▐Хw╘гМ ь 1 V8 gП hў |` (▌ ЩtоI#~m╜ь,к/╫.b6Щж▒▌XЛ6 S┬!P"Ng"N╢"G#]M#Oл#k√#Rg$q║$f,%VУ%Vъ%SA&jХ&B'TC'^Ш'┴ў't╣(?.)Zn)Y╔)О#*X▓, -.// E0 O1 ]2zi3╣ф3ЪЮ4ч953!6eU6_╗6e7fБ7ш7└8╕╞8├9ГC:\╟;b$<\З<+ф<c=7t=<м=:щ=$>4>4D>y>,Ф>┴>?▌>0?1N?]А?2▐?K@2]@]Р@cю@RA,bAПAdвANBVB_nB]╬BE,C-rCаC4╣C!юC'D$8D ]D_~DR▐DO1E9БE:╗EЎEЛFаFB╗FA■F^@GsЯGЦHЮкHьIJp6KДзM╣,N░цN╩ЧO(bP ЛQdЩS╦■TI╩UчW╜№W,║XчY.ш\Ё_@bжIdТЁfЛГkSmPcmy┤my.nGиn╨ЁnМ┴okNpR║pq q╨qкPrV√rSRs╗жsbbtT┼t┼u├рu╖дw?\xZЬxYўxОQyXр{9|J}]~ s }А ЛБЧВ╣ЫГЪUДчЁД3╪Еe Ж_rЖe╥Жf8ЗЯЗП╝З╕LЙ/Кы5М\!Пb~П\сП+>РcjРМ╬Р<[СлШСDDТ6ЙТ[└ТFУВcУ9цУН ФQоФhХЮiХhЦйqЦhЧДЧЛШОЩjЮЩ ЪЪ╜Ы3█ЫЬЭб#Ю^┼ЮQ$ЯЙvЯuаUvаА╠аlMб╝║баwвкгm├гЯ1дb╤д4еl8ж├еж┬iз└,и0эиЛкUR^YHM9iw6.?fAX\E=IDur4S5 JkeGgP'bVj0h] *Z1nOTqLQoWd") s;<$: pB 73`(,@2l+&v[-8cat!C#KN%mF_/> dac_override and dac_read_search capabilities usually indicates that the root process does not have access to a file based on the permission flags. This usually mean you have some file with the wrong ownership/permissions on it. SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Attempt restorecon -v '$TARGET_PATH' or chcon -t SIMILAR_TYPE '$TARGET_PATH' Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1" Changing the "$BOOLEAN" boolean to true will allow this access: "setsebool -P $BOOLEAN=1." Changing the "allow_ftpd_use_nfs" boolean to true will allow this access: "setsebool -P allow_ftpd_use_nfs=1." Changing the file_context to mnt_t will allow mount to mount the file system: "chcon -t mnt_t '$TARGET_PATH'." You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t " If you want $SOURCE to continue, you must turn on the $BOOLEAN boolean. Note: This boolean will affect all applications on the system. If you want httpd to send mail you need to turn on the $BOOLEAN boolean: "setsebool -P $BOOLEAN=1" If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # sandbox -X -t sandbox_net_t $SOURCE If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute "chcon -t bin_t $TARGET_PATH". If you want this to survive a relabel, you need to permanently change the file context: execute "semanage fcontext -a -t bin_t '$FIX_TARGET_PATH'". SELinux denied access requested by $SOURCE. It is not expected that this access is required by $SOURCE and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. SELinux denied access requested by the $SOURCE command. It looks like this is either a leaked descriptor or $SOURCE output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the $TARGET_PATH. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. SELinux denied access to $TARGET_PATH requested by $SOURCE. $TARGET_PATH has a context used for sharing by a different program. If you would like to share $TARGET_PATH from $SOURCE also, you need to change its file context to public_content_t. If you did not intend to allow this access, this could signal an intrusion attempt. SELinux denied cvs access to $TARGET_PATH. If this is a CVS repository it needs to have a file context label of cvs_data_t. If you did not intend to use $TARGET_PATH as a CVS repository it could indicate either a bug or it could signal an intrusion attempt. SELinux denied xen access to $TARGET_PATH. If this is a XEN image, it has to have a file context label of xen_image_t. The system is setup to label image files in directory /var/lib/xen/images correctly. We recommend that you copy your image file to /var/lib/xen/images. If you really want to have your xen image files in the current directory, you can relabel $TARGET_PATH to be xen_image_t using chcon. You also need to execute semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' to add this new path to the system defaults. If you did not intend to use $TARGET_PATH as a xen image it could indicate either a bug or an intrusion attempt. SELinux has denied the $SOURCE access to potentially mislabeled files $TARGET_PATH. This means that SELinux will not allow httpd to use these files. If httpd should be allowed this access to these files you should change the file context to one of the following types, %s. Many third party apps install html files in directories that SELinux policy cannot predict. These directories have to be labeled with a file context which httpd can access. SELinux has denied the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. Automounter can be setup to execute configuration files. If $TARGET_PATH is an automount executable configuration file it needs to have a file label of bin_t. If automounter is trying to execute something that it is not supposed to, this could indicate an intrusion attempt. SELinux has prevented vbetool from performing an unsafe memory operation. SELinux has prevented wine from performing an unsafe memory operation. SELinux is preventing $SOURCE_PATH "$ACCESS" access on $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" access to $TARGET_PATH. SELinux is preventing $SOURCE_PATH "$ACCESS" to $TARGET_PATH. SELinux is preventing $SOURCE_PATH access to a leaked $TARGET_PATH file descriptor. SELinux is preventing $SOURCE_PATH from binding to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from changing the access protection of memory on the heap. SELinux is preventing $SOURCE_PATH from connecting to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from creating a file with a context of $SOURCE_TYPE on a filesystem. SELinux is preventing $SOURCE_PATH from loading $TARGET_PATH which requires text relocation. SELinux is preventing $SOURCE_PATH from making the program stack executable. SELinux is preventing Samba ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux is preventing cvs ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH SELinux is preventing the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. SELinux is preventing the http daemon from sending mail. SELinux is preventing xen ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux policy is preventing an httpd script from writing to a public directory. SELinux policy is preventing an httpd script from writing to a public directory. If httpd is not setup to write to public directories, this could signal an intrusion attempt. SELinux prevented $SOURCE from mounting on the file or directory "$TARGET_PATH" (type "$TARGET_TYPE"). SELinux prevented httpd $ACCESS access to http files. SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS filesystem. SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem. The $SOURCE application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If $SOURCE does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Use a command like "cp -p" to preserve all permissions except SELinux context. You can alter the file context by executing chcon -R -t rsync_data_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -R -t samba_share_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t public_content_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t swapfile_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t virt_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t xen_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot" You can generate a local policy module to allow this access - see FAQ Please file a bug report. You can generate a local policy module to allow this access - see FAQ You can restore the default system context to this file by executing the restorecon command. restorecon '$TARGET_PATH', if this file is a directory, you can recursively restore using restorecon -R '$TARGET_PATH'. Your system may be seriously compromised! Your system may be seriously compromised! $SOURCE_PATH attempted to mmap low kernel memory. Your system may be seriously compromised! $SOURCE_PATH tried to load a kernel module. Your system may be seriously compromised! $SOURCE_PATH tried to modify SELinux enforcement. Your system may be seriously compromised! $SOURCE_PATH tried to modify kernel configuration. Disable IPV6 properly. Either remove the mozplluger package by executing 'yum remove mozplugger' Or turn off enforcement of SELinux over the Firefox plugins. setsebool -P unconfined_mozilla_plugin_transition 0 If you decide to continue to run the program in question you will need to allow this operation. This can be done on the command line by executing: # setsebool -P mmap_low_allowed 1 You tried to place a type on a %s that is not a file type. This is not allowed, you must assigne a file type. You can list all file types using the seinfo command. seinfo -afile_type -x Changing the "$BOOLEAN" and "$WRITE_BOOLEAN" booleans to true will allow this access: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". warning: setting the "$WRITE_BOOLEAN" boolean to true will allow the ftp daemon to write to all public content (files and directories with type public_content_t) in addition to writing to files and directories on CIFS filesystems. # semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage port -a -t %s -p %s $PORT_NUMBER# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s.A process might be attempting to hack into your system.Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf Contact your security administrator and report this issue.Restore ContextRestore ContextSELinux is preventing $SOURCE_PATH "$ACCESS" access.Turn off memory protectionYou can read '%s' man page for more details.You might have been hacked.You must tell SELinux about this by enabling the '%s' boolean. You need to change the label on $FIX_TARGET_PATHYou need to change the label on $TARGET_BASE_PATHYou need to change the label on $TARGET_BASE_PATH to public_content_t or public_content_rw_t.You need to change the label on $TARGET_BASE_PATH'You need to change the label on $TARGET_PATH to a type of a similar device.You need to change the label on '$FIX_TARGET_PATH'You should report this as a bug. You can generate a local policy module to allow this access.You should report this as a bug. You can generate a local policy module to dontaudit this access.execstack -c %sif you think that you might have been hackedsetsebool -P %s %sturn on full auditing to get path information about the offending file and generate the error again.use a command like "cp -p" to preserve all permissions except SELinux context.you can run restorecon.you may be under attack by a hacker, since confined applications should never need this access.you may be under attack by a hacker, since confined applications should not need this access.you may be under attack by a hacker, this is a very dangerous access.you must change the labeling on $TARGET_PATH.you must fix the labels.you must move the cert file to the ~/.cert directoryyou must pick a valid file label.you must remove the mozplugger package.you must setup SELinux to allow thisyou must tell SELinux about thisyou must tell SELinux about this by enabling the 'httpd_unified' and 'http_enable_cgi' booleansyou must tell SELinux about this by enabling the vbetool_mmap_zero_ignore boolean.you must tell SELinux about this by enabling the wine_mmap_zero_ignore boolean.you must turn off SELinux controls on the Chrome plugins.you must turn off SELinux controls on the Firefox plugins.you need to add labels to it.you need to change the label on $TARGET_PATH to public_content_rw_t, and potentially turn on the allow_httpd_sys_script_anon_write boolean.you need to fully relabel.you need to report a bug. This is a potentially dangerous access.you need to report a bug. This is a potentially dangerous access.you need to set /proc/sys/net/ipv6/conf/all/disable_ipv6 to 1 and do not blacklist the module'you need to use a different command. You are not allowed to preserve the SELinux context on the target file system.you should clear the execstack flag and see if $SOURCE_PATH works correctly. Report this as a bug on %s. You can clear the exestack flag by executing:Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: PO-Revision-Date: 2017-08-31 08:32-0400 Last-Translator: Copied by Zanata Language-Team: Hindi (http://www.transifex.com/projects/p/fedora/language/hi/) Language: hi MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=(n != 1); X-Generator: Zanata 4.6.2 dac_override and dac_read_search capabilities usually indicates that the root process does not have access to a file based on the permission flags. This usually mean you have some file with the wrong ownership/permissions on it. SELinux рдиреЗ $SOURCE рдХреЗ рджреНрд╡рд╛рд░рд╛ рдЖрдЧреНрд░рд╣рд┐рдд рдЕрднрд┐рдЧрдо рд░реЛрдХрд╛. рдпрд╣ рдкреНрд░рддреНрдпрд╛рд╢рд┐рдд рдирд╣реАрдВ рд╣реИ рдХрд┐ рдпрд╣ рдЕрднрд┐рдЧрдо $SOURCE рдХреЗ рд▓рд┐рдпреЗ рдЬрд░реВрд░реА рд╣реИ рдФрд░ рдпрд╣ рдЕрднрд┐рдЧрдо рдШреБрд╕рдкреИрда рдкреНрд░рдпрд╛рд╕ рдХрд╛ рд╕рдВрдХреЗрдд рджреЗ рд╕рдХрддрд╛ рд╣реИ. рдпрд╣ рднреА рд╕рдВрднрд╡ рд╣реИ рдХрд┐ рд╡рд┐рд╢реЗрд╖ рд╕рдВрд╕реНрдХрд▒рдг рдпрд╛ рд╡рд┐рдиреНрдпрд╛рд╕ рдЕрдиреБрдкреНрд░рдпреЛрдЧ рдХрд╛ рдЗрд╕реЗ рдЕрддрд┐рд░рд┐рдХреНрдд рдЕрднрд┐рдЧрдо рдХрд╛ рдХрд╛рд░рдг рдмрдирддрд╛ рд╣реИ. restorecon -v $TARGET_PATH рдпрд╛ chcon -t SIMILAR_TYPE '$TARGET_PATH' рдХреЗ рд▓рд┐рдпреЗ рдкреНрд░рдпрд╛рд╕ рдХрд┐рдпрд╛ "$BOOLEAN" рдмреБрд▓рд┐рдпрди рдХреЛ рд╕рд╣реА рдкрд░ рдмрджрд▓рдирд╛ рдЗрд╕ рдЕрднрд┐рдЧрдо рдХреЗ рд▓рд┐рдпреЗ рдЕрдиреБрдорддрд┐ рджреЗрдЧрд╛: "setsebool -P $BOOLEAN=1" "$BOOLEAN" рдмреБрд▓рд┐рдпрди рд╕рд╣реА рдореЗрдВ рдмрджрд▓рдирд╛ рдЗрд╕ рдЕрднрд┐рдЧрдо рдХреА рдЕрдиреБрдорддрд┐ рджреЗрддрд╛ рд╣реИ: "setsebool -P $BOOLEAN=1." "allow_ftpd_use_nfs" рдмреБрд▓рд┐рдпрди рд╕рд╣реА рдореЗрдВ рдмрджрд▓рдирд╛ рдЗрд╕ рдЕрднрд┐рдЧрдо рдХреЗ рд▓рд┐рдпреЗ рдЕрдиреБрдорддрд┐ рджреЗрдЧрд╛: "setsebool -P allow_ftpd_use_nfs=1." Changing the file_context to mnt_t will allow mount to mount the file system: "chcon -t mnt_t '$TARGET_PATH'." You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t mnt_t '$FIX_TARGET_PATH'" If httpd scripts should be allowed to write to public directories you need to turn on the $BOOLEAN boolean and change the file context of the public directory to public_content_rw_t. Read the httpd_selinux man page for further information: "setsebool -P $BOOLEAN=1; chcon -t public_content_rw_t " You must also change the default file context labeling files on the system in order to preserve public directory labeling even on a full relabel. "semanage fcontext -a -t public_content_rw_t " рдЕрдЧрд░ рдЖрдк $SOURCE рдЬрд╛рд░реА рд░рдЦрдирд╛ рдЪрд╛рд╣рддреЗ рд╣реИрдВ, рдЖрдкрдХреЛ $BOOLEAN рдмреБрд▓рд┐рдпрди рдХреЛ рдЬрд░реВрд░ рдЪрд╛рд▓реВ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдпреЗ. рдиреЛрдЯ: рдпрд╣ рдмреБрд▓рд┐рдпрди рд╕рд┐рд╕реНрдЯрдо рдкрд░ рд╕рд╛рд░реЗ рдЕрдиреБрдкреНрд░рдпреЛрдЧ рдХреЛ рдкреНрд░рднрд╛рд╡рд┐рдд рдХрд░реЗрдЧрд╛. рдЕрдЧрд░ рдЖрдк httpd рдХреЛ рдореЗрд▓ рднреЗрдЬрдирд╛ рдЪрд╛рд╣рддреЗ рд╣реИрдВ, рддреЛ рдЖрдкрдХреЛ рдЪрд╛рд▓реВ рдХрд░рдирд╛ рд╣реЛрдЧрд╛ $BOOLEAN boolean: "setsebool -P $BOOLEAN=1" If you want to allow $SOURCE to bind to port $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If this system is running as an NIS Client, turning on the allow_ypbind boolean may fix the problem. setsebool -P allow_ypbind=1. рдЕрдЧрд░ рдЖрдкрдХреЛ рдЗрд╕ $SOURCE рдХреЛ рдЗрд╕ $PORT_NUMBER рд╕реЗ рдЬреБрдбрд╝рдиреЗ рдХреА рдЕрдиреБрдорддрд┐ рджреЗрдиреА рд╣реИ рддреЛ рдпрд╣ рдПрдХреНрд╕реЗрдХреНрдпреВрдЯ рдХрд░реЗ # sandbox -X -t sandbox_net_t $SOURCE If you want to allow $SOURCE to connect to $PORT_NUMBER, you can execute # semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s. If you want to change the file context of $TARGET_PATH so that the automounter can execute it you can execute "chcon -t bin_t $TARGET_PATH". If you want this to survive a relabel, you need to permanently change the file context: execute "semanage fcontext -a -t bin_t '$FIX_TARGET_PATH'". SELinux рдиреЗ $SOURCE рджреНрд╡рд╛рд░рд╛ рдХрд┐рдпреЗ рдЧрдП рдЕрдиреБрд░реЛрдз рдХреА рдкрд╣реБрдБрдЪ рдХреЛ рдЗрдирдХрд╛рд░ рдХрд░ рджрд┐рдпрд╛. рдЗрд╕рдХрд╛ рд╕рдВрднрд╛рд╡рдирд╛ рдирд╣реАрдВ рдереА рдХрд┐$SOURCE рдХреЛ рдЗрд╕ рдкрд╣реБрдБрдЪ рдХреА рдЖрд╡рд╢реНрдпрдХрддрд╛ рд╣реИ рдФрд░ рдЗрд╕ рдкрд╣реБрдБрдЪ рдХреЗ рдЙрдкрдпреЛрдЧ рд╕реЗ рдПрдХ рдШреБрд╕рдкреИрда рдкреНрд░рдпрд╛рд╕ рдХрд╛ рд╕рдВрдХреЗрдд рд╣реЛ рд╕рдХрддрд╛ рд╣реИ. рдпрд╣ рднреА рд╕рдВрднрд╡ рд╣реИ рдХрд┐ рдЕрдиреБрдкреНрд░рдпреЛрдЧ рдХреЗ рд╡рд┐рд╢рд┐рд╖реНрдЯ рд╕рдВрд╕реНрдХрд░рдг рдпрд╛ рд╡рд┐рдиреНрдпрд╛рд╕ рджреНрд╡рд╛рд░рд╛ рдЕрддрд┐рд░рд┐рдХреНрдд рдкрд╣реБрдБрдЪ рдХреА рдЖрд╡рд╢реНрдпрдХрддрд╛ рдХреЗ рд▓рд┐рдП рдкреИрджрд╛ рдХрд░ рд░рд╣рд╛ рд╣реИ. SELinux denied access requested by the $SOURCE command. It looks like this is either a leaked descriptor or $SOURCE output was redirected to a file it is not allowed to access. Leaks usually can be ignored since SELinux is just closing the leak and reporting the error. The application does not use the descriptor, so it will run properly. If this is a redirection, you will not get output in the $TARGET_PATH. You should generate a bugzilla on selinux-policy, and it will get routed to the appropriate package. You can safely ignore this avc. SELinux $TARGET_PATH рдореЗрдВ рдЕрднрд┐рдЧрдо рдХреА рдордирд╛рд╣реА рдХрд░рддрд╛ рд╣реИ $SOURCE рдХреЗ рджреНрд╡рд╛рд░рд╛ рдЖрдЧреНрд░рд╣рд┐рдд. $TARGET_PATH рдХреЗ рдкрд╛рд╕ рдПрдХ рд╕рдВрджрд░реНрдн рд╣реИ рдЕрд▓рдЧ рдкреНрд░реЛрдЧреНрд░рд╛рдо рдХреЗ рджреНрд╡рд╛рд░рд╛ рдкреНрд░рдпреБрдХреНрдд. рдЕрдЧрд░ рдЖрдк $TARGET_PATH рдХреЛ $SOURCE рд╕реЗ рд╕рд╛рдЭрд╛ рдХрд░рдирд╛ рдЪрд╛рд╣рддреЗ рд╣реИрдВ, рддреЛ рдЖрдкрдХреЛ рдЗрд╕рдХреЗ рдкрд╛рдЗрд▓ рд╕рдВрджрд░реНрдн рдХреЛ public_content_t рдореЗрдВ рдмрджрд▓рдирд╛ рд╣реЛрдЧрд╛. рдЕрдЧрд░ рдЖрдк рдЗрд╕ рдЕрднрд┐рдЧрдо рдХреЗ рдЗрдЪреНрдЫреБрдХ рдирд╣реАрдВ рд╣реИ, рдпрд╣ рдПрдХ рдШреБрд╕рдкреИрда рдкреНрд░рдпрд╛рд╕ рдХрд╛ рд╕рдВрдХреЗрдд рд╣реЛ рд╕рдХрддрд╛ рд╣реИ. SELinux $TARGET_PATH рдореЗрдВ CVS рдЕрднрд┐рдЧрдо рд╕реЗ рдордирд╛ рдХрд┐рдпрд╛ рд╣реИ. рдЕрдЧрд░ рдпрд╣ рдПрдХ CVS рд░рд┐рдкреЙрдЬрд┐рдЯрд░реА рд╣реИ рдЗрд╕реЗ рдлрд╛рдЗрд▓ рд╕рдВрджрд░реНрдн рд▓реЗрдмрд▓ cvs_data_t рд░рдЦрдирд╛ рдЪрд╛рд╣рд┐рдпреЗ. рдЕрдЧрд░ рдЖрдк рдПрдХ $TARGET_PATH рдХреЛ рдПрдХ CVS рд░рд┐рдкреЙрдЬрд┐рдЯрд░реА рдХреЗ рд░реВрдк рдореЗрдВ рдкреНрд░рдпреЛрдЧ рдХреЗ рдЗрдЪреНрдЫреБрдХ рдирд╣реАрдВ рд╣реИ рдпрд╣ рдпрд╛ рддреЛ рдмрдЧ рдпрд╛ рдПрдХ рдШреБрд╕рдкреИрда рдкреНрд░рдпрд╛рд╕ рдХрд╛ рд╕рдХрддрд╛ рд╣реЛ рд╕рдХрддрд╛ рд╣реИ. SELinux denied xen access to $TARGET_PATH. If this is a XEN image, it has to have a file context label of xen_image_t. The system is setup to label image files in directory /var/lib/xen/images correctly. We recommend that you copy your image file to /var/lib/xen/images. If you really want to have your xen image files in the current directory, you can relabel $TARGET_PATH to be xen_image_t using chcon. You also need to execute semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH' to add this new path to the system defaults. If you did not intend to use $TARGET_PATH as a xen image it could indicate either a bug or an intrusion attempt. SELinux рдиреЗ $SOURCE рдЕрднрд┐рдЧрдо рдХреА рдордирд╛рд╣реА рдХреА рд╣реИ рд╕рдВрднрд╛рд╡рд┐рдд рд░реВрдк рд╕реЗ рдмрд┐рдирд╛ рд▓реЗрдмрд▓ рдХреЗ рдлрд╛рдЗрд▓ $TARGET_PATH рдореЗрдВ. рдЗрд╕рдХрд╛ рдорддрд▓рдм рд╣реИ рдХрд┐ SELinux httpd рдХреЛ рдЗрди рдлрд╛рдЗрд▓реЛрдВ рдХреЗ рдкреНрд░рдпреЛрдЧ рдХреЗ рд▓рд┐рдпреЗ рдЕрдиреБрдорддрд┐ рдирд╣реАрдВ рджреЗрдЧрд╛. рдпрджрд┐ httpd рдХреЛ рдЗрди рдлрд╝рд╛рдЗрд▓реЛрдВ рдХреА рдкрд╣реБрдБрдЪ рдХреЗ рд▓рд┐рдП рдЕрдиреБрдорддрд┐ рджреЗрдиреА рдЪрд╛рд╣рд┐рдП рдЖрдкрдХреЛ рдлрд╝рд╛рдЗрд▓ рд╕рдВрджрд░реНрдн рдмрджрд▓рдирд╛ рдЪрд╛рд╣рд┐рдП рдЗрдирдореЗрдВ рд╕реЗ рдХрд┐рд╕реА рдПрдХ рдкреНрд░рдХрд╛рд░ рдореЗрдВ %s. рдХрдИ рддреАрд╕рд░реА рдкрд╛рд░реНрдЯреА рдЕрдиреБрдкреНрд░рдпреЛрдЧ html рдлрд╛рдЗрд▓ рдХреЛ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ рдореЗрдВ рдЕрдзрд┐рд╖реНрдард╛рдкрд┐рдд рдХрд░рддрд╛ рд╣реИ рдЬреЛ SELinux рдиреАрддрд┐ рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ рдмрддрд╛ рд╕рдХрддрд╛ рд╣реИ. рдпреЗ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛рдПрдВ рдХреЛ рдлрд╛рдЗрд▓ рд╕рдВрджрд░реНрдн рдХреЗ рд╕рд╛рде рд▓реЗрдмрд▓ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдпреЗ рдЬреЛ httpd рдЕрднрд┐рдЧрдо рд░рдЦ рд╕рдХрддрд╛ рд╣реИ. SELinux has denied the $SOURCE_PATH from executing potentially mislabeled files $TARGET_PATH. Automounter can be setup to execute configuration files. If $TARGET_PATH is an automount executable configuration file it needs to have a file label of bin_t. If automounter is trying to execute something that it is not supposed to, this could indicate an intrusion attempt. SELinux has prevented vbetool from performing an unsafe memory operation. SELinux has prevented wine from performing an unsafe memory operation. SELinux $SOURCE_PATH "$ACCESS" рдХреЛ $TARGET_PATH рдореЗрдВ рдЕрднрд┐рдЧрдо рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ. SELinux $SOURCE_PATH "$ACCESS" рдХреЛ $TARGET_PATH рдореЗрдВ рдЕрднрд┐рдЧрдо рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ. SELinux is preventing $SOURCE_PATH "$ACCESS" to $TARGET_PATH. SELinux $SOURCE_PATH рдХреЛ $TARGET_PATH рдХреЛ рд▓реЛрдб рдХрд░рдиреЗ рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ рдЬрд┐рд╕рдХреЗ рд▓рд┐рдпреЗ рдкрд╛рда рд╕реНрдерд╛рдирд╛рдВрддрд░рдг рдЬрд░реВрд░реА рд╣реИ. SELinux $SOURCE_PATH рдХреЛ рдкреЛрд░реНрдЯ $PORT_NUMBER рд╕реЗ рдмрд╛рдВрдзрдиреЗ рдХреЗ рд▓рд┐рдпреЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ. SELinux is preventing $SOURCE_PATH from changing the access protection of memory on the heap. SELinux is preventing $SOURCE_PATH from connecting to port $PORT_NUMBER. SELinux is preventing $SOURCE_PATH from creating a file with a context of $SOURCE_TYPE on a filesystem. SELinux $SOURCE_PATH рдХреЛ $TARGET_PATH рдХреЛ рд▓реЛрдб рдХрд░рдиреЗ рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ рдЬрд┐рд╕рдХреЗ рд▓рд┐рдпреЗ рдкрд╛рда рд╕реНрдерд╛рдирд╛рдВрддрд░рдг рдЬрд░реВрд░реА рд╣реИ. SELinux $SOURCE_PATH рдХреЛ рдкреНрд░реЛрдЧреНрд░рд╛рдо рд╕реНрдЯреИрдХ рдХреЛ рдирд┐рд╖реНрдкрд╛рджрдиреАрдп рдмрдирд╛рдиреЗ рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ. SELinux is preventing Samba ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux is preventing cvs ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH SELinux $SOURCE_PATH рдХреЛ рд╕рдВрднрд╛рд╡рд┐рдд рд░реВрдк рд╕реЗ рдЧрд▓рдд рд▓реЗрдмрд▓ рдХрд┐рдпреЗ ($TARGET_PATH) рдлрд╛рдЗрд▓ рдХреЗ рдкреНрд░рдпреЛрдЧ рд╕реЗ рд░реЛрдХрд╛. SELinux http рдбреЗрдореЙрди рдХреЛ рдореЗрд▓ рднреЗрдЬрдиреЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ SELinux is preventing xen ($SOURCE_PATH) "$ACCESS" access to $TARGET_PATH. SELinux рдиреАрддрд┐ httpd рд╕реНрдХреНрд░рд┐рдкреНрдЯ рдХреЛ рдХрд┐рд╕реА рд╕рд╛рд░реНрд╡рдЬрдирд┐рдХ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ рдореЗрдВ рд▓рд┐рдЦрдиреЗ рд╕реЗ рд░реЛрдХрд╛ рд╣реИ. SELinux рдиреАрддрд┐ httpd рд╕реНрдХреНрд░рд┐рдкреНрдЯ рдХреЛ рдирд┐рдЬреА рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ рдореЗрдВ рд▓рд┐рдЦрдиреЗ рд╕реЗ рд░реЛрдХ рд░рд╣рд╛ рд╣реИ. рдЕрдЧрд░ httpd рд╕рд╛рд░реНрд╡рдЬрдирд┐рдХ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ рдореЗрдВ рд▓рд┐рдЦрдиреЗ рдХреЗ рд▓рд┐рдпреЗ рд╕реЗрдЯрдЕрдк рдирд╣реАрдВ рд╣реИ рддреЛ рдпрд╣ рдПрдХ рдШреБрд╕рдкреИрда рдкреНрд░рдпрд╛рд╕ рдХрд╛ рд╕рдВрдХреЗрдд рджреЗ рд╕рдХрддрд╛ рд╣реИ. SELinux $SOURCE рдХреЛ рдлрд╛рдЗрд▓ рдпрд╛ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ "$TARGET_PATH" (рдкреНрд░рдХрд╛рд░ "$TARGET_TYPE") рдкрд░ рдЖрд░реЛрд╣рди рд╕реЗ рд░реЛрдХрд╛. SELinux prevented httpd $ACCESS access to http files. SELinux prevented the ftp daemon from $ACCESS files stored on a CIFS filesystem. SELinux prevented the ftp daemon from $ACCESS files stored on a NFS filesystem. The $SOURCE application attempted to change the access protection of memory on the heap (e.g., allocated using malloc). This is a potential security problem. Applications should not be doing this. Applications are sometimes coded incorrectly and request this permission. The SELinux Memory Protection Tests web page explains how to remove this requirement. If $SOURCE does not work and you need it to work, you can configure SELinux temporarily to allow this access until the application is fixed. Please file a bug report against this package. Use a command like "cp -p" to preserve all permissions except SELinux context. You can alter the file context by executing chcon -R -t rsync_data_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t rsync_data_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -R -t samba_share_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t public_content_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t public_content_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t swapfile_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t swapfile_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t virt_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH'" You can alter the file context by executing chcon -t xen_image_t '$TARGET_PATH' You must also change the default file context files on the system in order to preserve them even on a full relabel. "semanage fcontext -a -t xen_image_t '$FIX_TARGET_PATH'" рдЖрдк рдирд┐рдореНрди рдХрдорд╛рдВрдб рдмрддреМрд░ рд░реВрдЯ рдЪрд▓рд╛ рд╕рдХрддреЗ рд╣реИрдВ рдЕрдкрдиреЗ рдХрдВрдкреНрдпреВрдЯрд░ рд╕рд┐рд╕реНрдЯрдо рдХреЛ рдлрд┐рд░ рд▓реЗрдмрд▓ рдХрд░рдиреЗ рдХреЗ рд▓рд┐рдпреЗ: "touch /.autorelabel; reboot" You can generate a local policy module to allow this access - see FAQ Please file a bug report. You can generate a local policy module to allow this access - see FAQ You can restore the default system context to this file by executing the restorecon command. restorecon '$TARGET_PATH', if this file is a directory, you can recursively restore using restorecon -R '$TARGET_PATH'. Your system may be seriously compromised! Your system may be seriously compromised! $SOURCE_PATH attempted to mmap low kernel memory. Your system may be seriously compromised! $SOURCE_PATH tried to load a kernel module. Your system may be seriously compromised! $SOURCE_PATH tried to modify SELinux enforcement. Your system may be seriously compromised! $SOURCE_PATH tried to modify kernel configuration. Disable IPV6 properly. рдпрд╛ рддреЛ 'yum remove mozplugger' рдХреЛ рдХреНрд░рд┐рдпрд╛рдиреНрд╡рд┐рдд рдХрд░рдХреЗ mozpluger рдкреИрдХреЗрдЬ рдХреЛ рд╣рдЯрд╛рдпрд╛ рдЬрд╛ рд╕рдХрддрд╛ рд╣реИрдВ рдпрд╛ Firefox рдкреНрд▓рдЧрд┐рди рдкрд░ SELinux рдХреЗ рдкреНрд░рд╡рд░реНрддрди рдмрд╛рд░реА рдХреЛ рдмрдВрдж рдХрд░рдХреЗ рдХрд┐рдпрд╛ рдЬрд╛ рд╕рдХрддрд╛ рд╣реИрдВ. setsebool -P unconfined_mozilla_plugin_transition 0 If you decide to continue to run the program in question you will need to allow this operation. This can be done on the