General :: Error: Security Context Requested, Bu No Selinux Support! Aborting
Apr 19, 2010
I try to install IPsec-Tools on Slackware 13, but I get an configure error: configure: error: Security Context requested, bu no selinux support! Aborting. I'm linux newbie and I'm following a slackware-basics tutorial, I did as in the tutorial, but the configure stops and aborts:
[Code]...
What can I do? How can I enable/install selinux support? I guess it's related with AH and ESP protocols, which in my kernel are defined as modules (m). If so, how can I enable them?
I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:
SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.
How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
SELinux is preventing /usr/sbin/httpd from using potentially mislabeled filesjk-runtime-status. SELinux has denied the httpd access to potentially mislabeled filesjk-runtime-status. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, httpd_tmp_t,
I know how to change the owner of a file and the permissions but what does it mean to change the file context?
I accidently reset the SELINUX context on the /var folder from "var_t" to user data. Now I cant go back and set it to "var_t" and i cant access my website anymore
Since upgrading to Lucid, I am getting the following dialog warning on login: 'Could not apply the stored configuration for monitors X Server does not support size requested' Im using the current proprietary NVIDIA graphics driver with dual heads. My display is fine, but the warning every time I login is annoying. After googling around I found this thread: [URL]. I tried going to Monitor Preferences as suggested. My resolution as displayed in the default tool is set to 3840 x 1200, which I suspect is the issue forcing the dialog, but I cant change the resolution, refresh rate or rotation from the Monitor Preference dialog box. dino99's response (in the referenced post) about xorg.conf not being needed anymore seems relevant. How can I resolve this issue and get rid of this annoying warning? Is there a configuration that I can update with a supported resolution to placate lucid?
I'm working with Fedora and SELinux and am having a problem. I need to allow apache's http daemon to use arp (for getting some mac addresses). I have changed the type of the arp executable to httpd_sys_context_t but am still having an issue. Here is the messages log: Detailed Description:
I am developing palm in my ubuntu 10.04 . unfortunately i have install a empty palm file. now i can not remove it or remove the virtual box. because it gives this error
I was setting up a Samba server and I ran into some problems with SELinux related to the context of the home directories. I made a user account, say "UserAccount", with a default home directory "home/UserAccount". Afterwards I realized that I needed to move the home directory of this particular user to another location, say "/home2/UserAccount". So I created the new directory, changed the permissions, and used Gnome's system-config-user to change the user's home directory.
I then set-up the Samba server, activated samba_run_unconfined and samba_enable_home_dirs in SELinux, and made an account for UserAccount. When testing the Samba account for UserAccount SELinux denied read access. I checked the context and the new home directory did not appeared to have been updated. I had to manually run:
restorecon -R -v /home2/UserAccount
to set the context on the new home directory. I'm not very familiar with SELinux, so my question is this: is this normal security policy or is a bug in the system-config-user tool? If it's normal policy can someone explain why? I'm always ready to learn Distro: Fedora 12 (kernel: 2.6.31.5-127.fc12.i686) System: Dual Intel Xeon @ 3.2 GHz, 1 GB RAM
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
i used my windows box to connect to ftp(fed box) and i keep getting an error saying "The requested name is valid, but no data of the requested type was found." does anyone know why i cant connect?
executes the following line: /usr/bin/chcon -t public_content_rw_t $HOMEDIR/$USERNAME
which returns the error: /usr/bin/chcon: couldn't compute security context from unlabeled
Login attempts are unsuccessful on the given username.I followed the instructions on that page verbatim.I can't find anything useful on that error anywhere - even outside of vsftpd context.This is a new CentOS 5.5 server - updated everything with yum.VSFTP worked fine on the last server, which was a CentOS 5.x.
i did compiled and installed kernel 3.0.0 on ubuntu 10.04 lucid lynx. well everything is fine except, a error message shown during the booting. Code: error: driver mdio-gpio already registered aborting how can i solve this error?
i have ubuntu karmic 9.10 and when i try to update anything or install anything the a very similar error occurs."(Reading database . . . 55%dpkg: unrecoverable fatal error , aborting: files list file for package `com.palm.net.precoddr.fcoaster' contains empty filenameit repeats this message 3 times then gives up i believe.
