Re: [CentOS] CentOS 7, selinux issue

2016-04-06 Thread Daniel J Walsh
Can you attach one of the AVC's. Mos likely ssh-x509-auth needs to be labeled sshd_key_t or ssh_home_t On 04/06/2016 02:54 PM, m.r...@5-cent.us wrote: I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /va

[CentOS] CentOS 7, selinux issue

2016-04-06 Thread m . roth
I'm seeing a lot of noise in the logs, to the effect of: setroubleshoot: SELinux is preventing /bin/ksh93 from write access on the directory /var/lib/ssh-x509-auth as well as others related to find, cat, etc on .pem's in that directory. Is this a policy bug, or just no policy covering this?

Re: [CentOS] CentOS 7 SELinux issue

2016-02-25 Thread Steve Snyder
On 02/25/2016 07:23 AM, Brandon Vincent wrote: On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox wrote: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux disabled and something tries to install or reload policy: semo

Re: [CentOS] CentOS 7 SELinux issue

2016-02-25 Thread Brandon Vincent
On Thu, Feb 25, 2016 at 12:34 AM, Frank Cox wrote: > Turns out you get the "Could not downgrade policy file > /etc/selinux/targeted/policy/policy.24" error if you're running with SELinux > disabled and something tries to install or reload policy: semodule -vR does > it. This is why if anyone i

Re: [CentOS] CentOS 7 SELinux issue

2016-02-24 Thread Alice Wonder
On 02/24/2016 11:34 PM, Frank Cox wrote: On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote: I don't ordinarily run SELinux and do not have it enabled. https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html QUOTE: Turns out you get the "Could not downgrade policy file /et

Re: [CentOS] CentOS 7 SELinux issue

2016-02-24 Thread Frank Cox
On Wed, 24 Feb 2016 23:28:33 -0800 Alice Wonder wrote: > I don't ordinarily run SELinux and do not have it enabled. https://lists.fedoraproject.org/pipermail/selinux/2012-May/014626.html QUOTE: Turns out you get the "Could not downgrade policy file /etc/selinux/targeted/policy/policy.24" error

[CentOS] CentOS 7 SELinux issue

2016-02-24 Thread Alice Wonder
Trying to add SELinux support to my bitcoin package. Keep getting this on install: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or