Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
0
votes
1 answer

Can not change SELinux security context on Gluster FS folder

I can not change the security context of a folder which is created inside a Gluster-FS volume. Following is the error I keep getting. chcon: failed to change context of ‘test’ to ‘system_u:object_r:httpd_sys_rw_content_t:s0’: Operation not…
Srimal Nishantha
  • 101
  • 2
0
votes
2 answers

How to configure SELinux for nginx to access a symlink to a mounted directory

I have a libvirt vm running nginx with a shared filesystem mounted in the nginx vm, and I want to expose a directory in that mount. nginx seems to be running fine, and I can access the basic local files and subdirs in /usr/share/nginx/html. I have…
swv
  • 123
  • 1
  • 6
0
votes
1 answer

centos 7 cant change ssh port - selinux policy 30 missing

I'm running centos 7.3 with LAMP After changing my ssh port in /etc/ssh/sshd_config I have run semanage port -a -t ssh_port_t -p tcp But its kicking out the following error SELinux: Could not downgrade policy file…
Jim Venner
  • 11
  • 4
0
votes
0 answers

SELinux prevents NRPE to run properly in RHEL 6.8: Could not complete SSL handshake with

I downloaded nrpe-3.2.0.tar.gz and nagios-plugins-2.2.1.tar.gz, extracted, compiled and installed in a RHEL 6.8 64-bit box. It runs fine when SELinux status is Permissive, but it does not work in Enforcing mode. I have run a lot of times grep -e…
Jdamian
  • 285
  • 3
  • 19
0
votes
0 answers

Why do I have SELinux problems after creating a logical volume (LVM)?

The default postfix queue directory om RHEL 7.3 is /var/spool/postfix. The permissions are 755, owner root, group root and SELinux context system_u:object_r:postfix_spool_t:s0. I can remove all the directories and files in this directory. After a…
Pieter Vogelaar
  • 171
  • 1
  • 4
0
votes
1 answer

pam_exec: permission denied due to selinux

I have a RHEL 6.0, and I configured pam_exec to run a custom authentication method through a bash script. If SE Linux is disabled everything works as expected, but when I enable SELinux I get a permission denied error when pam_exec tries to execute…
Miguelángel Cárdenas G
  • 1
  • 1
0
votes
1 answer

CentOS7 postfix install, selinux blocks cleanup

I installed postfix successfully and when I start it as root/sudo with- postfix start ...it runs unconfined and sends emails. When I set it to automatically start at boot with- systemctl enable postfix.service ...it starts up at boot time and…
hotkarl
  • 165
  • 2
  • 10
0
votes
0 answers

Nagios and SELinux - what are proper settings for Nagios files?

I was trying to deploy Nagios on a VM running CentOS 7, and as most, ran into "Could not stat() nagios.cmd" problem. I did set permissions for users apache and nagios to acccess the file, and now am fighting with SELinux to both allow apache and…
Vesper
  • 794
  • 1
  • 9
  • 32
0
votes
1 answer

CentOS 7.3 audit2allow return "plural forms expression could be dangerous"

Hi I try to check audit2why or audit2allow but I get error: cat /var/log/audit/audit.log | audit2why plural forms expression could be dangerous I have just installed latest CentOS from repos, using netinstall ISO. Also during install, I have…
BiG_NoBoDy
  • 138
  • 1
  • 8
0
votes
2 answers

When SELinux is set to enforcing, startx will not bring up the user GUI

I have a machine (CentOS) that is using SELinux that must be set to enforcing (in MLS mode), I want to be able to go into the gui to show the system works in a gui setting for people who don't use a terminal. When I type in startx (after it hangs…
Jeansburger
  • 1
0
votes
1 answer

Jupyterhub with selinux

I'm trying to deploy jupyterhub on centos 7 with selinux enabled. I choose sudospawner for creating new jupyter notebook servers. When i try to login to jupyterhub, selinux logs the following error an no process is spawned: python3.4[17888]:…
user281736
0
votes
1 answer

php.ini is not read after upgrading to PHP 5.6.25 from RHSC on RHEL7 with SELinux. How to debug?

Configuration: I run a web server with RHEL7 with the SELinux kernel module and php-fpm. By default, RHEL7 ships with PHP 5.4. This version of PHP is too old for my software, so I've upgraded to PHP 5.6.25 from RHSC. Before upgrading, everything…
Free Radical
  • 131
  • 9
0
votes
1 answer

CentOS with SELinux, systemd and stunnel

I am using CentOS 7.3 with stunnel. If I launch stunnel like that : stunnel /etc/stunnel/stunnel.conf Everything works fine ! I would like to manage stunnel with systemd. Here is my stunnel.service : [Unit] Description=SSL tunnel for network…
Djé Djé
  • 13
  • 3
  • 7
0
votes
1 answer

RHEL7 selinux problems trying to run sshd via xinetd - sshd_net_t transition causes login failure

I'm trying to set up sshd to run under xinetd on an RHEL7 server. I run sshd on an alternate port, using xinetd to limit what IPs can connect. This works fine on RHEL6, and also on RHEL7 if I disable SELinux. However, the targeted SELinux policy…
Dan Pritts
  • 3,221
  • 26
  • 28
0
votes
1 answer

Difference between httpd_sys_content_t httpd_user_content_t

What is the difference between the selinux types httpd_sys_content_t and httpd_user_content_t? Looking e.g. here I can't find much in the way of specifics.
hotkarl
  • 165
  • 2
  • 10
1 2 3
45 46