complex that I thought if they > need

Re: [CentOS] SELinux question - to fix bug in Webmin

On 30 August 2007, Kenneth Porter <[EMAIL PROTECTED]> wrote: > You might also want to direct your question to the SELinux people on > their > lists: > > > > > (I'm curious to know what the s

Re: [CentOS] SELinux question - to fix bug in Webmin

On 30 August 2007, Kenneth Porter <[EMAIL PROTECTED]> wrote: > Message: 75 > You might also want to direct your question to the SELinux people on > their lists: > > > > > (I'm curious to know

Re: [CentOS] SELinux question - to fix bug in Webmin

On Thursday, August 30, 2007 4:50 PM -0500 Lanny Marcus <[EMAIL PROTECTED]> wrote: SELinux people: Can you explain what he needs? You might also want to direct your question to the SELinux people on their lists:

[CentOS] SELinux question - to fix bug in Webmin

I found a bug in Webmin when using Webmin with SELinux in Permissive Mode. The author of Webmin, asked me, in their bug tracker on SourceForge: > Ok, thanks ... I see the problem. Webmin opens the log file > /var/webmin/miniserv.error and connects STDERR to it, then runs other > commands like ipta

Re: [CentOS] SELinux questions, upon restarting BIND

Ray Leventhal wrote: > Hi all, > > On my newly up-and-running nameserver (CentOS 5), I noticed the > following alerts in /var/log/messages after restarting BIND. (lines > inserted to aid in reading). > As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an > issue which simply *mu

[CentOS] SELinux questions, upon restarting BIND

Hi all, On my newly up-and-running nameserver (CentOS 5), I noticed the following alerts in /var/log/messages after restarting BIND. (lines inserted to aid in reading). As I'm new to SELinux, I'm hoping for some pointers on 1) if this is an issue which simply *must* be addressed, or if it's somet

RE: [CentOS] Selinux custom policy issue - Centos 5

> On Tue, 2007-06-12 at 12:24 +1200, Miskell, Craig wrote: > > Where file_upload_store_t is one of my custom types. My > local.fc looks > > like this: > > /data/spool/blastreq(/.*)?system_u:object_r:blast_req_t > > /data/spool/blastres(/.*)?system_u:object_r:blast_res_t >

<    3   4   5   6   7   8