I should add ausearch found nothing. ausearch -m avc -ts recent <no matches> On 16 April 2010 12:25, Paul Ward <pnward@xxxxxxxxxxxxxx> wrote: > I have just run the command with : restorecon -R -v /home/work/exports > > I am still getting errors though. > > Apr 16 12:24:28 sargas snmpd[23987]: /home/users: Permission denied > Apr 16 12:24:28 sargas snmpd[23987]: /home/work: Permission denied > Apr 16 12:24:28 sargas snmpd[23987]: /home/work/exports: Permission denied > > > > > On 16 April 2010 12:11, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >> On 04/16/2010 01:51 AM, Paul Ward wrote: >>> I have run the command as follows but I am still getting the permission issues. >>> >>> Apr 16 11:48:13 sargas snmpd[23987]: /home/work/exports: Permission denied >>> >>> # restorecon -v /home/work/exports >>> restorecon reset context /home/work/exports:->system_u:object_r:user_home_t >> >> Without the -R switch only the directory itself will be labeled. I'm >> pretty sure you want to run restorecon as suggested by dwalsh. >> >> What does 'ausearch -m -ts recent' tell? You can pipe the output to >> audit2why or audit2allow like: >> >> ausearch -m avc -ts recent | audit2why >> ausearch -m avc -ts recent | audit2allow -M mysnmp >> >> The latter will generate a loadable module. There is some documentation >> at [1] about creating and loading your own modules. >> >> [1] >> http://docs.fedoraproject.org/selinux-user-guide/f12/en-US/sect-Security-Enhanced_Linux-Fixing_Problems-Allowing_Access_audit2allow.html >> >>> ls -lZd /home/work/exports >>> >>> drwxrwxr-x oracle dba system_u:object_r:user_home_t >>> /home/work/exports >>> >>> Whats next? >>> Do I need to restart something? >>> >>> >>> >>> >>> On 16 April 2010 11:11, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >>>> On 04/16/2010 12:33 AM, Paul Ward wrote: >>>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>>> What are the settings in /etc/selinux/config? >>>>> >>>>> My server shows the following selinux packages. >>>>> >>>>> selinux-policy-targeted-1.17.30-2.152.el4 >>>>> selinux-policy-targeted-sources-1.17.30-2.152.el4 >>>>> >>>>> I have run: >>>>> snmpwalk -v 2c -c public .iso >>>>> cd /etc/selinux/targeted/src/policy >>>>> audit2allow -d -l -o domains/misc/local.te >>>>> make load >>>>> >>>>> Until no more errors were found, this fixed theoriginal errors from >>>>> selinux, but not the permissions. >>>>> >>>>>> Try running restorecon -R -v /home >>>>> >>>>> If I run >>>>> >>>>> restorecon -R -v /home >>>>> >>>>> Would this affect a production servers running or should I do this in >>>>> a mainaintance window? >>>> >>>> Well, you can try to run it with the -n switch first to show you what >>>> would happen. According to the man page: "It can be run at any time to >>>> correct errors..." >>>> >>>>> On 15 April 2010 19:05, Sandro Janke <gui1ty_fedora@xxxxxxxxxxxxx> wrote: >>>>>> On 04/15/2010 06:49 AM, Paul Ward wrote: >>>>>>> Hi all, >>>>>>> >>>>>>> I am sure this comes up a lot but have spent hours trying to find th >>>>>>> eanswers with no success apart from disabling selinux which I don't >>>>>>> want to do. >>>>>>> >>>>>>> Apr 15 16:48:26 sargas snmpd[23987]: /home/appl: Permission denied >>>>>>> >>>>>>> The following filesystems are mounted with same issue. >>>>>>> >>>>>>> /dev/sda7 3.9G 427M 3.3G 12% /home/appl >>>>>>> /dev/sda6 4.0G 2.7G 1.2G 71% /home/users >>>>>>> /dev/sda8 3.9G 2.5G 1.2G 68% /home/work >>>>>>> >>>>>>> ls -ldZ /home/appl/ >>>>>>> drwxr-xr-x root root /home/appl/ >>>>>> >>>>>> This shows that the directory has not been labeled, yet. >>>>>> >>>>>>> /usr/sbin/sestatus >>>>>>> SELinux status: enabled >>>>>>> SELinuxfs mount: /selinux >>>>>>> Current mode: enforcing >>>>>>> >>>>>> >>>>>> Could it be that you don't have any policy package installed? >>>>>> >>>>>> What does 'rpm -qv selinux-policy-targeted' say? >>>>>> What are the settings in /etc/selinux/config? >>>>>> >>>>>>> What do I need to do to fix this chcon? If so what is the full comman >>>>>>> / context to enter? >>>>>>> >>>>>>> Thanks >>>>>>> -- >>>>>>> selinux mailing list >>>>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>>>> >>>>>> >>>>> -- >>>>> selinux mailing list >>>>> selinux@xxxxxxxxxxxxxxxxxxxxxxx >>>>> https://admin.fedoraproject.org/mailman/listinfo/selinux >>>> >>>> >> > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