command line by executing: # setsebool -P mmap_low_allowed 1 рдЖрдк %s рдкрд░ рдХреЛрдИ рдПрдХ рдкреНрд░рдХрд╛рд░ рдХреЛ рд░рдЦрдиреЗ рдХреА рдХреЛрд╢рд┐рд╢ рдХрд░ рд╕рдХрддреЗ рд╣реИрдВ рдЬреЛ рдПрдХ рдлрд╝рд╛рдЗрд▓ рдкреНрд░рдХрд╛рд░ рдирд╣реАрдВ рд╣реИ. рдЗрд╕рдХреА рдЕрдиреБрдорддрд┐ рдирд╣реАрдВ рд╣реИ, рддреЛ рдЖрдк рдЗрд╕реЗ рдлрд╛рдЗрд▓ рдкреНрд░рдХрд╛рд░ рдХреЗ рд░реВрдк рдореЗрдВ рд░рдЦ рд╕рдХрддреЗ рд╣реИрдВ. рдЖрдк seinfo рдЖрджреЗрд╢ рдХрд╛ рдЙрдкрдпреЛрдЧ рдХрд░рдХреЗ рд╕рднреА рдлрд╝рд╛рдЗрд▓ рдкреНрд░рдХрд╛рд░ рдХреА рд╕реВрдЪреА рдмрдирд╛ рд╕рдХрддреЗ рд╣реИрдВ. seinfo -afile_type -x "$BOOLEAN" рдмрджрд▓ рд░рд╣рд╛ рд╣реИ рдФрд░ "$WRITE_BOOLEAN" рдмреБрд▓рд┐рдпрди рдХреЛ рд╕рд╣реА рдорд╛рдирдирд╛ рдЗрд╕ рдЕрднрд┐рдЧрдо рдХреЗ рд▓рд┐рдпреЗ рдЕрдиреБрдорддрд┐ рджреЗрдЧрд╛: "setsebool -P $BOOLEAN=1 $WRITE_BOOLEAN=1". рдЪреЗрддрд╛рд╡рдиреА: "$WRITE_BOOLEAN" рдмреБрд▓рд┐рдпрди рд╕рд╣реА рдкрд░ рд╕реЗрдЯ рдХрд░рдирд╛ ftp рдбреЗрдореЙрди рдХреЛ рд╕рд╛рд░реЗ рд╕рд╛рд░реНрд╡рдЬрдирд┐рдХ рд╕рд╛рдордЧреНрд░реА рдореЗрдВ рд▓рд┐рдЦрдиреЗ рдХреЗ рд▓рд┐рдпреЗ (рдлрд╛рдЗрд▓ рд╡ рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ public_content_t рдХреЗ рдкреНрд░рдХрд╛рд░ рдХрд╛) рдЕрдиреБрдорддрд┐ рджреЗрдЧрд╛ рдлрд╛рдЗрд▓ рдФрд░ CIFS рдлрд╛рдЗрд▓ рд╕рд┐рд╕реНрдЯрдо рдореЗрдВ рдирд┐рд░реНрджрд╢рд┐рдХрд╛ рдХреЗ рдЕрд▓рд╛рд╡рд╛. # semanage fcontext -a -t SIMILAR_TYPE '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage fcontext -a -t samba_share_t '$FIX_TARGET_PATH%s' # restorecon %s -v '$FIX_TARGET_PATH'# semanage fcontext -a -t virt_image_t '$FIX_TARGET_PATH' # restorecon -v '$FIX_TARGET_PATH'# semanage port -a -t %s -p %s $PORT_NUMBER# semanage port -a -t PORT_TYPE -p %s $PORT_NUMBER where PORT_TYPE is one of the following: %s.рдкреНрд░рдХреНрд░рд┐рдпрд╛ рдЖрдкрдХреЗ рддрдВрддреНрд░ рдХреЗ рд╣реИрдХ рдХрд░рдиреЗ рдХрд╛ рдкреНрд░рдпрд╛рд╕ рд╣реЛ рд╕рдХрддрд╛ рд╣реИ.Add net.ipv6.conf.all.disable_ipv6 = 1 to /etc/sysctl.conf рдЕрдкрдиреЗ рд╕реБрд░рдХреНрд╖рд╛ рдкреНрд░рд╢рд╛рд╕рдХ рд╕реЗ рд╕рдВрдкрд░реНрдХ рдХрд░реЗрдВ рдФрд░ рдЗрд╕ рдореБрджреНрджреЗ рдХреЛ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░реЗрдВ.рдкреБрдирд░реНрднрдВрдбрд╛рд░рд┐рдд рдХрд░реЗрдВ рд╕рдВрджрд░реНрднрд╕рдВрджрд░реНрдн рдлрд┐рд░ рд╡рд╛рдкрд╕ рд▓рд╛рдПрдБSELinux $SOURCE_PATH "$ACCESS" рдкрд╣реБрдБрдЪ рдХреЗ рд▓рд┐рдП рд░реЛрдХ рд░рд╣рд╛ рд╣реИ.рд╕реНрдореГрддрд┐ рд╕рдВрд░рдХреНрд╖рд╛ рдХреЛ рдмрдВрдж рдХрд░реЗрдВрдЖрдк рдЕрдзрд┐рдХ рдЬрд╛рдирдХрд╛рд░реА рдХреЗ рд▓рд┐рдП '%s' рдХрд╛ рдореИрди рдкреГрд╖реНрда рдкрдврд╝ рд╕рдХрддреЗ рд╣реИрдВ.рдЖрдк рд╣реИрдХ рдХрд┐рдП рдЬрд╛ рд╕рдХрддреЗ рд╣реИрдВ.'%s' boolean рдХреЛ рд╕рдХреНрд╖рдо рдХрд░рдХреЗ рдЖрдк рдЗрд╕рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ SELinux рдХреЛ рдмрддрд╛ рд╕рдХрддреЗ рд╣реИрдВ. рдЖрдкрдХреЛ $FIX_TARGET_PATH рдкрд░ рд▓реЗрдмрд▓ рдмрджрд▓рдирд╛ рдЪрд╛рд╣рд┐рдПрдЖрдкрдХреЛ $TARGET_BASE_PATH' рдкрд░ рд▓реЗрдмрд▓ рдХреЛ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИрдЖрдкрдХреЛ $TARGET_BASE_PATH рдкрд░ public_content_t рдпрд╛ public_content_rw_t рдореЗрдВ рд▓реЗрдмрд▓ рдХреЛ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ.рдЖрдкрдХреЛ $TARGET_BASE_PATH' рдкрд░ рд▓реЗрдмрд▓ рдХреЛ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИрдЖрдкрдХреЛ $TARGET_PATH рдкрд░ рд▓реЗрдмрд▓ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ рддрд╛рдХрд┐ рд╕рдорд╛рди рдпреБрдХреНрддрд┐ рдЯрд╛рдЗрдк рдХрд░ рд╕рдХреЗрдВрдЖрдкрдХреЛ '$FIX_TARGET_PATH' рдкрд░ рд▓реЗрдмрд▓ рдХреЛ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИрдЖрдкрдХреЛ рдЗрд╕реЗ рдмрддреМрд░ рдмрдЧ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдП. рдЖрдкрдХреЛ рдЗрд╕рдХреА рдкрд╣реБрдБрдЪ рдХреЗ рд▓рд┐рдП рд╕реНрдерд╛рдиреАрдп рдиреАрддрд┐ рдореЙрдбреНрдпреВрд▓ рдЙрддреНрдкрдиреНрди рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдП.рдЖрдкрдХреЛ рдЗрд╕реЗ рдмрддреМрд░ рдмрдЧ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдП. рдЖрдк рдПрдХ рд╕реНрдерд╛рдиреАрдп рдиреАрддрд┐ рдореЙрдбреНрдпреВрд▓ рдмрдирд╛ рд╕рдХрддреЗ рд╣реИрдВ рдЗрд╕ рдкрд╣реБрдБрдЪ рдХреЗ dontaudit рдХреЗ рд▓рд┐рдП.execstack -c %sрдХреНрдпрд╛ рдЖрдк рд╕реЛрдЪрддреЗ рд╣реИрдВ рдХрд┐ рдЖрдк рд╣реИрдХ рдХрд┐рдП рдЬрд╛ рд░рд╣реЗ рд╣реИрдВsetsebool -P %s %sрдУрдлреЗрдВрдбрд┐рдВрдЧ рдлрд╝рд╛рдЗрд▓ рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ рдкрд╛рде рд╕реВрдЪрдирд╛ рдкрд╛рдиреЗ рдХреЗ рд▓рд┐рдП рдлреБрд▓ рдСрдбрд┐рдЯрд┐рдВрдЧ рдЪрд╛рд▓реВ рдХрд░реЗрдВ рдФрд░ рддреНрд░реБрдЯрд┐ рдлрд┐рд░ рдЙрддреНрдкрдиреНрди рдХрд░реЗрдВ."cp -p" рдХреЗ рддрд░рд╣ рдХрд╛ рдХрдорд╛рдВрдб рдХрд╛ рдЙрдкрдпреЛрдЧ рд╕рд┐рд╡рд╛рдп SELinux рд╕рдВрджрд░реНрдн рдХреЗ рд╕рднреА рдЕрдиреБрдорддрд┐рдпреЛрдВ рдХреЗ рд▓рд┐рдП рдХрд░реЗрдВ.