I turned on SELinux today on my laptop, but when I tried to reboot I found that I can't! The boot process stalls every time on "Starting system logger". A load of "permission denied" messages preceed that, including various items in /var/sys. Most flash by far too fast for me to note them down.
I have tried the backup kernel from the grub menu but get the same result. What has gone on here and what can I do to get around this?
i am trying to install centos 5.5 x86_64 as a guest OS in vmware server 2.0.2 using netinstall iso. Installation runs fine until the point, when it tries to install selinux-policy-targeted-2.4.6-279.el5.noarch, the whole virtual pc hangs at this.any ideas? i tried to google few things about this, but i have found nothing. this has happened 3 times in row, whole virtual pc always hangs at the same package. i dont have any other problems with vmware, gentoo runs and installs fine in it.i would prefer to do installation using netinstall.iso, it would take a lot of time to download all cds or whole dvd and all i require is a very basic set of packages.
View 7 Replies View RelatedYou can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies View RelatedI have a selinux alert every time I print to cups_pdf after upgrading to Centos 5.3 from 5.2. This never happened before. This is the alert I get
SELinux is preventing sh (cups_pdf_t) "search" to ./sbin (sbin_t)
It tells me to allow the access I need to run the cmd
restorecon -v './sbin'
I have tried it but nothing happens.
I am running Postfix on my CentOS (latest) powered box with SELinux at Enforcing mode.
This is what I get each time Postfix tries to send e-mail:
Quote:SELinux is preventing postdrop (postfix_postdrop_t) "write" to pipe (initrc_t).
I always thought that whenever /usr/sbin/setsebool was used, it would write either a "0" or a "1" into the corresponding boolean file. All SELinux boolean files are in /selinux/booleans but If I check, for example, this boolean ...
$ sudo /usr/sbin/getsebool ftp_home_dir
ftp_home_dir --> on
It returns a positive, but if I do
$ sudo less /selinux/booleans/ftp_home_dir
I get ... read error (Press Return)
Furthermore, if I list the boolean file itself, it shows it to be empty
$ sudo ls -l /selinux/booleans/ftp_home_dir
-rw-r--r-- 1 root root 0 Aug 9 11:09 /selinux/booleans/ftp_home_dir
Where is SELinux storing the booleans then?
This is on CentOS 5.4
I'm able to connect to ftp as a virtual user. It was also difficult as nowhere mentioned, that it should be done with SSL. Anyway I found the answer and got connection. But now I can't connect to ftp server as system user. It gives me "530 Permission denied", or if I delete the user from the file denied_users, - "530 Login incorrect".
1. Still I can't understand, how I can log in to FTP server with a system user.Also some other questions regarding this matter:
2. My httpd server Apache has a virtual hosts located in "/home" directory.The scripts create users in "/var/ftp virtual_users". Will it cause any problem if I will change them to "/home"? All I need to do with this is ability to have several virtual hosts in one server with separate access to each of them via FTP. And 1 account with access to all files in "/home".
3. In my ftp client I can see the owner of virtual host "ftp" instead of username.
Code:
$ ./configure --with-md5-passwords --with-selinux --with-pam
[snip]
Host: i686-pc-linux-gnu
Compiler: gcc
[Code]..
I don't think it has anything to do with the config file.More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinuxis on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.Here is the output when I ran [root@fileserver /]# getsebool -a | grep smballow_smbd_anon_write --> onsmbd_disable_trans --> onThese two options were off I tried turning them on.This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba
samba_domain_controller --> off
samba_enable_home_dirs --> off
[code]....
Is there a reason why the selinux module for nagios just doesn't work? I'm running CentOS release 5.4 (Final) and did "yum install nagios" and now have nagios-3.2.0-1.el5.rf installed. I'm having to create policy after policy after policy, and still haven't reached the end of the rainbow.
I suppose after I run out of selinux violations, I could figure out how to combine all of these modules and post the result, but it seems really, really weird to think that I'm the only person who has ever installed nagios from the repo with SELinux enabled.
I have installed CentOS and Redhat5 on a LVM partition and selinux is enabled. Both OS's share the same /home partition with one user with the same login(gc) and same uid (1000). The problem I am having is that gc can login with all permissions etc on the OS that was installed first (CentOS). For the redhat OS gc can login but cannot write to the home directory (or startx since X needs to write to Xauthority)Here are outputs - 1st CentOS
[gc@shuttle ~]$ ll -Zd $HOME
drwx------ gc gc system_ubject_r:unlabeled_t /home/gc
[gc@shuttle ~]$ stat $HOME
[code]....
I'm running Apache on Centos 5.5, with active SELinux, and I'm having trouble getting my Perl script to write a file that doesn't yet exist to a folder which has the proper security context.
