Kangry.com [insert cool graphic here]
home | Topics | Logout | Search | Contact | ?? Kangry ?? | Bandwitdh
Topics:
DVR
nvrec
Mplayer
Links
Misc
Commands
Humor

Name

Password

New user

uploaded files
(misc)-> (Parent)->(no title provided) submited by Anonymous Sat 01 Feb 14
Edited Wed 12 Feb 14
Web kangry.com
The program say's exactly what the problem is:

"Could not chdir to home directory /home/russell: Permission denied"

It cannot traverse /home/russell

I actually like the transparent by default aspect of SELinux (which is just the same as with traditional Linux security) but programs can be made SELinux aware if they use libselinux functions.

The security policy is customizable so you can't (should not) hard-code based on assumptions,

Anyhow, The issue is pretty straight forward. SELinux stores security meta-data on file systems that support security extended attributes. You created a new file system that did not have security meta-data associated with it yet.

The "file_t" SELinux type, is a type that is associated with a "initial security identifier" called file which is used by SELinux for fail over.

Initial security identifiers are hard-coded in SELinux, customizable security identifiers like SELinux types can be associated with these "isids".

The file_t type was replaced by the unlabeled_t type recently to make things a bit simpler. If you see unlabeled_t type associated with content then you know that either the content has not security meta-data or that one or more security identifiers in the contents security content is invalid.

So if you see content with the "file_t" type then you know that the content has no security meta-data associated with it yet.

To associate the security-metadata to the content simply rum restorecon -R -v -F on the content (example: restorecon -R -v -F /home)

FTP serving user home content can be allowed conditionally with the boolean mentioned above: "ftp_home_dir". This is made conditional because often you do not want FTP to be able to read user home content.



Add comment or question...:
Subject:
Submited by: NOT email address. Leave blank for anonymous    (Spam Policy)

Enter Text: (text must match image for posting)




This file (the script that presented the data, not the data itself) , last modified Wednesday 03rd of December 2014 09:40:39 AM
your client: CCBot/2.0 (http://commoncrawl.org/faq/)
current time: Thursday 22nd of June 2017 06:25:20 PM