December 2004 - selinux - Fedora Mailing-Lists

postgresql error with selinux enabled in FC2

by joe

hi, I use FC2 with selinux enabled, as root I can't do "/etc/init.d/postgresql start". Any idea to run postgresql with selinux enabled ? thx -- --- joe

19 years, 4 months

3
2
0 / 0

udev want to unlink/read/create '/dev/.udev.tdb/block@hda@hda1', etc

by Tom London

Running strict/enforcing, latest Rawhide. latest udev seems to want to unlink, create, read a horde of device files on boot up, all uncer /dev/.udev.tdb/ This produces a horde of error messages on boot console and many avcs. I attach a few here. This started on Friday's installs, I believe. I noticed a bugzilla for udev describing a problem caused by /dev/.udev.tdb becoming a directory. Is a labeling/policy change also needed? tom Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied { unlink } for pid=435 exe=/bin/rm name=block@ram3 dev=tmpfs ino=906 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied { unlink } for pid=435 exe=/bin/rm name=block@ram2 dev=tmpfs ino=904 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied { unlink } for pid=435 exe=/bin/rm name=block@ram15 dev=tmpfs ino=902 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:06 fedora kernel: audit(1103366847.891:0): avc: denied { unlink } for pid=435 exe=/bin/rm name=block@ram14 dev=tmpfs ino=900 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.018:0): avc: denied { read } for pid=1064 exe=/sbin/udev name=class@tty@tty56 dev=tmpfs ino=710 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied { read } for pid=1064 exe=/sbin/udev name=class@tty@tty55 dev=tmpfs ino=707 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied { read } for pid=1064 exe=/sbin/udev name=class@tty@tty54 dev=tmpfs ino=704 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.019:0): avc: denied { read } for pid=1064 exe=/sbin/udev name=class@tty@tty53 dev=tmpfs ino=701 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.194:0): avc: denied { create } for pid=1069 exe=/sbin/udev name=class@sound@controlC0 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:sound_device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.482:0): avc: denied { create } for pid=1064 exe=/sbin/udev name=block@fd0 scontext=system_u:system_r:udev_t tcontext=system_u:object_r:device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.584:0): avc: denied { create } for pid=1070 exe=/sbin/udev name=class@sound@timer scontext=system_u:system_r:udev_t tcontext=system_u:object_r:sound_device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.827:0): avc: denied { create } for pid=1071 exe=/sbin/udev name=class@sound@pcmC0D1c scontext=system_u:system_r:udev_t tcontext=system_u:object_r:sound_device_t tclass=file Dec 18 10:48:13 fedora kernel: audit(1103366861.967:0): avc: denied { create } for pid=1072 exe=/sbin/udev name=class@sound@adsp scontext=system_u:system_r:udev_t tcontext=system_u:object_r:sound_device_t tclass=file -- Tom London

19 years, 4 months

1
0
0 / 0

RE: FC 3, permissive, strict: Error! Unable to set executable context.

by Browder, Tom

> -----Original Message----- > From: fedora-selinux-list-bounces(a)redhat.com > [mailto:fedora-selinux-list-bounces@redhat.com] On Behalf Of > Daniel J Walsh > You probably need to relabel. > > touch /.autorelabel and reboot. Dan, my machine is grinding away relabeling. I assume that will take care of the problem. Is that something I will have to do regularly? Thanks. Tom Browder

19 years, 4 months

2
1
0 / 0

FC 3, permissive, strict: Error! Unable to set executable context.

by Browder, Tom

I just turned on SELinux on my FC 3 box at home (permissive, strict). No problems and I'm building large /var/log/message file as we speak. However, I did the same thing on a box at work and when I try to login as a normal user I get an error messge on the gdm login screen that says: Error! Unable to set executable context. And it won't let me login. But I can still login as root OK. What am I doing wrong? Thanks. Tom Browder

19 years, 4 months

2
1
0 / 0

sending mail with squirrelmail

by Phil Anderson

Is anyone else having problems sending mail with squirrelmail? This is the only remaining problem I have before I'm switching my server to enforcing mode. The attachment problem was fixed in the latest policy update. Unfortunately, squirrelmail fails to send the mail silently... it even puts a copy in the Sent folder :( Dec 20 15:00:48 harry kernel: audit(1103515248.224:0): avc: denied { read } for pid=12496 exe=/usr/sbin/sendmail.sendmail name=urandom dev=tmpfs ino=870 scontext=user_u:system_r:system_mail_t tcontext=system_u:object_r:urandom_device_t tclass=chr_file Any suggestions? Phil

19 years, 4 months

3
7
0 / 0

I have a problem with ATI Radeon 9000 Mobility in RH ES 3 installation. Can u help me?

by Cigliano Andrea

I have a problem with ATI Radeon 9000 Mobility in RH ES 3 installation. Can u help me? The RH ES 3 have not recognized the graphic card ATI Radeon 9000 Mobility in my Portable PC (ACER Travelmate). Can u help me?

