Hello, I don't know how to install SELinux original policy as original RPM.
I edited my spec file but semodule didn't work in BUILDROOT.
Thanks in advance.
--
http://intrajp.no-ip.com/ Home Page
Hi, I try to ps from certain domain and when I do that a lot of denied
messages occurs.
I set this domain permissive but I want to silent it alltogether.
One thing in my mind is to domain_trans to domain same as ps, but my
question is to don't audit for certain time like semanage permissive.
After ps, I want to audit everything as hoped.
Thanks in advance.
--
http://intrajp.no-ip.com/ Home Page
I had this problem weeks and weeks ago:
[root@mda-vm1h ~]# service httpd configtest
httpd: Syntax error on line 209 of /etc/httpd/conf/httpd.conf: Syntax
error on line 1 of /etc/httpd/conf.d/valicert.conf: Cannot load
/etc/httpd/modules/vcapache.so into server:
/etc/httpd/modules/vcapache.so: cannot restore segment prot after reloc:
Permission denied
I solved it by creating an selinux module and "baking" it into my
kickstart. Built many machines, all worked perfectly.
Now, I have three virtual machines I installed with the same kickstart,
and I'm getting the same problem.
[root@mda-vm1h ~]# ls -lZ /etc/httpd/modules/vcapache.so
-rwxr-xr-x root root system_u:object_r:httpd_modules_t
/etc/httpd/modules/vcapache.so
type=AVC msg=audit(1241564879.792:4671): avc: denied { execheap } for
pid=28957 comm="httpd" scontext=user_u:system_r:initrc_t:s0
tcontext=user_u:system_r:initrc_t:s0 tclass=process
type=SYSCALL msg=audit(1241564879.792:4671): arch=40000003 syscall=125
success=no exit=-13 a0=ffa000 a1=1b8000 a2=5 a3=bf8b7eb0 items=0
ppid=28953 pid=28957 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=pts1 comm="httpd" exe="/usr/sbin/httpd"
subj=user_u:system_r:initrc_t:s0 key=(null)
[root@mda-vm1h ~]# semodule -l
amavis 1.1.0
ccs 1.0.0
clamav 1.1.0
dcc 1.1.0
evolution 1.1.0
iscsid 1.0.0
mozilla 1.1.0
mplayer 1.1.0
nagios 1.1.0
oddjob 1.0.1
pcscd 1.0.0
pyzor 1.1.0
razor 1.1.0
ricci 1.0.0
smartmon 1.1.0
valicert 1.0
There it is, at the end. I removed and reinstalled it with no effect.
It's data, so I can't cat it out, but that module worked... unless this
is some new, different problem.
Is there more magic sauce that has to be added?
--
***********************************************************************
* John Oliver http://www.john-oliver.net/ *
* *
***********************************************************************
Hi,
I wonder if it is possible to achieve "scp only" capability for a user just by using SELinux? Basically I want a user to be able to only upload/download files from his home via scp/sftp and nothing else. Thank you.
Sincerely yours,
Vadym Chepkov
hi,
i created a useruuser account which has SELinux User of "user_u".
and when i log in using that account, i cannot use 'su' or 'sudo'.
in particular, when i try to use 'sudo', there will be a permission denied
message.
may i know where is the boolean or rule that specified this restriction?
thank you
--
View this message in context: http://www.nabble.com/Boolean-or-rule-for-preventing-user_u-for-su-or-sudo-…
Sent from the Fedora SELinux List mailing list archive at Nabble.com.