рдЖрдк restorecon рдЪрд▓рд╛ рд╕рдХрддреЗ рд╣реИрдВ.рдЖрдк рд╣реИрдХрд░ рдХреЗ рд╣рдорд▓реЗ рдХреЗ рдЕрдВрддрд░реНрдЧрдд рд╣реЛ рд╕рдХрддреЗ рд╣реИрдВ рдХреНрдпреЛрдВрдХрд┐ рд╕реАрдорд┐рдд рдЕрдиреБрдкреНрд░рдпреЛрдЧ рдХреЛ рдЗрд╕ рдкрд╣реБрдБрдЪ рдХреА рдЬрд░реВрд░рдд рдХрднреА рдирд╣реАрдВ рд╣реЛрдиреА рдЪрд╛рд╣рд┐рдП.рдЖрдк рд╣реИрдХрд░ рдХреЗ рд╣рдорд▓реЗ рдХреЗ рдЕрдВрддрд░реНрдЧрдд рд╣реЛ рд╕рдХрддреЗ рд╣реИрдВ рдХреНрдпреЛрдВрдХрд┐ рд╕реАрдорд┐рдд рдЕрдиреБрдкреНрд░рдпреЛрдЧ рдХреЛ рдЗрд╕ рдкрд╣реБрдБрдЪ рдХреА рдЬрд░реВрд░рдд рдирд╣реАрдВ рд╣реЛрдирд╛ рдЪрд╛рд╣рд┐рдП.рдЖрдк рд╣реИрдХрд░ рдХреЗ рд╣рдорд▓реЗ рдХреЗ рдЕрдВрддрд░реНрдЧрдд рд╣реЛ рд╕рдХрддреЗ рд╣реИрдВ рдпрд╣ рдХрд╛рдлреА рдЦрддрд░рдирд╛рдХ рдкрд╣реБрдБрдЪ рд╣реИ.рдЖрдкрдХреЛ $TARGET_PATH рдкрд░ рд▓реЗрдмрд▓рд┐рдВрдЧ рдХреЛ рдмрджрд▓рдирд╛ рдЪрд╛рд╣рд┐рдП.рдЖрдкрдХреЛ рдЬрд░реВрд░ рд▓реЗрдмрд▓ рдлрд┐рдХреНрд╕ рдХрд░рдирд╛ рд╣реЛрдЧрд╛.рдЖрдкрдХреЛ cert рдлрд╝рд╛рдЗрд▓ рдХреЛ ~/.cert рдирд┐рд░реНрджреЗрд╢рд┐рдХрд╛ рдореЗрдВ рдЬрд░реВрд░ рдЦрд┐рд╕рдХрд╛рдирд╛ рд╣реЛрдЧрд╛рдЖрдкрдХреЛ рдПрдХ рдорд╛рдиреНрдп рдлрд╝рд╛рдЗрд▓ рд▓реЗрдмрд▓ рдХрд╛ рдЪреБрдирд╛рд╡ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдП.рдЖрдкрдХреЛ mozplugger рдкреИрдХреЗрдЬ рдХреЛ рд╣рдЯрд╛ рджреЗрдирд╛ рдЪрд╛рд╣рд┐рдПрдЖрдкрдХреЛ SELinux рдХреЛ рдЗрд╕реЗ рдЕрдиреБрдорддрд┐ рджреЗрдиреЗ рдХреЗ рд▓рд┐рдП рд╕реЗрдЯрдЕрдк рдХрд░рдирд╛ рд╣реЛрдЧрд╛рдЖрдкрдХреЛ рдЬрд░реВрд░ SELinux рдХреЛ рдЗрд╕рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ рдмреЛрд▓рдирд╛ рдЪрд╛рд╣рд┐рдПрдЖрдкрдХреЛ SELinux рдХреЛ рдЗрд╕рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ рдХрд╣рдирд╛ рд╣реЛрдЧрд╛ 'httpd_unified' рдФрд░ 'http_enable_cgi' рдмреБрд▓рд┐рдпрди рдХреЛ рд╕рдХреНрд░рд┐рдп рдХрд░рдХреЗрдЖрдкрдХреЛ SELinux рдХреЛ рдЗрд╕рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ vbetool_mmap_zero_ignore рдмреБрд▓рд┐рдпрди рд╕рдХреНрд░рд┐рдп рдХрд░ рдХрд╣рдирд╛ рд╣реЛрдЧрд╛.рдЖрдкрдХреЛ SELinux рдХреЛ рдЗрд╕рдХреЗ рдмрд╛рд░реЗ рдореЗрдВ рдХрд╣рдирд╛ рд╣реЛрдЧрд╛ wine_mmap_zero_ignore рдмреБрд▓рд┐рдпрди рдХреЛ рд╕рдХреНрд░рд┐рдп рдХрд░рдХреЗ.рдЖрдк SELinux рдХрдВрдЯреНрд░реЛрд▓ рдХреЛ рдХреНрд░реЛрдо рдкреНрд▓рдЧрдЗрди рдкрд░ рдмрдВрдж рдХрд░реЗрдВ.рдЖрдкрдХреЛ рдлрд╝рд╛рдпрд░рдлрд╝реЙрдХреНрд╕ рдкреНрд▓рдЧрдЗрди рдкрд░ SELinux рдирд┐рдпрдВрддреНрд░рдг рдХреЛ рдмрдВрдж рдХрд░ рд▓реЗрдирд╛ рдЪрд╛рд╣рд┐рдП.рдЖрдкрдХреЛ рдЗрд╕рдореЗрдВ рд▓реЗрдмрд▓ рдХреЛ рдЬреЛрдбрд╝рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ.рдЖрдкрдХреЛ $TARGET_PATH рдкрд░ public_content_rw_t рдкрд░ рд▓реЗрдмрд▓ рдмрджрд▓рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ, рдФрд░ рд╕рдВрднрд╛рд╡рд┐рдд рд░реВрдк рд╕реЗ allow_httpd_sys_script_anon_write рдмреБрд▓рд┐рдпрди рдХреЛ рдЪрд╛рд▓реВ рдХрд░рддрд╛ рд╣реИ.рдЖрдкрдХреЛ рдкреВрд░реА рддрд░рд╣ рд╕реЗ рдлрд┐рд░ рд▓реЗрдмрд▓ рдХрд░рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИрдЖрдкрдХреЛ рдмрдЧ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ. рдпрд╣ рд╕рдВрднрд╛рд╡рд┐рдд рд░реВрдк рд╕реЗ рдЦрддрд░рдирд╛рдХ рдкрд╣реБрдБрдЪ рд╣реЛ рд╕рдХрддрд╛ рд╣реИ.рдЖрдкрдХреЛ рдмрдЧ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ. рдпрд╣ рд╕рдВрднрд╛рд╡рд┐рдд рд░реВрдк рд╕реЗ рдЦрддрд░рдирд╛рдХ рдкрд╣реБрдБрдЪ рд╣реЛ рд╕рдХрддрд╛ рд╣реИ.рдЖрдкрдХреЛ /proc/sys/net/ipv6/conf/all/disable_ipv6 рдХреЛ 1 рдкрд░ рд╕реЗрдЯ рдХрд░рдирд╛ рдЪрд╛рд╣рд┐ рдореЙрдбреНрдпреВрд▓ рдХреЛ рдмреНрд▓реИрдХрд▓рд┐рд╕реНрдЯ рдирд╣реАрдВ рдХрд░реЗрдВ'рдЖрдкрдХреЛ рд╡рд┐рднрд┐рдиреНрди рдХрдорд╛рдВрдб рдХрд╛ рдЙрдкрдпреЛрдЧ рдХрд░рдиреЗ рдХреА рдЬрд░реВрд░рдд рд╣реИ. рдЖрдкрдХреЛ SELinux рд╕рдВрджрд░реНрдн рдХреЛ рд▓рдХреНрд╖реНрдп рдлрд╝рд╛рдЗрд▓ рддрдВрддреНрд░ рдкрд░ рд╕рдВрд░рдХреНрд╖рд┐рдд рдХрд░рдиреЗ рдХреА рдЬрд░реВрд░рдд рдирд╣реАрдВ рд╣реИ.рдЖрдкрдХреЛ execstack рдлреНрд▓реИрдЧ рдХреЛ рд╕рд╛рдл рдХрд░рдирд╛ рдЪрд╛рд╣рд┐рдП рдФрд░ рджреЗрдЦрдирд╛ рдЪрд╛рд╣рд┐рдП рдХрд┐ рдХреНрдпрд╛ $SOURCE_PATH рдареАрдХ рд╕реЗ рдХрд╛рдо рдХрд░рддрд╛ рд╣реИ. рдЗрд╕ рдмрдЧ рдХреЛ %s рдкрд░ рд░рд┐рдкреЛрд░реНрдЯ рдХрд░реЗрдВ. рдЖрдк рдЗрд╕реЗ рдирд┐рд╖реНрдкрд╛рджрд┐рдд рдХрд░рдХреЗ exestack рдлреНрд▓реИрдЧ рд╕рд╛рдл рдХрд░ рд╕рдХрддреЗ рд╣реИрдВ: