Questions tagged [selinux]
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
132
questions
1
vote
0
answers
314
views
Fedora Tor Failed to bind one of the listener ports
Tor Log:
Jun 03 15:12:53.463 [notice] Tor 0.4.7.7 running on Linux with Libevent 2.1.12-stable, OpenSSL 1.1.1n, Zlib 1.2.11, Liblzma 5.2.5, Libzstd 1.5.2 and Glibc 2.34 as libc.
Jun 03 15:12:53.463 [...
- 1
1
vote
0
answers
197
views
SELinux - add access rights for a new type
I am new to SELinux and I need to create a new type for a file and then specify access rights for a standard Linux user with its security context: user_u : user_r : user_t. I created new module (.te ...
- 11
0
votes
0
answers
355
views
Why does a shared samba directory show different file permissions?
The file permission in my samba server (local filesystem) are as follows:
-rw-r-----+ 1 sambaserver sambaserver 49 Jan 9 01:14 staticfile.md
However, when accessed remotely through a client, the ...
- 11
0
votes
0
answers
35
views
Frequent SE Linux alert after upgrading systemd from rpm rebuild
This is the scenario.
I am using CentOS 8 and I have updated the systemd to a higher version (rebuild rpm from fedora 33).
Now I get frequent SE Linux alert. I am pretty sure its not a systemd bug, ...
- 383
1
vote
1
answer
168
views
Can SELinux brick your server?
I have enabled SELinux on CentOS Stream (it was in disabled state before, do not know the exact history). I simply changed the following line in /etc/selinux/config (it was disabled before):
SELINUX=...
- 133
1
vote
0
answers
219
views
Use SELinux(?) to disable root access to iptables for procrastination
This might not be a problem for you but I suffer from poor impulse control and as a result constant procrastination while in front of a computer. I can't procrastinate much on my phone because I ...
- 11
0
votes
1
answer
233
views
Selinux: changing root mapping
I want to control some accesses of root in Linux- fedora, for example, I want to run a process and I want root not to be able to kill it.
I use SELinux and I changed root mapping from unconfined to ...
- 1
1
vote
1
answer
769
views
How to add a capability to SELinux custom role?
I created a role foo_r, and I would like that a user with this role, can open a reserved port (< 1024) with the CAP_NET_BIND_SERVICE capability.
For this I added a security context:
policy_module(...
- 11
0
votes
1
answer
1k
views
How to get "su" to work in init scripts in Red Hat 8 with SELinux?
In an init script I'm trying to run a command:
su - user -c "/home/user/bin/command”
but SELinux prevents this:
systemd[1]: Starting LSB: Start the my_script at boot...
su[5941]: pam_unix(su-l:...
- 101
0
votes
0
answers
350
views
How can I get my gnome lockscreen as default instead of the grey system one?
Suddenly my lockscreen changed from the gnome (blue one) lockscreen that detects the username and asks for password to the login screen that asks for both username and password. I am trying to get it ...
1
vote
0
answers
831
views
Unable to login after switching to "multi-user" target in Yocto Linux
I have a device running yocto(warrior) and selinux is enabled by default. I am unable to login to device if I switch to multi-user target. If I change selinux in permissive mode, I am able to login ...
- 131
0
votes
1
answer
484
views
CentOS 8 auditd AVC denials message flood caused by denied setuid
Today my CentOS 8 suddenly frozen and not responding to user inputs.
When I tried to login from console, I saw messages like these:
audit: backlog limit exceeded
audit: backlog limit exceeded
audit: ...
- 1
0
votes
1
answer
552
views
How can an SELinux filesystem be relabeled in an unpacked squashfs filesystem?
I am trying to configure selinux for a live boot Debian system.
SELinux is inoperable due to copious changes during build and system configuration and requires the entire filesystem to be relabeled. ...
- 79
0
votes
0
answers
72
views
Is it possible to limit the permissions of a user based on his or her actions?
I'm currently working on a research project, that includes the question, if it is possible to implement a Chinese-Wall based information flow control model based on SELinux. One of the core principles ...
0
votes
2
answers
150
views
Restricting Access to Files when Standard Linux Permissions Won't Suffice
I administer several RHEL 6.9 systems. On each system, a particular directory, call it /app_dir, is the top level of where our project's scripts, executables, configuration files, and logs are stored. ...
- 1,049