On 04/16/2010 01:51 AM, Paul Ward wrote: > I have run the command as follows but I am still getting the permission issues. > > Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied > > # restorecon -v /home/work/exports > restorecon reset context /home/work/exports:->system_u:object_r:user_home_t Without the -R switch only the directory itself will be labeled. I'm pretty sure you want to run restorecon as suggested by dwalsh. What does 'ausearch -m -ts recent' tell? You can pipe the output to audit2why or audit2allow like: ausearch -m avc -ts recent | audit2why ausearch -m avc -ts recent | audit2allow -M mysnmp The latter will generate a loadable module. There is some documentation at [1] about creating and loading your own modules. [1] http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html > ls -lZd /home/work/exports > > drwxrwxr-x oracle dba system_u:object_r:user_home_t > /home/work/exports > > Whats next? > Do I need to restart something? > > > > > On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >> On 04/16/2010 12:33 AM, Paul Ward wrote: >>>> What does 'rpm -qv selinux-policy-targeted' say? >>>> What are the settings in /etc/selinux/config? >>> >>> My server shows the following selinux packages. >>> >>> selinux-policy-targeted-1.17.30-2.152.el4 >>> selinux-policy-targeted-sources-1.17.30-2.152.el4 >>> >>> I have run: >>> snmpwalk -v 2c -c public .iso >>> cd /etc/selinux/targeted/src/policy >>> audit2allow -d -l -o domains/misc/local.te >>> make load >>> >>> Until no more errors were found, this fixed theoriginal errors from >>> selinux, but not the permissions. >>> >>>> Try running restorecon -R -v /home >>> >>> If I run >>> >>> restorecon -R -v /home >>> >>> Would this affect a production servers running or should I do this in >>> a mainaintance window? >> >> Well, you can try to run it with the -n switch first to show you what >> would happen. According to the man page: "It can be run at any time to >> correct errors..." >> >>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >>>> On 04/15/2010 06:49 AM, Paul Ward wrote: >>>>> Hi all, >>>>> >>>>> I am sure this comes up a lot but have spent hours trying to find th >>>>> eanswers with no success apart from disabling selinux which I don't >>>>> want to do. >>>>> >>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied >>>>> >>>>> The following filesystems are mounted with same issue. >>>>> >>>>> /dev/sda7 3.9G 427M 3.3G 12% /home/appl >>>>> /dev/sda6 4.0G 2.7G 1.2G 71% /home/users >>>>> /dev/sda8 3.9G 2.5G 1.2G 68% /home/work >>>>> >>>>> ls -ldZ /home/appl/ >>>>> drwxr-xr-x root root /home/appl/ >>>> >>>> This shows that the directory has not been labeled, yet. >>>> >>>>> /usr/sbin/sestatus >>>>> SELinux status: enabled >>>>> SELinuxfs mount: /selinux >>>>> Current mode: enforcing >>>>> >>>> >>>> Could it be that you don't have any policy package installed? >>>> >>>> What does 'rpm -qv selinux-policy-targeted' say? >>>> What are the settings in /etc/selinux/config? >>>> >>>>> What do I need to do to fix this chcon? If so what is the full comman >>>>> / context to enter? >>>>> >>>>> Thanks >>>>> -- >>>>> selinux mailing list >>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> >>>> >>> -- >>> selinux mailing list >>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
