Questions tagged [selinux]
Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies.
132
questions
0
votes
1
answer
457
views
How do I run a War File in confined SELinux domain on CentOS7?
I am currently working on the deployment of my Java Web Application. This application is available to me as a WAR file. My goal is that the application starts with a limited SELinux startup. This ...
-1
votes
1
answer
295
views
What is the different between file with Selinux Context and without Selinux Context?
Good day,
Today I compare file permission of 2 environment. Found that 1 of it having the dot at the end of the permission, but another environment no have.
Environment 1 (with Selinux Context):
-...
1
vote
1
answer
2k
views
Mounting docker into container shows executable but errors with: /usr/bin/docker: No such file or directory
Enviornment details
$ docker --version
Docker version 19.03.4, build 9013bf583a
$ hostnamectl
Static hostname: ohpc.novalocal
Icon name: computer-vm
Chassis: vm
...
0
votes
3
answers
4k
views
Cannot execute systemd service running as a non privileged user on CentOS 8
There is (maybe) a change between CentOS 7 and 8 in regard of systemd and selinux I yet do not know how to deal with this.
For some reason (cross distribution compat) we are using postgresql 9.6 from ...
1
vote
1
answer
483
views
syslog-ng starts and runs fine manually... starts but doesnt create logs when using systemd
Redhat 7.6 with latest syslog-ng (3.22)
ive searched and tried all the old remedies. Nothing has worked to resolve this.
My syslog-ng.conf file has a bunch of ports and a bunch of destinations. When ...
0
votes
2
answers
214
views
SELinux blocking procmail from executing dspam but no AVC message
I have a CentOS 7 system in which I use postfix as the MTA. Certain users use procmail via .forward in their home directories:
# cat .forward
"|exec /usr/bin/procmail -f- || exit 75"
In this case, I ...
0
votes
1
answer
2k
views
Fedora 30 boot freeze - Failed to load SELinux policy
Updated Fedora 30 (workstation) via CLI
sudo dnf upgrade -y
everything ok, updates downloaded and installed.
SELinux configuration file is set as follows:
SELINUX = disabled
Then reboot. System ...
1
vote
1
answer
785
views
Generate selinux policy from audit2allow
I need to upload to aws from logrotate. When the logrotate is triggered the SELinux blocking it.
The error line is
type=AVC msg=audit(1562162502.670:101127): avc: denied {
name_connect } for ...
0
votes
1
answer
767
views
How to grant 'search' permission in SELinux
I am trying to get dspam working under SELinux (CentOS 7). I added the following without issue:
allow dspam_t dspam_rw_content_t:dir getattr;
allow dspam_t dspam_rw_content_t:file { append getattr ...
1
vote
0
answers
332
views
You don't have permission to access /{local} on this server even though allowed from all
I'm trying to set up a local repository on my cluster
but when I try to access to the defined directory with
curl "http://$(hostname -f):80/local_HDP/"
, the error messages shown
<html><...
0
votes
1
answer
3k
views
Set permission and ownership correctly, still getting "storage/logs/laravel.log" Permission denied
There are lots of Q&As for this problem:
"storage/logs/laravel.log" could not be opened: failed to open stream: Permission denied
The solution, correctly, is to set the right permissions for ...
0
votes
0
answers
47
views
sh(conf) script can not run php file
I am trying to run a php script within my fail2ban action file.
When I disable selinux everything works fine, but when I enabled it again I get a constant error in my fail2ban log.
php.conf (action)
...
0
votes
1
answer
270
views
Why has my existing Nginx failed to run after rebooting the system which says 13: Permission denied, although chmod 777?
My Nginx configured with docker.
but when I reboot my system my existing nginx failed to run, I face the error message: [emerg] 1#1: open() "/etc/nginx/nginx.conf" failed (13: Permission denied)
0
votes
1
answer
421
views
Change SE Linux context label of a specific folder inside a cifs mount
I have cifs mount on my setup mounted via /etc/fstab with context set to system_u:object_r:cifs_t:s0.
There are some specific folders that I want to override default context to set public_content_t ...
4
votes
2
answers
10k
views
How to run an X11 application (xclock) on podman?
podman says Error: Can't open display: localhost:10.0 when I try to run xclock in a container with the command
podman run -ti -e DISPLAY --rm -v
~/.Xauthority:/root/.Xauthority:Z localhost/...