![]() ![]() Type=AVC msg=audit(1386303365.247:350): avc: denied for pid=21576 comm="beam.smp" dest=5269 scontext=system_u:system_r:rabbitmq_beam_t:s0 tcontext=system_u:object_r:jabber_interserver_port_t:s0 tclass=tcp_socket Source Path /usr/lib64/erlang/erts-5.9.3.1/bin/beam.smp Target Context system_u:object_r:jabber_interserver_port_t:s0 Source Context system_u:system_r:rabbitmq_beam_t:s0 Heute Nacht sind auf dem Installationsserver installc1.rz.RWTH-Aachen.DE folgende Updates eingetroffen: /export/fedora/updates/fedora-11/SRPMS/. # grep beam.smp /var/log/audit/audit.log | audit2allow -M mypol If you believe that beam.smp should be allowed name_connect access on the tcp_socket by default. SELinux is preventing /usr/lib64/erlang/erts-5.9.3.1/bin/beam.smp from name_connect access on the tcp_socket. Xmpp-server 5269/tcp # XMPP Server Connection Only selected processes are protected.SELinux is preventing ejabberd (/usr/lib64/erlang/erts-5.9.3.1/bin/beam.smp) from name_connect access on the 5269/tcp (tcp_socket) This recipe should be 1st on a Fedora runlist. This is necessary on chef-client < 12.18. yumglobalconfig can take most of the same parameters as a yumrepository, plus more, too numerous to describe here.Below are a few of the more commonly used ones. default - Configures yumglobalconfig /etc/yum.conf with values found in node attributes at node yum main dnfyumcompat - Installs the yum package using dnf on Fedora systems to provide support for the package resource in recipes. ![]() ![]() # minimum - Modification of targeted policy. Code: Select all ls filter. yum Cookbook (3.3.0) centos, fedora, redhat, scientific, amazon. # targeted - Targeted processes are protected, # SELINUXTYPE= can take one of these two values: All Fedora Documentation content available under CC BY-SA 4.0 or, when specifically noted, under another accepted free and open content license. # disabled - No SELinux policy is loaded. # permissive - SELinux prints warnings instead of enforcing. My system appears to be running fine, so I'm not too worried. Entering the commands suggested by the troubleshooting option ('generate a local policy module to allow this access') hasn't stopped the alerts. Februat 8:40 pm It’s possible that you are only capturing part of the process, such as a stat () before unlink (), so it still fails. # enforcing - SELinux security policy is enforced. After upgrading to Fedora 26, I've been getting the following two SELinux alerts every time I boot. # SELINUX= can take one of these three values: # This file controls the state of SELinux on the system. To date, this has worked like a champ, with always using selinux=0 in the kickstarts and ensuring that /etc/sysconfig/selinux contains: SELINUX=disabledīut as of today, I have one Fedora 17 workstation that is properly set up, yet following many reboots, it always comes up in enforcing mode: # cat /etc/sysconfig/selinux I have some systems where, for various reasons, we want to completely disable selinux. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |