This is using the CUbieTruck image.
When I did the yum update I saw:
[ 11.948082] SELinux: Class binder not defined in policy. [ 11.953578] SELinux: the above unknown classes and permissions will be allowed
Later, when I was setting up a policy for moving SSH port:
# semanage port -a -t ssh_port_t -p tcp 789 <- (not the real number)
I again saw:
[ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed
What is going on here? Is this something that should be 'fixed'?
Bob
On 12/26/2016 07:45 PM, Robert Moskowitz wrote:
This is using the CUbieTruck image.
When I did the yum update I saw:
[ 11.948082] SELinux: Class binder not defined in policy. [ 11.953578] SELinux: the above unknown classes and permissions will be allowed
Later, when I was setting up a policy for moving SSH port:
# semanage port -a -t ssh_port_t -p tcp 789 <- (not the real number)
I again saw:
[ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed
What is going on here? Is this something that should be 'fixed'?
And again when I set the policy for userdir:
# setsebool -P httpd_enable_homedirs on [ 8192.799162] SELinux: Class binder not defined in policy. [ 8192.804646] SELinux: the above unknown classes and permissions will be allowed
On 12/26/2016 09:23 PM, Robert Moskowitz wrote:
On 12/26/2016 07:45 PM, Robert Moskowitz wrote:
This is using the CUbieTruck image.
When I did the yum update I saw:
[ 11.948082] SELinux: Class binder not defined in policy. [ 11.953578] SELinux: the above unknown classes and permissions will be allowed
Later, when I was setting up a policy for moving SSH port:
# semanage port -a -t ssh_port_t -p tcp 789 <- (not the real number)
I again saw:
[ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed
What is going on here? Is this something that should be 'fixed'?
And again when I set the policy for userdir:
# setsebool -P httpd_enable_homedirs on [ 8192.799162] SELinux: Class binder not defined in policy. [ 8192.804646] SELinux: the above unknown classes and permissions will be allowed
Perhaps you have seen my posts on the main Centos list, as I thought I had a HTTPD setup problem. It may be a SELinux problem.
Basically all I am trying to do is set up a personal web server. Just some simple servername and admin settings and turning on user_dir. I can access files in the directories, but not produce a directory listing. Here is the access_log, error_log, and audit_log messages:
192.168.160.12 - - [28/Dec/2016:11:59:10 -0500] "GET /~rgm/family/ HTTP/1.1" 403 214 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Wed Dec 28 11:59:10.294915 2016] [autoindex:error] [pid 2141] (13)Permission denied: [client 192.168.160.12:56456] AH01275: Can't open directory for index: /home/rgm/public_html/family/
type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1482944350.289:339): arch=40000028 syscall=322 per=800000 success=no exit=-13 a0=ffffff9c a1=80657458 a2=a4800 a3=0 items=0 ppid=2135 pid=2141 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1482944350.289:339): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
I suspect that there is a problem here with SELinux.
Bob
On 12/28/2016 12:10 PM, Robert Moskowitz wrote:
On 12/26/2016 09:23 PM, Robert Moskowitz wrote:
On 12/26/2016 07:45 PM, Robert Moskowitz wrote:
This is using the CUbieTruck image.
When I did the yum update I saw:
[ 11.948082] SELinux: Class binder not defined in policy. [ 11.953578] SELinux: the above unknown classes and permissions will be allowed
Later, when I was setting up a policy for moving SSH port:
# semanage port -a -t ssh_port_t -p tcp 789 <- (not the real number)
I again saw:
[ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed
What is going on here? Is this something that should be 'fixed'?
And again when I set the policy for userdir:
# setsebool -P httpd_enable_homedirs on [ 8192.799162] SELinux: Class binder not defined in policy. [ 8192.804646] SELinux: the above unknown classes and permissions will be allowed
Perhaps you have seen my posts on the main Centos list, as I thought I had a HTTPD setup problem. It may be a SELinux problem.
Basically all I am trying to do is set up a personal web server. Just some simple servername and admin settings and turning on user_dir. I can access files in the directories, but not produce a directory listing. Here is the access_log, error_log, and audit_log messages:
192.168.160.12 - - [28/Dec/2016:11:59:10 -0500] "GET /~rgm/family/ HTTP/1.1" 403 214 "-" "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0"
[Wed Dec 28 11:59:10.294915 2016] [autoindex:error] [pid 2141] (13)Permission denied: [client 192.168.160.12:56456] AH01275: Can't open directory for index: /home/rgm/public_html/family/
type=AVC msg=audit(1482944350.289:339): avc: denied { read } for pid=2141 comm="httpd" name="family" dev="sda3" ino=262199 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:httpd_user_content_t:s0 tclass=dir permissive=0
type=SYSCALL msg=audit(1482944350.289:339): arch=40000028 syscall=322 per=800000 success=no exit=-13 a0=ffffff9c a1=80657458 a2=a4800 a3=0 items=0 ppid=2135 pid=2141 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="httpd" exe="/usr/sbin/httpd" subj=system_u:system_r:httpd_t:s0 key=(null)
type=PROCTITLE msg=audit(1482944350.289:339): proctitle=2F7573722F7362696E2F6874747064002D44464F524547524F554E44
I suspect that there is a problem here with SELinux.
Sure enough. running the command
setenforce 0
and now it all works right. But not really right as no selinux protection...
Bob
On 12/26/2016 07:45 PM, Robert Moskowitz wrote:
This is using the CUbieTruck image.
When I did the yum update I saw:
[ 11.948082] SELinux: Class binder not defined in policy. [ 11.953578] SELinux: the above unknown classes and permissions will be allowed
Later, when I was setting up a policy for moving SSH port:
# semanage port -a -t ssh_port_t -p tcp 789 <- (not the real number)
I again saw:
[ 2273.047017] SELinux: Class binder not defined in policy. [ 2273.052531] SELinux: the above unknown classes and permissions will be allowed
What is going on here? Is this something that should be 'fixed'?
On the centos list one commenter said:
I’m not sure but I think those two warnings mean that your kernel and selinux policy are out of sync.
-
Robert Moskowitz