Bug#963497: selinux-policy-default: Let's Encrypt certbot tools crashed into Segmentation fault with SELinux Enforcing mode

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: grave Justification: renders package unusable Control: -1 = certbot Dear Maintainer, I have tried to run Apache server with Let's Encrypt security certificates. I enabled SELinux in Enforcing mode. I've installed certbot with

Bug#963495: selinux-policy-default: reportbug Segmentation faulted when Selinux is in Enforcing mode

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: grave Justification: renders package unusable Dear Maintainer, I am trying to use reportbug on a selinux-enabled system in enforcing mode. It fails due to this AVC denial in the audit.log: *** type=AVC

Bug#962842: selinux-policy-default: SElinux prevents apache2 access to the mysql (mariadb) socket

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: important Dear Maintainer, I 've configured my server as LAMP server for wordpress hosting. I installed ex versions of packages: *** root@vps:~# dpkg -l | grep "apache\|mysql\|mariadb\|php\|wordpress" ii apache2

Bug#879037: refpolicy: SELinux prevents systemctl from listing units durring tab completion.

Package: selinux-policy-default Version: 2:2.20161023.1-9 Followup-For: Bug #879037 Hi, I have the same issue, but I could provide audit.log. When I am trying to Tab-Tab after (for example) 'systemctl status a' I've got next messages in audit.log *** type=USER_AVC msg=audit(1592171060.677:242):

Bug#962238: selinux-policy-default: selinux prevents automounting sshfs

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: important Dear Maintainer, Problem describtion: I set up automounting with sshfs. My selinux is in Enforcing mode. When triggering the automount, it fails and a SELinux Security alert shows up: ***audit.log*** type=AVC

Bug#888967: selinux-policy-default: Default policy breaks semanage tool

Package: selinux-policy-default Version: 2:2.20161023.1-9 Followup-For: Bug #888967 I would like to add more information. After apply workaround: $ echo '(allow semanage_t semanage_tmp_t (file (getattr open read execute ioctl)))' > semanage_mmap_tmp.cil $ sudo semodule -i semanage_mmap_tmp.cil

Bug#962223: selinux-policy-default: SELinux is preventing chronyd from access on the chronyc's unix_dgram_socket

Package: selinux-policy-default Version: 2:2.20161023.1-9 Followup-For: Bug #962223 I've found release, where policy has fixed: 2.20180701 here it is the commit https://github.com/SELinuxProject/refpolicy/commit/3ab07a0e1ee01ee62a6102acdd3957e6894bf795 -- System Information: Debian Release:

Bug#962223: selinux-policy-default: SELinux is preventing chronyd from access on the chronyc's unix_dgram_socket

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: important Description of problem: SELinux is preventing chronyd from sendto access on the chronyc's unix_dgram_socket. Chronyc cli is working slower in the Enforcing Selinux mode. When you start chronyc cli it creates the socket

Bug#871704: Labels of files in `/etc/init.d/` prevent systemd tools from working

Package: selinux-policy-default Version: 2:2.20161023.1-9 Followup-For: Bug #871704 Some additional information. I've made some investigation. I could say, not all of service which has their name in it - failed to get status. *** root@vps:/tmp# for i in `ls /etc/init.d/ ` ; do ls -Z

Bug#962007: selinux-policy-default: No SELinux rule for OpenVPN management socket file

Package: selinux-policy-default Version: 2:2.20161023.1-9 Severity: normal Dear Maintainer, OpenVPN allows one to use socket files for the management interface instead of TCP ports. This is important in servers where non-admin users are also allowed to SSH in, because limits their access to