All Questions
60
questions
0
votes
0
answers
57
views
How do I create an SElinux policy to allow php-fpm to execute optipng?
I am running Wordpress in Rocky Linux 9 and need optipng for some image transformation tasks, but it is being blocked:
SELinux is preventing /usr/sbin/php-fpm from execute access on the file optipng.
...
- 53
0
votes
1
answer
69
views
geoclue redhat selinux annoyance
on a clean install of RHEL-8.9 from iso, with selinux in its default state of enforcing, geoclue shows up via sealert -a /var/log/audit/audit.log
SELinux is preventing /usr/libexec/geoclue from search ...
- 7,264
0
votes
2
answers
73
views
how to modify the selinux labels of a file
In RHEL 8.9,
in /etc/systemd/system/ I created a custom.service file, using vi as root. In doing so it has these labels by default as shown by ls -ldZ
-rw-r--r--. 1 root root unconfined_u:object_r:...
- 7,264
0
votes
1
answer
80
views
User not changing SElinux context (SELinux User)
I've added multiple users to SELinux user contexts:
# semanage login -l
Login Name SELinux User MLS/MCS Range Service
__default__ unconfined_u s0-s0:c0....
- 99
1
vote
0
answers
176
views
selinux user_u staff_u .bash_profile permission denied on ssh login
A security rule states
RHEL must prevent non-privileged users from executing privileged functions, including disabling, circumventing, or altering implemented security safeguards/countermeasures.
All ...
- 7,264
1
vote
1
answer
4k
views
selinux context for ExecStart of custom systemd service
I have a Type=simple /etc/systemd/system/custom.service.
It has ExecStart=/root/scripts/custom.sh.
I use this to make various administration things happen automatically after boot.
It has worked well ...
- 7,264
0
votes
0
answers
311
views
RHEL 9.1 - SELinux is preventing /usr/local/bin/php from read access on the file /web/inc/init_db.inc.php
i want to solve this problem what SELinux says.
SELinux is preventing /usr/local/bin/php from read access on the file /web/inc/init_db.inc.php.
output from console is:
[root@rhel ~]# ausearch -c 'php'...
- 1
0
votes
0
answers
579
views
Running nodejs as systemd service -
I've tried running a nodejs server on RHEL by running a .js file with node and ran into the issue of being unable to bind to port 80, changing to a higher port fixed this, but I was unable to access ...
- 1
0
votes
0
answers
156
views
restarting service remotely via snmp blocked by selinux/pam on Redhat8
I am having some trouble remotely starting/stopping/restarting a service through snmp.
It seems to work fine with SElinux set in permissive but with it in enforcing mode it will fail with this type of ...
- 1
1
vote
1
answer
761
views
SELinux is blocking VPN connections for non root users
I want (open)vpn connections to be available to all users, but if I'm not root are blocked by SELinux.
I looked In var/log/audit/audit.log first in no permisive mode:
type=AVC msg=audit(1659770552.275:...
- 203
0
votes
1
answer
191
views
For fedora, how do I get the original text based source file of selinux policy file, as well as plaintext versions of other files, like .te files?
I've been trying to find the original source files for the Fedora selinux policies.
The policy file is distributed as a binary file in the /etc/selinux/targeted/policy. Is there a way to get the ...
- 731
0
votes
1
answer
510
views
/var/log/httpd permissions reset from 705 to 700 after reboot
After a reboot /var/log/httpd permissions reset from 705 to 700.
Could this be a SELinux issue?
OS is RHEL 8.
- 1
3
votes
1
answer
863
views
What does system_u means when assigned to a file?
What my question is :
if there is a file assigned with system_u as SELinux that means only the user mapped to system_u/unconfined_u gets to access the file?
if this label is assigned to an executable ...
- 33
1
vote
1
answer
899
views
Selinux: type=anom_abend for php-fpm, Error 502 while accessing the application
Hi I am using nginx server which is hosting a web application in RHEL OS with selinux in enforcing mode.
On accessing the application I am getting the 502 bad gateway error and on checking the audit ...
0
votes
1
answer
625
views
Automating SELinux user mappings for SSSD AD users without an IdM solution
I have several RHEL7 and CentOS7 based systems that are tied into a Windows Server 2019 Active Directory using realms/SSSD.
Currently, AD users adopt the unconfined_u SELinux user mapping by default. ...
- 1