Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

668 questions
0
votes
2 answers

CentOS8 Stream - what is security context in files permissions and how it can affect access?

I did install some of my aspnet core apps on Linux before using CentOS8. This time I used CentOS8-Stream. I dont know if that contributes to the issue. The facts: I could not make apache use certificates. Everything was as I did before and yet it…
Boppity Bop
  • 722
  • 3
  • 11
  • 29
0
votes
0 answers

failing to switch selinux to permissive mode with ansible TASK

I fail with an Ansible playbook installing postgresql on a centos7 target due to some permission problem which seems to be rooted in selinunx in some way. As I have no experience with selinx whatsoever and am in process to learn ansible atm I want…
vrms
  • 227
  • 4
  • 16
0
votes
1 answer

SELINUX : How to make child folder rule precedence higher than parent rule

SELINUX : How to make child folder rule precedence higher than parent rule eg : /home/kevinw/www/kp/storage(/.*)? all files system_u:object_r:httpd_sys_rw_content_t:s0 lost to /home/kevinw/www(/.*)? all…
Benyamin Limanto
  • 113
  • 6
0
votes
1 answer

SELinux prevent connection clamd_port_t:tcp_socket

We have API Server (tomcat) which has clamAV configuration to scan any uploaded file to the system. clamAV configuration will require the API server to connect to clamAV server. SELinux is enabled on both servers and whenever we try to upload files…
MAAN SHARBAJI
  • 33
  • 4
0
votes
0 answers

Tenable su+sudo and selinux

My Not-A-Sysadmin-Boss wants me to explain this but I can't really find an answer? When using TENABLE SC to scan a RHEL7 system the account used to do the scan connects via ssh then uses sudo to perform its checks. But when selinux is enforcing…
user1548815
  • 65
  • 4
0
votes
1 answer

SELinux Issue - git status fatal: Out of memory? mmap failed: Permission denied

I have Centos 7.9 server running with Apache and Git, however if I do a [root@a]# git status fatal: Out of memory? mmap failed: Permission denied But if Disable or Permissive the SE-Linux via below commands it start working fine. setenforce…
mahen3d
  • 3,905
  • 12
  • 34
  • 55
0
votes
1 answer

CGroup not mounted on Fedora 34

I have freshly provisioned Linode instance with Fedora 34. The only thing I have installed on it is libcgroup. cgconfig service is starting properly and there are no errors but the subsystem is not working. I am getting the following error when I…
Albert Lilly
  • 11
  • 2
0
votes
1 answer

Allow Wordpress upgrades with SELinux in EL8 with nginx/php-fpm

I'm trying to allow the use of Wordpress upgrades (not plugin updates) directly on the web interface. I already have SELinux working for everything except this feature. When trying to nail down what should be allowed I'm unable to exactly find what…
Vinícius Ferrão
  • 5,400
  • 10
  • 52
  • 91
0
votes
1 answer

Unable to update to Wordpress 5.7.2: Could not copy file

I'm trying to update to the latest (5.7.2) version of Wordpress from a fresh installation on CentOS 7, however I keep getting the error message Could not copy file.: wp-admin/images/about-color-palette-vert.svg This file is a new file added in…
Mourndark
  • 157
  • 3
  • 13
0
votes
1 answer

Unable to create selinux policy to allow drbdadm to run

In snmpd.conf I have exec drbd_cstate /sbin/drbdadm cstate all exec drbd_role /sbin/drbdadm role all exec drbd_state /sbin/drbdadm dstate all With selinux set to permissive if I were to run the SNMP walk command (/usr/bin/snmpwalk -v 2c -c PUBLIC…
Dovid Bender
  • 397
  • 1
  • 6
  • 16
0
votes
1 answer

Unable to open PHP script files, even though I own them and have permissions

I'm using RHEL 8, and I have run into a crazy problem. My user account is unable to open PHP files. If I have a file, owned by my user, and readable by my user, and I add
Nick2253
  • 111
  • 1
  • 6
0
votes
1 answer

How do I install `setroubleshoot-server` (sealert)

I am looking to use sealert on my Debian env. I am unable to find the package to install to have it and the source code.
jnbdz
  • 897
  • 5
  • 22
  • 43
0
votes
1 answer

SELinux : Where I find selinux policy for google-chrome on Fedora Linux?

How do I find all the SELinux policies used for Google Chrome on Fedora Linux?
Cătălin George Feștilă
  • 103
  • 4
0
votes
1 answer

selinux audit rule not logging anything

I am trying to audit a directory tree for read, write, and permissions change. I created the rule using auditctl -w -k media-watch, but ausearch -k media-watch only shows the creation (or deletion for debugging) of the rule, and not file…
RedTedRedemption
  • 63
  • 2
0
votes
0 answers

Why might SELinux issue a Permission Denied error when accessing an upstream Node.js server's default routes, but not static files like image files?

Environment: Nginx reverse proxy serving static resources and using proxy_pass to serve resources from 2 separate Node.js upstream server instances. Simplified example nginx.conf: server { server_name example.com; location ~* \.(jpg)$ {} …
stackedAndOverflowed
  • 109
  • 4
  • 10
1 2 3
44 45