On 04/16/2010 01:51 AM, Paul Ward wrote:
I have run the command as follows but I am still getting the
permission issues.
Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied
# restorecon -v /home/work/exports
restorecon reset context /home/work/exports:->system_u:object_r:user_home_t
Without the -R switch only the directory itself will be labeled. I'm
pretty sure you want to run restorecon as suggested by dwalsh.
What does 'ausearch -m -ts recent' tell? You can pipe the output to
audit2why or audit2allow like:
ausearch -m avc -ts recent | audit2why
ausearch -m avc -ts recent | audit2allow -M mysnmp
The latter will generate a loadable module. There is some documentation
at [1] about creating and loading your own modules.
[1]
http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-...
ls -lZd /home/work/exports
drwxrwxr-x oracle dba system_u:object_r:user_home_t
/home/work/exports
Whats next?
Do I need to restart something?
On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora(a)penguinpee.nl> wrote:
> On 04/16/2010 12:33 AM, Paul Ward wrote:
>>> What does 'rpm -qv selinux-policy-targeted' say?
>>> What are the settings in /etc/selinux/config?
>>
>> My server shows the following selinux packages.
>>
>> selinux-policy-targeted-1.17.30-2.152.el4
>> selinux-policy-targeted-sources-1.17.30-2.152.el4
>>
>> I have run:
>> snmpwalk -v 2c -c public .iso
>> cd /etc/selinux/targeted/src/policy
>> audit2allow -d -l -o domains/misc/local.te
>> make load
>>
>> Until no more errors were found, this fixed theoriginal errors from
>> selinux, but not the permissions.
>>
>>> Try running restorecon -R -v /home
>>
>> If I run
>>
>> restorecon -R -v /home
>>
>> Would this affect a production servers running or should I do this in
>> a mainaintance window?
>
> Well, you can try to run it with the -n switch first to show you what
> would happen. According to the man page: "It can be run at any time to
> correct errors..."
>
>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora(a)penguinpee.nl> wrote:
>>> On 04/15/2010 06:49 AM, Paul Ward wrote:
>>>> Hi all,
>>>>
>>>> I am sure this comes up a lot but have spent hours trying to find th
>>>> eanswers with no success apart from disabling selinux which I don't
>>>> want to do.
>>>>
>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied
>>>>
>>>> The following filesystems are mounted with same issue.
>>>>
>>>> /dev/sda7 3.9G 427M 3.3G 12% /home/appl
>>>> /dev/sda6 4.0G 2.7G 1.2G 71% /home/users
>>>> /dev/sda8 3.9G 2.5G 1.2G 68% /home/work
>>>>
>>>> ls -ldZ /home/appl/
>>>> drwxr-xr-x root root
/home/appl/
>>>
>>> This shows that the directory has not been labeled, yet.
>>>
>>>> /usr/sbin/sestatus
>>>> SELinux status: enabled
>>>> SELinuxfs mount: /selinux
>>>> Current mode: enforcing
>>>>
>>>
>>> Could it be that you don't have any policy package installed?
>>>
>>> What does 'rpm -qv selinux-policy-targeted' say?
>>> What are the settings in /etc/selinux/config?
>>>
>>>> What do I need to do to fix this chcon? If so what is the full comman
>>>> / context to enter?
>>>>
>>>> Thanks
>>>> --
>>>> selinux mailing list
>>>> selinux(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>>>
>>>
>> --
>> selinux mailing list
>> selinux(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>