680 questions
0
votes
0
answers
38
views
SELINUX_ERR op=security_compute_sid invalid_context while running /etc/init.d script of my app [closed]
Doing this on a RHEL8.10 distro.
I've created a user with staff_u role:
# useradd -Z staff_u testadm
And provided this user elevated permissions, for which did following steps:
created mysudoers file:...
-1
votes
1
answer
25
views
SELinux denial or bug
Suddenly my app is stuck on splash screen. When I check the logcat the only error that I can see occasionally popping up is this one:
type=1400 audit(1744883766.100:2162): avc: denied { ioctl } for ...
- 19
0
votes
0
answers
50
views
SE custom rules in AOSP
I am a junior AOSP developer, I have myservice application with type of coredomain,
type myservice, domain, coredomain, mlstrustedsubject;
I need to open functionfs objects, but adding
allow myservice ...
- 270
0
votes
1
answer
91
views
kolla-ansible bootstrapping error: "module 'selinux' has no attribute 'selinux_getpolicytype'"
I am trying to do a multinode deployment of kolla-ansible on two of my DL360p's. Everything seems setup well, but when I run the bootstrap I get the following
The full traceback is:
Traceback (most ...
- 53
0
votes
0
answers
18
views
Not able to execute system command from java code if selinux is enabled in enforcing mode
I have enabled selinux on oracle linux 8.9 system. enitre system is stable and has appropriate contexts for all files and processes but in few scenarios wherever my java code has some system level ...
- 1
0
votes
0
answers
59
views
How to get Promtail to read audit.log on Fedora workstation 41 with SELinux enabled?
I've been trying to get Promtail, running in a container using podman, to read my audit log files so that I can forward them to Loki and visualize it in Grafana. The issue I am stuck with, is that ...
- 207
0
votes
1
answer
110
views
Ansible module selinux implementation
I need to know the underlaying commands executed when using selinux module in Ansible, because the Ansible is using an service account to login to the servers with an SSH key, and then that svc ...
0
votes
0
answers
82
views
Issue with TigerVNC for Yocto-Based Linux with SELinux: PAM and SELinux Context Errors
I am running TigerVNC version 1.14.1 on a Yocto-based Linux system with SELinux enabled. The issue I’m facing is related to starting the VNC server service when SELinux policies are in place. Below is ...
- 29
1
vote
0
answers
64
views
Selinux module to open fm radio application access to /dev/fm
I am new in magisk and selinux. Please help me write module,which allow to decompiled fm radio app get access to /dev/fm. I dont want to use setenforce 0,because my device will become more ...
1
vote
1
answer
67
views
PhpWord Samples Manual Install
The documentation for Manual Install is out of date. I tried to manually write an Autoloader class and maybe it worked? but the only output I get in Sample-01.php is 02:56:03 Create new PhpWord object
...
- 31
1
vote
1
answer
101
views
Permission denied when writing file in volume mounted in Docker
I want to a accomplish a relatively simple task, which is to be able to read and write from a samba share that is attached to docker. I have several services sharing the same volume, they are mostly ...
- 116
2
votes
0
answers
90
views
How to find out what are all the never allow rules in Selinux policy for a specific Android version?
I want to Extract selinux never allow rules from aosp and compare it with the never allow rules I have in my customized device.
I have tried using sesearch tool for extracting never allow rules from ...
- 382
0
votes
1
answer
37
views
Allowing httpd to view process state by pid of processes started by the same user
I am currently trying to allow a PHP application to manage background jobs - however this seems to be more difficult under selinux as it seems that the php process cannot access /proc/{pid} of other ...
- 16
2
votes
0
answers
117
views
How can I set up containers in a kubernetes pod to not need any SELinux-relabelling of a shared volume?
I have a kubernetes pod with two containers, one of which is a sidecar container and is priveleged, the other of which is not priveleged. The sidecar container mounts a FUSE filesystem within a shared ...
- 6,787
1
vote
2
answers
252
views
service in init.target.rc is never called within AOSP . Is this a SELINUX problem?
Below is the service that I would like to call on init.target.rc in AOSP for sdm710 product.
service dispBridge /system/bin/test.sh
seclabel u:r:init:s0
user root
group root
oneshot
...
- 41