I have just run the command with : restorecon -R -v /home/work/exports I am still getting errors though. Apr 16 12:24:28 sargas snmpd[23987]: /home/users: Permission denied Apr 16 12:24:28 sargas snmpd[23987]: /home/work: Permission denied Apr 16 12:24:28 sargas snmpd[23987]: /home/work/exports: Permission denied On 16 April 2010 12:11, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: > On 04/16/2010 01:51 AM, Paul Ward wrote: >> I have run the command as follows but I am still getting the permission issues. >> >> Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied >> >> # restorecon -v /home/work/exports >> restorecon reset context /home/work/exports:->system_u:object_r:user_home_t > > Without the -R switch only the directory itself will be labeled. I'm > pretty sure you want to run restorecon as suggested by dwalsh. > > What does 'ausearch -m -ts recent' tell? You can pipe the output to > audit2why or audit2allow like: > > ausearch -m avc -ts recent | audit2why > ausearch -m avc -ts recent | audit2allow -M mysnmp > > The latter will generate a loadable module. There is some documentation > at [1] about creating and loading your own modules. > > [1] > http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html > >> ls -lZd /home/work/exports >> >> drwxrwxr-x oracle dba system_u:object_r:user_home_t >> /home/work/exports >> >> Whats next? >> Do I need to restart something? >> >> >> >> >> On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >>> On 04/16/2010 12:33 AM, Paul Ward wrote: >>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>> What are the settings in /etc/selinux/config? >>>> >>>> My server shows the following selinux packages. >>>> >>>> selinux-policy-targeted-1.17.30-2.152.el4 >>>> selinux-policy-targeted-sources-1.17.30-2.152.el4 >>>> >>>> I have run: >>>> snmpwalk -v 2c -c public .iso >>>> cd /etc/selinux/targeted/src/policy >>>> audit2allow -d -l -o domains/misc/local.te >>>> make load >>>> >>>> Until no more errors were found, this fixed theoriginal errors from >>>> selinux, but not the permissions. >>>> >>>>> Try running restorecon -R -v /home >>>> >>>> If I run >>>> >>>> restorecon -R -v /home >>>> >>>> Would this affect a production servers running or should I do this in >>>> a mainaintance window? >>> >>> Well, you can try to run it with the -n switch first to show you what >>> would happen. According to the man page: "It can be run at any time to >>> correct errors..." >>> >>>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >>>>> On 04/15/2010 06:49 AM, Paul Ward wrote: >>>>>> Hi all, >>>>>> >>>>>> I am sure this comes up a lot but have spent hours trying to find th >>>>>> eanswers with no success apart from disabling selinux which I don't >>>>>> want to do. >>>>>> >>>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied >>>>>> >>>>>> The following filesystems are mounted with same issue. >>>>>> >>>>>> /dev/sda7 3.9G 427M 3.3G 12% /home/appl >>>>>> /dev/sda6 4.0G 2.7G 1.2G 71% /home/users >>>>>> /dev/sda8 3.9G 2.5G 1.2G 68% /home/work >>>>>> >>>>>> ls -ldZ /home/appl/ >>>>>> drwxr-xr-x root root /home/appl/ >>>>> >>>>> This shows that the directory has not been labeled, yet. >>>>> >>>>>> /usr/sbin/sestatus >>>>>> SELinux status: enabled >>>>>> SELinuxfs mount: /selinux >>>>>> Current mode: enforcing >>>>>> >>>>> >>>>> Could it be that you don't have any policy package installed? >>>>> >>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>> What are the settings in /etc/selinux/config? >>>>> >>>>>> What do I need to do to fix this chcon? If so what is the full comman >>>>>> / context to enter? >>>>>> >>>>>> Thanks >>>>>> -- >>>>>> selinux mailing list >>>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>>> >>>>> >>>> -- >>>> selinux mailing list >>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>> >>> > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
