Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
3
votes
1 answer

setsebool and run scripts in home directory

I configured SELinux: semanage login -a -s user_u mary setsebool user_exec_content off The general configuration is SELINUX=enforcing SELINUXTYPE=targeted When I login to the mary account I can still run the scripts in her account but setsebool (…
Monorels
  • 31
  • 1
3
votes
1 answer

Diagnosing rsync error output

I have inherited a Centos 6.5 system which is outputting multiple lines of errors when running an rsync. The rsync is syncing to a locally attached drive mounted as /storage. The command is: rsync -aAXv /* /storage/backup/…
hashwagon
  • 67
  • 1
  • 8
3
votes
1 answer

use Sudo in apache

I am using CentOS 6 and trying to call sudo in Apache using this command: exec("sudo -u kouser whoami 2>&1",$output,$code); However SElinux add a line to output array(2) { [0]=> string(53) "sudo: unable to send audit message: Permission…
Steve
  • 255
  • 2
  • 11
3
votes
3 answers

SELinux create custom role

I have a folder shared out via Samba, and a Docker container which I would like to give access to said folder by adding it as a volume to the Docker container (yes, I know that's not portable). SELinux blocks the container from accessing the folder…
dghodgson
  • 173
  • 1
  • 8
3
votes
1 answer

Why isn't my SELinux logging anything?

I have a sneaking suspicion it has something to do with me mucking about with my rsyslog.conf, but I'm not 100% sure about that. I am running Centos 7, and SELinux has been working A-OK. However, I tried to follow these instructions and SELinux did…
Wayne Werner
  • 739
  • 4
  • 15
  • 27
3
votes
0 answers

Finding local ID for SELinux denial under Fedora 23

Trying to get more fluent with SELinux, it looks like sealert -l would be a particularly useful way to get help with logged denials. From what I understand, the local IDs used to be logged to /var/log/messages. But in Fedora 23, that's…
Steve Waldman
  • 181
  • 1
  • 4
3
votes
1 answer

SELinux allow access for perl script via log rotate

I have a perl script that I want to run as a perorate script for log rotate. When I force log rotate to run from the command line as root, it works. However, when run through cron, SELinux prevents operation. I don't remember what the first error…
ibrewster
  • 387
  • 1
  • 4
  • 16
3
votes
1 answer

ValueError: Type http_sys_content_t is invalid, must be a file or device type

I need to set selinux permissions on a non-default httpd directory: /www/virtualhosts/site01, ect. So I issue: [mybox]# semanage fcontext -a -t http_sys_content_t "/www(/.*)?" And get: ValueError: Type http_sys_content_t is invalid, must be a…
a coder
  • 789
  • 4
  • 20
  • 38
3
votes
1 answer

iptables outgoing default policy is accept, but some ports appear blocked

I'm new to servers and iptables. I have a web app (happens to be bugzilla) running on my Centos 6.7 apache/httpd server, and it attempts to connect out to the web (updates.bugzilla.org) via port 80. It also attempts to connect out (to…
tniles
  • 133
  • 5
3
votes
1 answer

how do i inspect the contents of an selinux module?

I would like to view the [textual] contents of an selinux module, say for instance, /etc/selinux/targeted/modules/active/modules/udev.pp. I tried sedismod, but I get the following error on Fedora 21: % sudo sedismod…
Juan
  • 161
  • 6
3
votes
1 answer

What I have to modify to have SELinux allow nginx to act as an IMAP/POP3 proxy?

By default nginx under CentOS 7 will fail to start if used as an IMAP/POP proxy. This is because of SELinux. How can SELinux's configuration be altered, without disabling its protections, to allow nginx to act as desired? audit.log type=AVC…
84104
  • 12,905
  • 6
  • 45
  • 76
3
votes
1 answer

Log/Audit everything allowed by SELinux

I'm profiling some proprietary software to construct a set of permission requirements and SELinux policies to allow it to install and run on Oracle Linux (or any RHEL derivative). I'm running SELinux in permissive mode, I have run semodule -DB to…
kingpotnoodle
  • 31
  • 3
3
votes
1 answer

SELINUX blocking php-fpm and nginx working together?

I'm having some issues with SELINUX. When trying to visit my website I get 403 forbidden from nginx and the server pops up with an error and says to use grep NGINX /var/log/audit/audit.log | audit2allow -M mypol which i did however, when trying to…
Crafty Mc
  • 101
  • 7
3
votes
2 answers

nginx suddenly redirecting everything to 403 page, can this be debugged or traced?

I'm not sure what happened to my nginx install. Suddenly all page requests are being redirected to the 403 page. Yesterday I tried to add a user agent to block, restarted service from that point everything was being sent to 403. I backed out that…
ProfessionalAmateur
  • 937
  • 6
  • 17
  • 27
3
votes
2 answers

CentOS Selinux config enforcing but unable to start

I recently discovered selinux is disabled, but config file saying selinux enforcing mode setted. I read about possibilities about why selinux is disabled. I am suspecting on kernel. But I can't find what should I do to solve this problem. I'm afraid…
Sencer H.
  • 562
  • 1
  • 8
  • 17
1 2 3
45 46