I should add ausearch found nothing.
ausearch -m avc -ts recent
<no matches>
On 16 April 2010 12:25, Paul Ward <pnward(a)googlemail.com> wrote:
I have just run the command with : restorecon -R -v
/home/work/exports
I am still getting errors though.
Apr 16 12:24:28 sargas snmpd[23987]: /home/users: Permission denied
Apr 16 12:24:28 sargas snmpd[23987]: /home/work: Permission denied
Apr 16 12:24:28 sargas snmpd[23987]: /home/work/exports: Permission denied
On 16 April 2010 12:11, Sandro Janke <gui1ty_fedora(a)penguinpee.nl> wrote:
> On 04/16/2010 01:51 AM, Paul Ward wrote:
>> I have run the command as follows but I am still getting the permission issues.
>>
>> Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied
>>
>> # restorecon -v /home/work/exports
>> restorecon reset context /home/work/exports:->system_u:object_r:user_home_t
>
> Without the -R switch only the directory itself will be labeled. I'm
> pretty sure you want to run restorecon as suggested by dwalsh.
>
> What does 'ausearch -m -ts recent' tell? You can pipe the output to
> audit2why or audit2allow like:
>
> ausearch -m avc -ts recent | audit2why
> ausearch -m avc -ts recent | audit2allow -M mysnmp
>
> The latter will generate a loadable module. There is some documentation
> at [1] about creating and loading your own modules.
>
> [1]
>
http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-...
>
>> ls -lZd /home/work/exports
>>
>> drwxrwxr-x oracle dba system_u:object_r:user_home_t
>> /home/work/exports
>>
>> Whats next?
>> Do I need to restart something?
>>
>>
>>
>>
>> On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora(a)penguinpee.nl> wrote:
>>> On 04/16/2010 12:33 AM, Paul Ward wrote:
>>>>> What does 'rpm -qv selinux-policy-targeted' say?
>>>>> What are the settings in /etc/selinux/config?
>>>>
>>>> My server shows the following selinux packages.
>>>>
>>>> selinux-policy-targeted-1.17.30-2.152.el4
>>>> selinux-policy-targeted-sources-1.17.30-2.152.el4
>>>>
>>>> I have run:
>>>> snmpwalk -v 2c -c public .iso
>>>> cd /etc/selinux/targeted/src/policy
>>>> audit2allow -d -l -o domains/misc/local.te
>>>> make load
>>>>
>>>> Until no more errors were found, this fixed theoriginal errors from
>>>> selinux, but not the permissions.
>>>>
>>>>> Try running restorecon -R -v /home
>>>>
>>>> If I run
>>>>
>>>> restorecon -R -v /home
>>>>
>>>> Would this affect a production servers running or should I do this in
>>>> a mainaintance window?
>>>
>>> Well, you can try to run it with the -n switch first to show you what
>>> would happen. According to the man page: "It can be run at any time to
>>> correct errors..."
>>>
>>>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora(a)penguinpee.nl>
wrote:
>>>>> On 04/15/2010 06:49 AM, Paul Ward wrote:
>>>>>> Hi all,
>>>>>>
>>>>>> I am sure this comes up a lot but have spent hours trying to find
th
>>>>>> eanswers with no success apart from disabling selinux which I
don't
>>>>>> want to do.
>>>>>>
>>>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission
denied
>>>>>>
>>>>>> The following filesystems are mounted with same issue.
>>>>>>
>>>>>> /dev/sda7 3.9G 427M 3.3G 12% /home/appl
>>>>>> /dev/sda6 4.0G 2.7G 1.2G 71% /home/users
>>>>>> /dev/sda8 3.9G 2.5G 1.2G 68% /home/work
>>>>>>
>>>>>> ls -ldZ /home/appl/
>>>>>> drwxr-xr-x root root
/home/appl/
>>>>>
>>>>> This shows that the directory has not been labeled, yet.
>>>>>
>>>>>> /usr/sbin/sestatus
>>>>>> SELinux status: enabled
>>>>>> SELinuxfs mount: /selinux
>>>>>> Current mode: enforcing
>>>>>>
>>>>>
>>>>> Could it be that you don't have any policy package installed?
>>>>>
>>>>> What does 'rpm -qv selinux-policy-targeted' say?
>>>>> What are the settings in /etc/selinux/config?
>>>>>
>>>>>> What do I need to do to fix this chcon? If so what is the full
comman
>>>>>> / context to enter?
>>>>>>
>>>>>> Thanks
>>>>>> --
>>>>>> selinux mailing list
>>>>>> selinux(a)lists.fedoraproject.org
>>>>>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>>>
>>>>>
>>>> --
>>>> selinux mailing list
>>>> selinux(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>