this is the allert i got:Code:Summary:Your system may be seriously compromised! /usr/sbin/NetworkManager tried to loada kernel module.Detailed Description:SELinux has prevented NetworkManager from loading a kernel module. All confinedprograms that need to load kernel modules should have already had policy writtenfor them. If a compromised application tries to modify the kernel this AVC willbe generated. This is a serious issue.Your system may very well be compromised.Allowing Access:Contact your security administrator and report this issue.Additional Information:
I recently installed Lenny 5.0.3 i386 onto an old HP XE783 box. I've got a couple of errors that pop up on boot, and I'm not sure how to troubleshoot them. A couple of the lines from /var/dmesg that strike me:weird, boot CPU (#0) not listedby the BIOS. ACPI Error (dsopcode-0595): Field [ALB2] at 120 exceeds Buffer [CRSA] size 104 (bits) [20080321] {along with two other ACPI Errors (psparse-0530): Method parse/execution failed; and (uteval-0233): Method execution failed.}.Error: Driver 'pcspkr' is already registered, aborting.
The most annoying thing (I think) has to do with the ACPI errors: the box won't power down after issuing a shutdown command; it bumps into single user mode then prompts for the root PW.
I am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
Lucid Lynx clean install.I do not seem to get the login screen from powerdown now. I do after logging off and logging back in again.From switched off, I get taken to my desktop and it is only a little while later, usually when starting Thunderbird or FireFox that I get asked for my password with this massagePlease Unlock The Login KeyringThe Login Keyring Did Not Get Unlocked When You Logged On
After entering the gdm I'm being asked "Would you like to enter a Security Context [N]?" during login. I've had a look around online but can find nothing final about this.
I had Windows 7 and Windows XP. It was 3 partitions in one HD (two OS' and one for files) and another separate HD (which doesn't have any system, it's just media files and stuff). When booted, I used to get the Windows 7 screen, that allowed me to either boot 7 or XP. I thought I had tested 7 enough and wanted to try Ubuntu, so I (from the Ubuntu CD which I downloaded and burned) deleted the 7 partition and made a 2GB swap partition, and, what was left, an Ubuntu partition on which I installed it.
Now when I boot I get an Ubuntu boot screen that shows several Ubuntu options and a WinXP option. Ubuntu works fine, but if I choose WinXP, I get "Error 12: Invalid device requested". I didn't change anything more than what I said. The details for the WinXP boot option seem to be:
What can I do to be able to boot WinXP again? (and also Ubuntu, whenever I want to). The only thing I can think of is using Windows XP CD's restore thing to restore the boot menu, but that would stop me from using Ubuntu...
I installed squid on my centos and I tried to follow some guides but it still gives the same error
Quote: ERROR The requested URL could not be retrieved
While trying to retrieve the [URL]...The following error was encountered: Access Denied. Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.
[Code]...
ZON-BFC0 is the name presented in my wireless connection, plus the actual ip I'm using there is the ipv4 I found with a quick "ipconfig" search on DOS.
Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then
My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
I tried to log in to my xguest account and it asked for a password, which it shouldn't, so there's a problem with SELinux.When I type getenforce it says it is disabled, yet when I go to /etc/selinux and look at the config, it is in enforcing mode and not commented out, type is strict.When I go to the SELinux management GUI I can't change the current enforcing mode and it's set to disabled and default to enforcing.
having trouble understanding selinux. the domain is cluster containing permissions. a type is nothing more than a label applied to something like a file,right? so instead of applying the permission set of foo domain to the /etc/shadow file it would be apply label shadow_t to /etc/shadow and make the shadow_t apart of the foo domain?
We have installed RHEL 5.4 on our servers and everything is running fine. Now I have gone through various server hardening checklist and most of them suggest to enable SELinux. We have several services running on Linux box. Now my question is, do we have to make any chagnes to the existing configurations if we enable SELinux. Or we just enable SELinux and leave it as it is. Because I have had prior experiences where SElinux will stop many services and restrict access to many libraries when enabled.
When I turn on my SeLinux to enforcing mode on my Red Hat system ssh stops working and my http server stops responding.
I went into the SeLinux GUI and enabled things in there but still it wont work.
Any thoughts on what to check?
permissive mode and disabled they work
I read several articles that say it should not be affect by SeLinux and the setting look correct but the only thing I do is turn on SeLinux and ssh /httpd stop working
