?
?
LiveJournal
  • Find more
    • Your 2020 in LJ
    • Communities
    • RSS Reader
  • Shop
  • Help
  • Login
  • Join free Join
  • English (en)
    • English (en)
    • Русский (ru)
    • Українська (uk)
    • Français (fr)
    • Português (pt)
    • español (es)
    • Deutsch (de)
    • Italiano (it)
    • Беларуская (be)
danwalsh —
Subscribe
LiveJournal

Log in

No account? Create an account
Forgot password
Facebook Twitter Google RAMBLER&Co ID

By logging in to LiveJournal using a third-party service you accept LiveJournal's User agreement

No account? Create an account

Dan Walsh's Blog

Got SELinux?

  • Recent Entries
  • Friends
  • Profile
  • Archive
  • Tags
  • Categories
  • Memories
  • My Website
← →
5th
  • 08:20 am Adding a new filename transition rule.
8th
  • 09:35 am Its a good thing SELinux blocks access to the docker socket. - 2 comments
Collapse

Calendar

May 2019
S M T W T F S
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  

Tags

  • i
  • m
  • selinux security flatpak containers chro

Comments

  • danwalsh
    14 Feb 2020, 13:13
    Understanding SELinux Roles
    The first one should be allowed, No idea why it is blocked. In Fedora 31 it is allowed. Are you doing this on a RHEL7/Centos7 box?

    #!!!! This avc is allowed in the current policy
    allow sshd_t…
  • rahool_shelke
    10 Feb 2020, 17:43
    Understanding SELinux Roles
    Hi Dan,

    Hru? Hope, you are doing great.

    I'm doing SFTP from client to server which has sftp server installed as part of our product deployment which is running into "unconfined_t" (file &…
  • danwalsh
    4 Sep 2019, 13:31
    unlabeled_t type
    If a file system does not support xattr labels, then you need to mount the entire file system with a single label. If UBIFS supports xattr labels, then it could be an issue with selinux policy, and…
  • danwalsh
    4 Sep 2019, 13:29
    Boolean: virt_use_execmem What? Why? Why not Default?
    What AVC's are you seeing? Please open a bugzilla. The blog is not a good site to diagnose bugs.
  • youwen91
    3 Sep 2019, 10:55
    unlabeled_t type
    Hi Dan,

    My root is a UBIFS, and booted up with "system_u:object_r:unlabeled_t" label. Restorecon does nothing, and chcon says "operation not supported". In fact I am using "chcon `matchpathcon -n…

Search