View 9 Replies View RelatedI get a SELinux relabel often even without changing stuff. SELinux troubleshoot doesn't show any error nor are there any messages in /log/messages that give any clue. Where should I look to see whats happening ?
2.6.31.12-174.2.22.fc12.x86_64
selinux-policy-3.6.32-103.fc12
On boot I get
** Warning -- SELinux relabel is required. ***
*** Disabling security enforcement. ***
*** Relabeling could take a very long time, ***
*** depending on file system size. ***
On the next screen the boot hangs. There is a solution posted here: [URL] it states I booted my VM from a rescue CD ISO, mounted the root directory, and:
# cd /mnt/local
# rm -f .autorelabel
Once this is done you may want to consider upgrading your VM to more -current that has this fixed. I've booted using a knoppix CD, but I don't know how to mount the root directory to try the fix.
After I do a recommended SELinux change from an alert:
'grep blender /var/log/audit/audit.log | audit2allow -M mypol'
the next time I boot, I have to add the rule again. How would I make this permanent? Can this only be done with the SELinux Policy Generation Tool? I've tried making bug reports for some SELinux warnings.
My Redhat box hangs on boot up after "SELinux: Disbled at runtime" Code: raid1: raid set md0 active with 2 out of 2 mirrors
[Code]...
My Redhat box hangs on boot up after "SELinux: Disbled at runtime" ...
Code:
raid1: raid set md0 active with 2 out of 2 mirrors
md: ... autorun DONE.
EXT3-fs: INFO: recovery required on readonly filesystem.
EXT3-fs: write access will be enabled during recovery.
[Code]....
how to restore them properly.
So, I had fun with this one the past week. I had an FC11 system running just fine. Then one day it would not boot - it was hung somewhere inside the init script of the initrd image. CTRL-ALT-DEL would reboot the system. Using grub editor, I could temporarily delete the initrd line and boot into the system OK. But what was going on?
mkinitrd was of no help to me. I even did a yum update, which got a new kernel, which also generated a new initrd - no joy. I extracted the initrd file system and edited the init script. I eventually hit on this tidbit: If I commented out this line:
daemonize --ignore-missing /bin/plymouthd and rebuild the initrd image - the system would finally at least tell me what the problem was: mount failed for selinuxfs on /selinux. No such file or directory.
So, I examine the root (the real root, not the initrd temporary root) - and sure enough, no /selinux. I make one and reboot. The system goes into a "targeted policy relabel" operation, reboots, and I am back in business - even with my original, unmodified, initrd.
I have no idea what happened to my /selinux directory, but I think the initrd "init" script needs to check for this directory's existance, and make it if necessary. Or at least report that it isn't there. In FC11 right now the system just HANGS without this directory being present, without any clue as to what the problem is!
I am trying to use CentOS 5.4 to set up a secure laptop, largely because of it's SELinux functionality. Unfortunately I couldn't get wireless to work properly using the default NetworkManager so I installed wicd. Initially it buggered up my whole installation but after relabelling files using SEL I can now use my system again. but.. I can't use it with SELinux enabled, as it denies the required accesses for wicd to work. I also get similar SELinux denials for wpa_supplicant. A couple of snippets from /var/log/audit/audit.log -
[Code]....
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies View RelatedI'm using CentOS 5.3, and I want to allow my samba server from selinux. I disabled my selinux and it works fine, but I want to keep my seline firewall on and want to allow other workstation to access my samba server.
View 8 Replies View RelatedI just upgraded by box from Fedora Core 9 to Centos 5.2. Finally!I have a 500GB SATA drive, it's partitioned into three equal size slices, hda1 through 3. The old Fedora was on hda1, I installed the new Centos on hda3. I instructed the installer to write the MBR to /dev/hda, not /dev/hda3. Fdisk says I have sector 0 unused.First, the system wouldn't boot - it just looped through the BIOS, rebooting over and over again. The BIOS sees the disk, but it never loaded Grub. I tried re-running grub-install /dev/hda, and not I get a Grub Error 17 after stage 1.5 loads.
I can boot from rescue OK, the grub.conf man menu.lst look fine, it's pointing to "root (hd0,2)". It's either the BIOS that can't find the MBR, or the MBR can't find Grub.When I looked at the disk with fdisk after the install, hda1 was still marked bootable, hda3 was not, so I swapped bootable flags but that has not made a difference. I also appended the new grub to the old grub thinking I could get the MBR (if it is there) to load the old grub and thence find the new Centos, but that didn't work either.Mobo is an old Shuttle AK35.Any ideas? Did I mess up by not telling the system to put the MBR on /dev/hda3? Is there a way to fix this without reinstalling?