19 years, 4 months

2
1
0 / 0

multiple spec for '/var/run/dbus(/.*)?'

by Tom London

Running strict/enforcing, latest Rawhide. Seems to be duplicate specs for /var/run/dbus, one in distros.fc, the other in dbusd.fc. Produces the following harmless warning: WARNING: Multiple same specifications for /var/run/dbus(/.*)?. tom -- Tom London

19 years, 4 months

1
0
0 / 0

wihbindd avc errors

by Jim Cornette

I am trying to run some samba related programs and found that the winbindd program causes some avc errors. I did a touch /.autorelabel and noticed that the errors were still present with this daemon. I did not configure anything for this program. Attached is the avc errors for today. I disabled the daemon and have no errors now. Thanks, Jim Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.233:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.234:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.235:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.236:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.237:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.290:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.291:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.356:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.357:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.358:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.359:0): avc: denied { create } for pid=2137 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:53 cornette-fc3-lt kernel: audit(1103397413.455:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 14:16:54 cornette-fc3-lt kernel: audit(1103397414.324:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 14:16:55 cornette-fc3-lt kernel: audit(1103397415.218:0): avc: denied { create } for pid=2139 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:49:07 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Dec 18 15:54:00 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Dec 18 15:54:12 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403334.306:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Dec 18 15:59:09 cornette-fc3-lt kernel: audit(1103403523.164:0): avc: granted { setenforce } for pid=212 exe=/bin/bash scontext=user_u:system_r:unconfined_t tcontext=system_u:object_r:security_t tclass=security Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.176:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.177:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.178:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.179:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.218:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.219:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.299:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd_idmap.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.300:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.301:0): avc: denied { create } for pid=2190 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:33 cornette-fc3-lt kernel: audit(1103403573.412:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=netsamlogon_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd_cache.tdb scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_var_t tclass=file Dec 18 15:59:34 cornette-fc3-lt kernel: audit(1103403574.278:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:var_run_t tclass=dir Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.585:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 15:59:35 cornette-fc3-lt kernel: audit(1103403575.586:0): avc: denied { create } for pid=2191 exe=/usr/sbin/winbindd name=winbindd.log scontext=user_u:system_r:winbind_t tcontext=user_u:object_r:samba_log_t tclass=file Dec 18 16:11:18 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1 Dec 18 16:13:54 cornette-fc3-lt dbus: avc: 0 AV entries and 0/512 buckets used, longest chain length 0 Dec 18 16:31:46 cornette-fc3-lt dbus: avc: 1 AV entries and 1/512 buckets used, longest chain length 1

19 years, 4 months

2
2
0 / 0

php script avc denied

by Edy Corak

Hello, after update to selinux-policy-targeted-1.17.30-2.51 i have new error when i try to send a mail from php script. audit(1103462618.203:0): avc: denied { execute } for pid=31581 exe=/usr/sbin/httpd name=bash dev=md0 ino=830748 scontext=root:system_r:httpd_t tcontext=system_u:object_r:shell_exec_t tclass=file I try fixfiles relabel and restorecon but still the same error System FC3, Postfix How to fix this error Thank you for any help. Edy -- Edy Corak E-Mail: info(a)ecorak.de Internet: http://www.ecorak.net/ -----

19 years, 4 months

1
0
0 / 0

Loadlin.

by Moller

Hello! I want to dualboot FedoraCore3 with Win 98. How do I do it ? Here is a sample of my bootmessage that I get when I boot with loadlin: .. NET: Registered protocol family 17 md: Autodetecting RAID arrays. md: autorun ... md: ...autorun DONE. EXT2-f2 warning (device hda3):ext2_fill_super: mounting ext3 filesystem as ext2 VFS: Mounted root (ext2 filesystem) readonly Freeing unused kernel memory: 144k freed Warning: unable to open an initial console. SELinux: Disabled at runtime. SELinux: Unregistering netfilter hooks

19 years, 4 months

4
4
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux December 2004