Stack Overflow
Stack Overflow

Questions tagged [selinux]

NSA Security-Enhanced Linux (SELinux) is an implementation of a flexible mandatory access control architecture in the Linux operating system.

Security-Enhanced Linux (selinux) is a National Security Agency research project to modify the Linux kernel with enhanced security-related functions, including mandatory access control. This tag is also appropriate for questions about SEAndroid, NSA's adaptation of SELinux to the Android platform.

675 questions
8
votes
2 answers

Docker with selinux enabled - relabeling content in /usr is not allowed

I have Docker on Centos7 with selinux set to enforcing on the host and Docker daemon is started with --selinux-enabled flag. When I try to run the following command docker run -it -v /usr/local/xya/log:/usr/local/xya/log:z centos/systemd touch…
cucucool
  • 3,777
  • 8
  • 48
  • 63
8
votes
4 answers

Python MySQLdb with SELinux

I'm using the mySQLdb module within my django application which is linked to Apache via WSGI. However I'm getting permission issues (shown below). This is down to SElinux and if I set it to passive everything is ok. ImproperlyConfigured: Error…
felix001
  • 15,341
  • 32
  • 94
  • 121
8
votes
2 answers

SELinux influences "failed to open stream: Permission denied” PHP error

Yesterday I've spent 5 hours straight discovering a seemingly unreasonable error "failed to open stream. permission denied", which was occuring after any operations of writing to file system: fopen (with "w" and "a" flags), move_uploaded_file,…
broadcast-the-skills
  • 83
  • 1
  • 1
  • 3
7
votes
0 answers

How do I allow bpf syscalls in docker on Centos 7 with SELinux on?

I'm running a docker container that monitors other containers in a Centos 7 server. Since SELinux is enabled by default, it blocks my monitoring process when it calls any bpf operation with this info: type=AVC msg=audit: avc: denied { map_create…
patraulea
  • 652
  • 2
  • 5
  • 26
7
votes
2 answers

Access to docker.socket using SELinux in FCOS

Intro Greetings, Since a week I'm trying to setup a FCOS (Fedora CoreOS) and running a Docker Swarm along with SELinux (this is my first experience with SELinux) Containers is running great but when I'm trying to use the /var/run/docker.socket I'm…
Dymerz
  • 153
  • 2
  • 9
7
votes
2 answers

Gunicorn Nginx Permission denied while connecting to upstream

Setting up a django site with gunicorn & nginx gunicorn settings for projects : [Unit] Description=gunicorn…
ssgakhal
  • 408
  • 3
  • 15
7
votes
1 answer

command output not captured by shell script when invoked by snmp pass

The problem SNMPD is correctly delegating SNMP polling requests to another program but the response from that program is not valid. A manual run of the program with the same arguments is responding correctly. The detail I've installed the correct…
PhilJ
  • 303
  • 1
  • 8
7
votes
6 answers

Permission denied: httpd: could not open error log file /etc/httpd/logs/error_log

When I want to restart the httpd searvice on centOS 6.7 I have the following error: /etc/init.d/httpd restart Stopping httpd: [FAILED] Starting httpd: (13)Permission denied: httpd: could not open error log…
MLSC
  • 5,872
  • 8
  • 55
  • 89
7
votes
2 answers

Running an untrusted application on Linux in a sandbox

We have a device running Linux and we need to run untrusted applications on this. We are trying to alleviate the following security concerns - The untrusted application should not be able to adversely affect the core OS data and binaries The…
user967973
  • 2,475
  • 2
  • 18
  • 13
6
votes
2 answers

xdebug not connecting with client?

The xdebug server doesn't connect to any of the clients on port 9000 ie:Netbeans IDE ,debugclient etc.xdebug is shown in phpinfo output.The above clients keep on waiting for the connection to be established.when ever I try to run a php script from…
Alex
  • 326
  • 2
  • 10
6
votes
1 answer

How to modify the .te file generated by audit2allow and recompile it into .pp file

I used below command to generate a policy file: ausearch -ts today |audit2allow -M sample it will generate two files: sample.te and sample.pp the sampel.te contains lines such as: allow container_t unlabeled_t:dir { add_name create remove_name…
Michael.Sun
  • 387
  • 5
  • 13
6
votes
1 answer

what does the docker daemon option --selinux-enabled do

I guess it will label the containers it started, but from the output of ps -eZ, I don't see any difference. For example, the container etcd has the same domain, no matter the daemon is with and without this…
Michael.Sun
  • 387
  • 5
  • 13
6
votes
3 answers

init warning: Service myservice needs a SELinux domain defined. Please fix

I want to excute an executable on boot On a target board with Android 5.1 so I add this in init.rc: on boot start myservice service myservice /system/bin/myservice #class main user root group root #oneshot I did the unpack…
dudu
  • 801
  • 1
  • 10
  • 32
6
votes
1 answer

selinux denying haproxy connections?

I'm seeing these messages popping up in syslog: Mar 10 12:51:35 db1 kernel: [5851729.958138] type=1400 audit(1457614295.823:2925931): avc: denied { name_connect } for pid=801 comm="haproxy" dest=7778 scontext=system_u:system_r:haproxy_t:s0…
bluethundr
  • 1,005
  • 17
  • 68
  • 141
6
votes
1 answer

Disabling SELinux in Android 5.0.1

I am trying to identify the configuration file where SELinux is set to Enforcing mode in Android Framework. Please do not reply just saying adb shell su 0 setenforce permissive I need the system to boot in permissive mode or have SELinux…
Giuseppe
  • 447
  • 2
  • 5
  • 14
1 2
3
44 45