Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
3
votes
2 answers

How do I allow apache to rotate logs in user home directory with SELinux enabled?

Our development machine has multiple users, and their various sites are stored in /home/username/apache. In these folders are sub-folders like conf containing the virtual host config, logs containing logs, public containing the actual web files,…
Leonard Challis
  • 53
  • 4
  • 13
  • 27
3
votes
2 answers

Lost password on EC2 SELinux instance

As the title says, I have an SELinux instance on EC2 that I haven't used for a while. I have been unable to access it via ssh since firing it back up. I have accessed it from this machine in the past, and the security group stuff on AWS is setup…
Paul
  • 998
  • 1
  • 11
  • 19
3
votes
2 answers

sudo: PAM audit_log_acct_message() failed: Permission denied

.. any time I'm run sudo through NRPE, I'm get a following message in my /var/log/secure, and I can't figure out how to resolve it. sudo: PAM audit_log_acct_message() failed: Permission denied please advise. * UPDATE * [root@XXXXX ~]# ausearch -m…
alexus
  • 13,112
  • 32
  • 117
  • 174
3
votes
1 answer

Selinux interfering with vboxwebsrv or phpvirtualbox

I have a brand new installation of Fedora 18, with a brand new installation of Virtualbox 4.2. I have spent a painful few hours trying to get phpVirtualBox working. Apache 2.4 and PHP 5.4 are installed, along with the phpVirtualBox software.…
user179062
3
votes
2 answers

SELinux preventing passwordless SSH login

I would like to connect a user account I have created for git in /var/git using authorized_keys. However, SELinux prevents this with the following AVC message SELinux is preventing sshd(sshd_t) "read" var_t I'm new to SELinux administration, but I…
Michael Mior
  • 388
  • 1
  • 5
  • 17
3
votes
3 answers

Zabbix Trigger for SELinux (type=AVC) Errors

I would like to create a trigger in Zabbix to alert me anytime a type=AVC error appears in a CentOS 6 server's /var/log/audit/audit.log file. I've already tried creating a basic log scrape. …
Soviero
  • 4,366
  • 8
  • 36
  • 60
3
votes
1 answer

selinux in enforcing mode

I do test driven development where all my APIs are tested with a batch of tests. Initially, I ran the tests in ‘permissive’ mode in selinux. So, I decided to enable selinux to ‘enforcing’ mode. Obviously, I started getting AVC denials in the…
usa ims
  • 361
  • 1
  • 7
  • 14
3
votes
1 answer

Is there a way to share via SMB a filesystem mounted via NFS without disabling SElinux?

I have two CentOS hosts. The first is NAS and the second one is a diskless SMB server. The NAS server share folder via NFS and secure Ethernet connection with SMB server. SMB server shares content to Intranet, WiFi, etc. When I run this command,…
Antonio
  • 720
  • 4
  • 13
  • 29
3
votes
2 answers

SELinux: how to enable write access to Joomla cache directory?

I have set up SELinux on a Debian squeeze system, which runs a Joomla website. The Joomla PHP code wants to have write access to certain cache directories. The /var/log/messages file contains entries like these: Dec 31 10:26:16 s0022 kernel: […
nn4l
  • 1,336
  • 5
  • 23
  • 40
3
votes
1 answer

httpd, vsftpd and the annoying selinux

I have a CentOS 6.3 installed with httpd running and vsftpd but I am unable to balance permission between the user able to upload over ftp and their website working. What I do: I create a user with their home directory as `/home/username` I create…
Christian
  • 796
  • 3
  • 13
  • 31
3
votes
3 answers

Why isn't my cronjob running?

I have a cronjob in /etc/cron.d/mycron that looks like this: 0 3 * * * apache php /path/to/my/script.php In the same file there are other cronjobs begin run as root and other users (which work), but for some reason this job running as…
Tom
  • 731
  • 3
  • 11
  • 24
3
votes
3 answers

SELinux is preventing Perl CGI script from accessing Oracle libraries

I'm trying to configure SELinux on a Red Hat Enterprise Linux 6.2 web server that runs Apache 2.2.15 and Perl 5.10.1, and connects to remote Oracle databases. The Oracle 11.2g client is installed. The PHP scripts that access Oracle are working, but…
slec
  • 143
  • 1
  • 6
3
votes
1 answer

SELinux: Limit httpd outbound connections by address and port?

We have a multi-host environment with httpd on one host, and an application server on a second. We'd like to use SELinux on the httpd host, and the default targeted policy causes few problems. But it does prevent httpd from making the outbound…
Eric Rath
  • 483
  • 1
  • 5
  • 11
3
votes
2 answers

Setting up Apache virtualhosts pointing at files in user directory. Worked fine on Ubuntu, now I'm on Fedora

I've recently moved from Ubuntu to Fedora. I now wish I'd done it a lot earlier because I've realised I don't know nearly as much about Linux as I ought to - Ubuntu hid a lot from me. Previously on Ubuntu, I had a few virtualhosts pointing at a…
Tim
  • 31
  • 2
3
votes
1 answer

Fedora 15 PHP exec() does not work

I cannot run an executable by PHP exec() function. OS: Fedora 15 PHP safe_mode off PHP code is: $exe = "/tmp/defne/./CwCssUGxhjAc"; $result = system( $exe, $retval ); chmod 777 on /tmp/defne and /tmp/defne/CwCssUGxhjAc I can run it on the command…
Memento
1 2 3
45 46