selinux permissive

RHEL6.1 vsftpd SELinux configuration and enable local user upload Modify/etc/vsftpd. conf, set anonymous_enable = NO, local_enable = YES. In this way, we disable anonymity.User Access and allow local users to access www.2cto.com ============================ ========================================================== ================================ add users to the ftp group, and set linux permissions [root @ www ~] # Usermod-aG ftp alexscript [root @

Maxent is a library used by our system to extract keywords using the maximum entropy. When I checked the system log this morning, I found a SELinux alarm:Apr 3 04:57:49 nserver setroubleshoot: SELinux is preventing/usr/local/bin/python from loading/usr/local/lib/python2.5/Site-packages/maxent/_ cmaxent. so which requires text relocation. for complete SELinux mess

A case of selinux causing failureSuch an error is the first encounter, the troubleshooting process has no clue, has been tangled in the child Setpgid This place, fortunately in the Google process to see someone in the setting selinux when the relevant cases, so think of starting from this.Originally due to SELinux opened, but the more bizarre is from other termin

1. View the SELinux context[Email protected] ~]# Ls-lz[Email protected] ~]# ls-ldz/tmp/[[Email protected] ~]# PS AUXZ View the context of the process[[email protected] ~]# semanage Port--list View the context type of the port[[email protected] ~]# semanage fcontext--list View all directory contextsOpening and closing of 2.selinuxSetenforcing 1|0 SELinux temporarily turned on or offGetenforce View the status

There are three ways to set SELinux under Linux.First, in the graphical interface:Desktop--Manage security levels and firewalls, set to disable.Second, in the command mode:Modify the file:/etc/selinux/config, and then restart the system. Specific changesThird, run the command: Setup, go to "firewall Configuration", in the SELinux bar, select "Disable".Four, run t

A policy must contain declarations of all object classes and permissions supported by the SELinux kernel and other object managers. Generally speaking, as a strategy writer, we don't have to worry about creating new object classes. However, we need to understand the defined object class to write a more efficient SELinux strategy. It is useful to understand the object class and the permission declaration syn

To ensure that the other configuration is correct, can not upload, that is selinux restrictions; Solution steps: getsebool-a | grep ftp //list FTP related rules Boolean open state setsebool-p allow_ftpd_anon_write on //Allow anonymous user to write to ll-z/var/ftp/ // View the specific properties of the FTP folder, including the security context chcon-t public_content_rw_t/var/ftp/directory //Set

Original Address: http://www.ibm.com/developerworks/cn/linux/l-cn-selinux-services1/index.html?ca=drs-introductionSELinux's security measures are mainly focused on access control of various network services. For services like Apache, Samba, NFS, Vsftp, MySQL, Bind DNS, SELinux only opens the most basic operational requirements. As for connecting the external network, running scripts, accessing the user dire

SELinux (security-enhanced Linux) is a mandatory access control in Linux, which enhances system security, but can be a lot of trouble if set up poorly.To view the SELinux status:1,/usr/sbin/sestatus-vSELinux status:enabled2, GetenforceTo turn off SELinux:1. Temporary closure:Setenforce 0 offSetenforce 1 Open2. Modify the configuration file to restart the machine

SELinux (security-enhanced Linux) is a mandatory access control in Linux, which enhances system security, but can be a lot of trouble if set up poorly.To view the SELinux status:1,/usr/sbin/sestatus-vSELinux status:enabled2, GetenforceTo turn off SELinux:1. Temporary closure:Setenforce 0 offSetenforce 1 Open2, permanent modification, modify the configuration fil

KerberosAllow system to use KerberosSetsebool-p Allow_kerberos 1Setsebool-p Krb5kdc_disable_trans 1Service KRB5KDC RestartSetsebool-p Kadmind_disable_trans 1Service Kadmind RestartFtpIf you share to an anonymous user, you need to turn on the following chcon-r-t public_content_t/var/ftpFTP directory upload files, SELinux need to set chcon-t public_content_rw_t/var/ftp/incoming Allow anonymous user write permissions setsebool-p allow_ftpd_anon_

