Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

668 questions

votes

1 answer

Centos8: Selinux blocking Samba service from starting

My Samba4 service is being blocked from starting using systemctl. The audit log shows: type=AVC msg=audit(1606428851.446:87): avc: denied { execute } for pid=1748 comm="(samba)" name="samba" dev="dm-0" ino=1462831…

selinux samba4 centos8

asked Nov 29 '20 at 21:21

Paul Paku

votes

2 answers

Quirky Linux Permissions Errors

I am getting some quirky permissions errors with apache, I can access documents under by apache home directory but not under any other directory. When I view my Apache error_log it shows [error] (13)Permission denied: access to / denied I have…

linux apache-2.2 permissions selinux

asked Jan 19 '10 at 16:26

James Hackett

votes

2 answers

SELinux blocking Samba access to mounted volume despite samba_share_t

I repurposed an old AMD A10 APU-based machine that was collecting dust in my basement to act as a NAS, and eventually some other light-duty tech work. It's running CentOS 8.1, the boot disk is a 340GB hard drive I had laying around, and I have a…

samba selinux centos8

asked Nov 02 '20 at 17:28

p0lar_bear

votes

1 answer

Changing SELinux file contexts over NFS

I would like to change SELinux labels on a NFS-mounted shared directory. Here is my setup (using virtual machines): I have two machines running CentOS 7. One of them (the server) exports a directory tree over NFS using the following exports…

centos nfs selinux

asked Oct 19 '20 at 13:04

Holger

votes

1 answer

SELinux Permissions Error on Fedora 32

I am getting this error repeatedly while trying to run Nextcloud on Fedora 32 type=AVC msg=audit(1601229230.944:718): avc: denied { connectto } for pid=584 comm="php-fpm" path="/var/lib/mysql/mysql.sock" scontext=system_u:system_r:httpd_t:s0…

mysql php-fpm fedora mariadb selinux

asked Sep 27 '20 at 18:03

navjotjsingh

votes

1 answer

How to list the capabilities associated with a process in *nix systems?

From - man capabilities UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is nonzero). and Starting…

linux process selinux linux-kernel containers

asked Sep 17 '20 at 19:05

samshers

votes

0 answers

Centos OS7 not receiving user context from FreeIPA

Hopefully there is something simple I am missing here. I have FreeIPA 4.6.6 (can not update at this time), Centos 7 and Centos 6 systems. SELinux is in permissive mode. Logins on the Centos 6 system are as expected, using the context…

centos centos7 authentication selinux freeipa

asked Sep 01 '20 at 16:41

Wydnesdae

votes

1 answer

How do I find location of file that 'sealert' is referencing in it's output and suggestions?

I've been able to figure this out a little easier in the past just due to the context but this one has me stumped. When I run sealert -a /var/log/audit/audit.log and get the typical output such…

centos security selinux

asked Jul 28 '20 at 18:34

oucil

votes

1 answer

How to enable selinux for a custom port

We have a service mapped to the web application. So, we need to allow 80 port and 16700 for its backend service. During login, it will connect to this service for authentication and other parts of data. in firewall, we allow these two…

redhat selinux

asked Jun 23 '20 at 12:31

Uday Kiran Reddy

votes

1 answer

Httpd and selinux - change root dir

I have problem with my centos 7 server and httpd. I have already install http, but i need change home dir from /var/www/html to /home/pawel/domains. I added vhost: ServerName local.nauka ServerAlias www.local.nauka …

centos selinux

asked Jun 21 '20 at 20:49

PawelC

votes

0 answers

PiHole container on Podman fails to start with SELinux enabled on Fedora 31

I'm trying to get PiHole up and running using Podman on Fedora 31 Server. When I set SELinux to Permissive mode, and I use the following command, everything works perfectly. sudo podman run -d --name pihole \ -p 53:53/tcp -p 53:53/udp -p 80:80 -p…

fedora selinux podman

asked May 27 '20 at 00:28

distortedsignal

votes

1 answer

SELINUX sysadm_u and SSH - Unable to get valid context for username

Once I set user usernameto sysadm_u they are no longer able to login via SSH and receive the error: Unable to get valid context for username Commands semanage login -m -s sysadm_u username semanage login -a -s sysadm_u username restorecon -RF…

linux selinux rhel7

asked May 21 '20 at 13:36

Michael Hobbs

votes

1 answer

How to fix SElinux contexts and labels after restoring from backup

I have a server running Centos7/XFS with SElinux that had a problem (unrelated to SElinux) and had to be restored from a snapshot that was several weeks old. This server also makes a nightly rsync backup to a dedicated offsite backup Docker…

docker selinux system-restore

asked May 16 '20 at 02:28

Peleion

votes

1 answer

Rsyslog / CentOS 8 / no write logs|no catch?

I use rsyslog (8.37.0-13) on CentOS 8 (CentOS Linux release 8.1.1911) and I've type error with my configuration. My rsyslog.conf is…

selinux rsyslog firewalld centos8

asked May 11 '20 at 07:02

celine

votes

2 answers

Determine if Linux account locked when SELinux protects shadow

I am trying to run a script which gets the username of every locked account on a Linux system. The server is a Gentoo Hardened Server with SELinux. I tried by writing some Python which looks in /shadow/passwd for the obligatory '!' instead of a…

ssh pam selinux

asked May 08 '20 at 19:03

John Tate

Prev 1 2 3

…

44 45 Next