Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

The SELinux architecture provides general support for the enforcement of many kinds of mandatory access control policies, including those based on the concepts of Type Enforcement®, Role- Based Access Control, and Multi-Level Security. Background information and technical documentation about SELinux can be found at http://www.nsa.gov/selinux.

681 questions
4
votes
1 answer

RHEL6: Tomcat runs as unconfined Java user

I'm starting to configure RHEL6 to be a hardened Tomcat server and applying SELinux policies for access control. After installing RHEL6 and Tomcat6 (standalone, no httpd), I noticed that the Tomcat process was running as unconfined_java_t. How can I…
lairtech
  • 417
  • 7
  • 13
4
votes
3 answers

Home directories created with wrong Selinux context

[root@tst-01 home]# ls -Z drwxr-xr-x. ujjain users system_u:object_r:home_root_t:s0 ujjain drwxr-xr-x. johndoe users system_u:object_r:home_root_t:s0 johndoe The selinux context should be object_r:user_home_dir_t.…
ujjain
  • 3,983
  • 16
  • 53
  • 91
4
votes
2 answers

setenforce: SELinux is disabled

I'm in a CentOS 5 machine, and try to install vsftpd. I want to configure ftp_home_dir using setsebool -P ftp_home_dir on but it says: setsebool: SELinux is disabled. I try to enable it using setenforce it still says: setenforce: SELinux is…
Can Geliş
  • 143
  • 1
  • 1
  • 4
4
votes
3 answers

selinux Missing type enforcement (TE) allow rule

When I run my FTP test to test for full functionality, I'm concerned on why am I getting an avc denial error on such a popular command, such as 'mkdir'? Here is the AVC denial message: type=AVC msg=audit(1365021919.400:283): avc: denied { create }…
usa ims
  • 361
  • 1
  • 7
  • 14
4
votes
2 answers

selinux avc: denied issue

I just setup a web hosting server with selinux in permissive mode, meaning it's unsecured but writing issues to the message log file. Once I have fixed all the avc: denied errors, I will put the server in 'enforce' mode. But here's the question. In…
usa ims
  • 361
  • 1
  • 7
  • 14
4
votes
1 answer

AD GIT SELinux RHEL 6 : Can not get SELinux to allow connetion to git

I have a problem with SELinux! I have installed git on Red Hat Enterprise 6 with AD group control and SSL Cert . Everything works fine if I do setenforce 0 ( set SELinux in detection only mode ) or if I do semanage permissive -a httpd_t (Set…
Johan Sörell
  • 41
  • 2
4
votes
2 answers

CentOS - semanage - Adding Custom Port Fails

I recently upgraded one of my application servers to CentOS 6(.2) and was getting it ready for production use when I can across the following issue; Whenever I try to add a custom http port by way of semanage, I keep getting the following error…
Mike Purcell
  • 1,708
  • 7
  • 32
  • 54
4
votes
3 answers

Convert SELinux log date format from Epoch to Normal

When SELinux logs an event to the audit log on my CentOS 6 system, it's logging it in epoch time which makes for a real hassle when trying to troubleshoot. Is there any way to make it log these events using human readable date formats? I've looked…
Safado
  • 4,786
  • 7
  • 37
  • 54
4
votes
1 answer

how can I modify a SELinux access restriction

I want SELinux to allow the LogRotate daemon to rotate and compress the audit logs under /var/log/audit/audit.log, but it's being blocked with this error message showing up: Oct 27 04:06:03 setroubleshoot: SELinux is preventing /usr/sbin/logrotate…
Safado
  • 4,786
  • 7
  • 37
  • 54
4
votes
1 answer

/bin/su permission denied after SELinux is enabled - not resolved by manual creation of SELinux policies

For some reason, I can't su to root with from a non-root user: [rilindo@kerberos ~]$ /bin/su - -bash: /bin/su: Permission denied Running output from /var/log/audit/audit.log either returns this: [root@kerberos tmp]# cat /tmp/audit type=AVC…
Rilindo
  • 5,078
  • 5
  • 28
  • 46
4
votes
4 answers

Permission denied: could not create /var/run/httpd.pid in Apache

I'm working on setting up a web server running RedHat Enterprise 6 with Apache and PHP inside of a chroot jail environment. The chroot directory for apache is /chroot/httpd. I followed this example yet when I go to start apache, I see the following…
Bourne
  • 1,039
  • 5
  • 18
  • 24
4
votes
2 answers

Allowing multiple types in the type field of a folder label in SELinux

I'm an Ubuntu/Debian guy but I had trouble installing Ubuntu on a softraid/fakeraid system, so I went with CentOS 5.6. I'm also at a small web development firm where we need to share our test server's html/httpd files via samba/smb but also allow…
bafromca
  • 153
  • 1
  • 5
4
votes
2 answers

SELinux & ncsa_auth in Squid

I'm trying to enable SELinux on a CentOS 5.5 server with Squid 3.1.12 that handles authentication via ncsa_auth. When I turn off SElinux everything works fine, but when I enable it, Squid crashes on the authentication-plugin, ncsa_auth. This is the…
Bart De Vos
  • 17,911
  • 6
  • 63
  • 82
4
votes
6 answers

How to disable SELinux for Apache httpd only on my Fedora 14?

By following this link I am able to just turn SELinux off completely from my Fedora 14. But I wonder how could I disable SELinux only for the httpd daemon? I don't have system-config-selinux installed and due to company firewall policy I have got to…
Michael Mao
  • 215
  • 1
  • 5
  • 12
4
votes
4 answers

Using SELinux to force Linux to allow programs to bind to port numbers lower than 1024

Is there a way in SELinux to force linux to allow a program to be able to bind to a port number lower than 1024.
PHGamer
  • 430
  • 1
  • 4
  • 7
1 2 3
45 46