Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
4
votes
3 answers

OpenDKIM permission denied

I have installed opendkim on CentOS 6 and set the TemporaryDirectory to /var/tmp in the opendkim.conf configuration file. After restarting the service and trying to send an email I get an error in the postfix log that reads opendkim[27392]:…
seyfe
  • 151
  • 1
  • 5
4
votes
0 answers

What's the recommended way to restrict Internet access per process using SELinux?

Before I have tried to do this using a phony user and iptables to execute commands that needs to be restricted. However now the commands need to read configuration set by each user's environment vars so it seems this way no longer works. The OS is…
Disenchanted Toad
  • 141
  • 1
4
votes
2 answers

Enable SELinux on Centos7 LXC container with Ubuntu 14.04 host

I'm trying to setup an LXC container for testing which is running CentOS 7 with SELinux enabled to meet the requirements for a test I'm trying to run. Despite all my efforts, I'm still unable to get the output of getenforce to return anything except…
Dave Birch
  • 143
  • 1
  • 3
4
votes
2 answers

Find modified selinux booleans

I have a CentOS 6.6 server that was setup by someone else. I'll be recreating this server from scratch on a new box and I'm wondering if there is any way I can find out what selinux booleans have been modified on the existing server? Bash history is…
Pawilon
  • 71
  • 5
4
votes
2 answers

LDAP user authentication on CentOS 7: Permission denied

I configured LDAP on CentOs 7 and now I'm trying to configure external user authentication. Browsing I found this: https://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-ldap-pam.html that is for CentOS 5. Also in other sites says that you can…
Neil
  • 355
  • 3
  • 9
  • 16
4
votes
2 answers

New Dovecot install not allowing login, giving permissions error despite saying that permissions "appear ok"

I'm installing dovecot onto a Virtualbox VM running Ubuntu Server 64-bit 14.04 guest. Dovecot itself is being installed into a Docker container (I'm not sure that that's relevant here, but am noting it just in case). I'm having trouble getting…
J L
  • 151
  • 1
  • 4
4
votes
1 answer

SELinux blocking sudo from zabbix_agentd

I have a custom user parameter for Zabbix that calls a hardware RAID CLI tool (arcconf / megacli) and checks if any arrays are degraded. Since these tools are root-only, I have configured sudoers to allow the zabbix user access without…
lmz
  • 379
  • 2
  • 4
  • 17
4
votes
3 answers

Where's selinux source code?

I'm trying to find url to selinux source code (both kernel and userland) but i can't find anything, only outdated urls... Could someone help? Also, I installed from packages in debian, so i guess i can't check it directly on my system?
Phil
  • 1,969
  • 6
  • 29
  • 33
4
votes
1 answer

SELinux permissions for LogRotate and Apache

With the directory structure: /www/live/website1/app/ /www/live/website1/files/ /www/live/website1/logs/ Where Apache needs at least the following access: app: read-only access, but read-write is fine (files already chmod 0644) files: read-write…
Craig Francis
  • 633
  • 1
  • 8
  • 23
4
votes
1 answer

Apache doesn't start: syntax error....DocumentRoot must be a directory

I read all the previous answer but I couldn't fix my problem.. I'm changing the server where my website is hosted and I'm setting again apache.. Now, after installing php, fail2ban, etc i have that issue: service httpd start Avvio di httpd: Syntax…
Akylle
  • 41
  • 1
  • 1
  • 5
4
votes
2 answers

OpenVPN SELinux Permission Denied

I am running CentOS 6.4. # cat /etc/centos-release CentOS release 6.4 (Final) After some updates, and a reboot, OpenVPN fails to start. # service openvpn start Starting openvpn: [FAILED] /var/log/messages…
Eero Aaltonen
  • 143
  • 1
  • 5
4
votes
1 answer

Can't make SELinux context types permanent with semanage

I created a new folder at /modevasive to hold my mod_evasive scripts and for the Log Directory. I'm trying to change the context type to httpd_sys_content_t so Apache can write to the folder. I did semanage fcontext -a -t "httpd_sys_content_t"…
Safado
  • 4,786
  • 7
  • 37
  • 54
4
votes
1 answer

SELinux: How to show all allowed rules for a type?

For an arbitrary object type, e.g. user_tmp_t, I want to know which processes are allowed to access this tag. How do I find all allow rules that reference user_tmp_t?
lairtech
  • 417
  • 7
  • 13
4
votes
2 answers

Relocated /var - now selinux is unhappy

I needed more space in the /var tree on a VM so I allocated some, booted in to runlevel 1 and copied over the folder to the new space. After changing the fstab entry for /var to reflect the new location I rebooted. (you can see what's coming) The…
ethrbunny
  • 2,369
  • 4
  • 41
  • 75
4
votes
1 answer

Granting sudo access to a SELinux confined user in freeIPA

I'm using freeIPA to define RBAC, HBAC and sudo rules, as well as SELinux user mappings for a domain of a couple hundred virtual machines, where I need to grant different levels of access to several teams (developers, database administrators, system…
dawud
  • 15,096
  • 3
  • 42
  • 61
1 2 3
45 46