Boot Setup networking vim/etc/sysconfig/network-scripts/ifcfg-eth0 Onboot=yes First command executed yum-y install gcc gcc-c++ automake pcre pcre-devel zlib zlib-devel open openssl-devel wget vim Modify the/etc/selinux/config file to change the selinux=enforcing to selinux=disabled restart the machine 1) Permanent, no recovery after restart: Chkconfig iptable

Taking ADB remount as an exampleRun the command first:ADB remountAnd thenADB Shell Dmesg-c | grep AVCremount } for pid=5684 comm= "adbd" scontext=u:r:adbd:s0 tcontext=u:object_r:labeledfs: S0 tclass= FileSystem Permissive=0From the log, we find that the type is Labeledfs and the permissions are missing remountSo to configure in the policyAllow ADBD Labeledfs:filesystem remount;Two other similar Copyright NOTICE: This article for Bo Master original ar

The DocumentRoot is located under/var/www/html to access However, the DocumentRoot is located in a different directory (for example,/webroot) and forbidden is present. The relevant part of the./etc/httpd/conf/httpd.conf is this: Alias/query "/home/query" Options Indexes MultiViews AllowOverride None Order Allow,deny Allow from all However, when you enter: http://localhost/query/in the browser, the forbidden appears: Forbidden You don't have permission to access/query on this server. Additional

Symptom: SELinux configuration disabled after the boot card in the scroll bar failed to enter the systemWorkaround: Modify the SELinux configuration in single-user mode 单用户进入方式1）开机按 键盘 e 进入系统2）找到 linux16 开始，LANG=zh_CN.UTF-8结尾一行，尾部加 （ 空格 加上 selinux=0）3）然后 ctrl + x 启动，就看到熟悉的登录界面。修改正确

Fedora three ways to turn off/disable SELinuxSometimes we want to close selinux in fedora because sometimes it's legal and always pops up to block our operations. Here are three ways to turn selinux off/off.1. Choose to turn selinux on or off when installing Fedora. Of course, most of those who come here don't come here for this way.2. Temporarily close

1.Introduction to Selinux rules Selinux has many rules, and a simple rule has the following basic syntax: Rule name Source type target type : Object category permission ; Rule name :allow,dontaudit,auditallow and neverallow Source Type : The type of access granted, usually the domain type of the processTarget Type : The type of the object, the type that it is authorized to accessObject Category

Linux boot prompt kernel panic-not syncing:attempted to kill init! Workaround:When the system starts, press the ' E ' key to enter the grub editing interface, edit the Grub menu, select the "Kernel/vmlinuz-2.6.23.1-42.fc8 ro root=/dev/vogroup00/logvol00 rhgb quiet" column, Press ' E ' key to enter edit, add enforcing=0 at the end, i.e.:Kernel/vmlinuz-2.6.23.1-42.fc8 ro root=/dev/vogroup00/logvol00 rhgb quiet enforcing=0Press ' B ' key to continue booting, OK to go forward smoothly.It is also pos

Error content:TASK [ACTIVEMQ:JVM Configuration] **********************************************************Fatal: [172.16.1.10]: failed! = = {"Changed": false, "checksum": "9b18306fa15628e687c3a81332f9bmsg": "Aborting, Target uses selinux but Python Bindin GS (Libselinux-python) aren ' t installedWorkaround:Online says Yum install libselinux-python-y canTurn fromAnsible error aborting, Target uses selinux bu

Today's work encountered problems, the new Linux server, PHP, Apache and a series of extensions installed, in the local good program moved up to hold the database connection error, but with the SQL command can connect up,Make a simple Judgment database Connection page or not, prove not a program problem, but the PHP where the problem, on the Internet to check the majority of days some methods are not the case after the accident found SELinux this thin