I have successfully installed CentOS 5.4, and after choosing it from the GRUB menu, I am getting the following error message:1706-Smart Array Controller Extended BIOS Data Area Memory Corrupted. Int 13h BIOS Cannot Continue - System Halted.I'm using two SAS disks that came along with the server, left the default RAID configuration (1+0) on a P410 controller
View 5 Replies View RelatedIve installed centos freebsd and mandriva but i want to manage grub from my centos and y create successfully a boot load for freebds. But for mandriva it just doesnt work... so how can a create a boot load entry for mandriva from grub centos?
View 1 Replies View Related3 partitions (in order): Windows 7, CentOS and shared data partition.
I need to increase the size of the Windows 7 partition (c:windowswinsxs seems to be something not easily remedied).
GParted didn't work in moving things around (bad sector) so I wiped out its partition (# 2 out of 3) and I was able to increase the size of the Windows 7 partition (I can reinstall CentOS easily and not much work lost).
Except ... no more grub menu (unsurprising). This incantation does allow me to boot into Windows 7.
Is there any way of rebuilding the grub menu short of reinstalling CentOS (5.5)?
I have a laptop that came with Windows Vista (64-bit) installed. I created a new partition and installed XP (also 64-bit) alongside it.Last night I shrunk my XP partition and created another new partition and installed Linux (CentOS 64-bit) on it. I made an error in judgment and didn't allocate enough space, so I need about 10 more gigs for the Linux partition. It boots up and runs, but I need about 10 more gigs of storage for the files I want to keep on the partition (and yes, they have to be on the partition, I definitely need to know how to do this, not a workaround)I went into Vista and shrunk the XP partition by 10 gigs, so now I have 10 gigs of free, non-partitioned space.
As it stands, when I start up the computer I get the GRUB boot loader. I can boot my Linux install or choose "Other" and be taken to the Vista boot loader. From there I can choose XP or Vista to boot.So, my question is... what is the best way to append the 10 gigs of free space to the Linux partition? Is this something I should do inside of Linux? I have the option to do it in Vista, but the partition shows up as "healthy" but without a file system type.I just don't want to screw up the boot loader, partitions or anything else.This isn't my area of expertise, so if anyone could give me a good suggestion or solid answer
have all ways been hiding in the background read not say a thinglets start well i look after 2 dell poweredge 2650 with 12 gig ram installed servers has been running fine onwell i though it was time to upgrade to 5 all went fine till reboot Memory for crash kernel (0x to 0x) not within permissible range ! well what i have been reading this is the norm for now What is mean by ignore it? LoLwell so i did the system keeps boot till i get to this linesbin/mingetty: /sbin/mingetty: cannot execute binary file alot, and it shows. INIT: Id "5" respawning too fast: disabled for 5 minutes ...so maybe its a memory issue so took 8 gig out left 4 in the system now it reboot alls good with only 4 gig of ram installed so is there a way to fix it to use all the ram can i get the system boot on 4 gig and then add the 8gig later on
View 7 Replies View RelatedI am trying to install CentOS 5.2 on an HP rp5700 desktop unit. These units were originally sold as a Point of Sales unit I believe, but HP also markets it as a high life cycle server for SMB market.I tried to load CentOS on this unit via CD (created from downloaded ISO of course). It presents the initial CentOS banner page and waits for the obligatory "enter" to continue. It begins the boot process up to discovering the PCI stuff and just locks up, no response. I have to power down to restart.Since this does not even get to the point of installing. I am at a loss what to do next. Has anyone had a similar issue with other PCs.The boot stops at the lineACPI: PCI Root Bridge [PCI0] (0000:00)
View 3 Replies View RelatedI've Got one Problem with My Computer soon after success installation of when the boot-loader ask me to choose OS at CENTOS 5.4, multi boot boot-loader if i choose windows then computer tries to boot windows but fail and give the error message that there is a problem on reading the hard disk, But when i restart it and start with LINUX then computer start successful with no error message, now i do not know what to do cause i need to use Windows and all my programs are in windows..
View 1 Replies View RelatedI had a sata drive go down on my software raid array a couple days ago..After replacing the defective drive, I rebuilt it using fdisk to set partitions and mdadm to add the drive back into the raid array.After getting md2 to mount to /mnt I copied the /mnt/etc/fstab and /mnt/etc/mdadm.conf to the /etc directory and rebooted..When I boot, my /dev/md2 partition is not mounting to / It is not loading all of the services at boot time it should.. the size of /dev/md2 on / is even wrong.. it should be about 1.3TBwhen I manually mount /dev/md2 to /mnt I can access all of my data, through /mnt/var/www/vhosts and so on.. I am at a loss, why is the machine booting to this craziness?All of my data, that I know of can be accessed when md2 is mounted to /mnt[root@ESS000272 etc]# cat mdadm.conf
# mdadm.conf written out by anaconda
DEVICE partitions
MAILADDR root
[code]....