Selinux 'var_t' base type warningHow can I tell SELinux to permit nginx access to a unix socket without audit2allow?rsyslog-mysql on CentOS 5.3 does not have permission to access the mysql.sockselinux on RHEL6: httpd config. DocumentRoot [/path/does/exist] “does not exist”Can't make SELinux context types permanent with semanageSELinux policy issueReading home files permission: Policy constraint violationSELinux: no audit errors but nginx permission errorsCreating an SELINUX allow rule for sockets error with clamdWhat SELinux type should I apply on my Unix socket?SELinux/PostgresQL “denied open for [..] comm=”pg_ctl“ path=”$PGDATA/postgresql.conf"ngnix socket file not found in /tmp and /var/tmp/uwsgi?
What reason would an alien civilization have for building a Dyson Sphere (or Swarm) if cheap Nuclear fusion is available?
Suggested order for Amazon Prime Doctor Who series
Drawing people along with x and y axis
Trainee keeps missing deadlines for independent learning
What does it mean to "control target player"?
Does this Wild Magic result affect the sorcerer or just other creatures?
What does "play with your toy’s toys" mean?
How to model a twisted cylinder like this
Find the C-factor of a vote
When to remove insignificant variables?
How large would a mega structure have to be to host 1 billion people indefinitely?
Why do even high-end cameras often still include normal (non-cross-type) AF sensors?
Can any NP-Complete Problem be solved using at most polynomial space (but while using exponential time?)
JSON selector class in Python
.NET executes a SQL query and Active Monitor shows multiple rows blocking each other
Impossible darts scores
How long would it take to cross the Channel in 1890's?
How does a pilot select the correct ILS when the airport has parallel runways?
Minimum distance between holes in inner tube
What's the difference between a deep fryer and a chip pan?
How much will studying magic in an academy cost?
Can someone suggest a path to study Mordell-Weil theorem for someone studying on their own?
Is it damaging to turn off a small fridge for two days every week?
How to avoid voltage drop when using full bridge rectifier as reverse polarity protection
Selinux 'var_t' base type warning
How can I tell SELinux to permit nginx access to a unix socket without audit2allow?rsyslog-mysql on CentOS 5.3 does not have permission to access the mysql.sockselinux on RHEL6: httpd config. DocumentRoot [/path/does/exist] “does not exist”Can't make SELinux context types permanent with semanageSELinux policy issueReading home files permission: Policy constraint violationSELinux: no audit errors but nginx permission errorsCreating an SELINUX allow rule for sockets error with clamdWhat SELinux type should I apply on my Unix socket?SELinux/PostgresQL “denied open for [..] comm=”pg_ctl“ path=”$PGDATA/postgresql.conf"ngnix socket file not found in /tmp and /var/tmp/uwsgi?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I am currently 'lost' in the CentOS Selinux forest.
My setup involves setting up a WSGI socket in /var/www/demo/out which nginx uses to communicate with the UWSGI process. Whenever I request the page in my browser I get an nginx error.
Why is this Selinux related?
- Disabling Selinux with
setenforce 0fixes it. - /var/log/audit/audit.log and audit2why display a
deniedandmissing type enforcement (TE) allow rule
I have tried adding the httpd_sys_content_t label to the socket so nginx was allowed to read and write to the socket file, restorecon after adding the new label.
Running the violation through audit2allow returns the following policy:
module nginx 1.0;
require
type httpd_t;
type var_t;
type httpd_sys_content_t;
class sock_file write;
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:sock_file write;
#!!!! WARNING: 'var_t' is a base type.
allow httpd_t var_t:sock_file write;
The first rule I understand, however what is the second rule conveying? I am guessing because the nginx process is requesting a tcontext that has var_t in it a new selinux policy is required that includes this new context?
So why is this warning here? Is it complaining that adding a directory like var to a policy is too general / isn't specific enough? If this is the case, can't this policy be narrowed to something like var_www_t? Also if this is the case then why is the uwsgi process, which is running under a non root user, allowed to write to the socket?
nginx centos httpd selinux uwsgi
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
add a comment |
I am currently 'lost' in the CentOS Selinux forest.
My setup involves setting up a WSGI socket in /var/www/demo/out which nginx uses to communicate with the UWSGI process. Whenever I request the page in my browser I get an nginx error.
Why is this Selinux related?
- Disabling Selinux with
setenforce 0fixes it. - /var/log/audit/audit.log and audit2why display a
deniedandmissing type enforcement (TE) allow rule
I have tried adding the httpd_sys_content_t label to the socket so nginx was allowed to read and write to the socket file, restorecon after adding the new label.
Running the violation through audit2allow returns the following policy:
module nginx 1.0;
require
type httpd_t;
type var_t;
type httpd_sys_content_t;
class sock_file write;
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:sock_file write;
#!!!! WARNING: 'var_t' is a base type.
allow httpd_t var_t:sock_file write;
The first rule I understand, however what is the second rule conveying? I am guessing because the nginx process is requesting a tcontext that has var_t in it a new selinux policy is required that includes this new context?
So why is this warning here? Is it complaining that adding a directory like var to a policy is too general / isn't specific enough? If this is the case, can't this policy be narrowed to something like var_www_t? Also if this is the case then why is the uwsgi process, which is running under a non root user, allowed to write to the socket?
nginx centos httpd selinux uwsgi
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
add a comment |
I am currently 'lost' in the CentOS Selinux forest.
My setup involves setting up a WSGI socket in /var/www/demo/out which nginx uses to communicate with the UWSGI process. Whenever I request the page in my browser I get an nginx error.
Why is this Selinux related?
- Disabling Selinux with
setenforce 0fixes it. - /var/log/audit/audit.log and audit2why display a
deniedandmissing type enforcement (TE) allow rule
I have tried adding the httpd_sys_content_t label to the socket so nginx was allowed to read and write to the socket file, restorecon after adding the new label.
Running the violation through audit2allow returns the following policy:
module nginx 1.0;
require
type httpd_t;
type var_t;
type httpd_sys_content_t;
class sock_file write;
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:sock_file write;
#!!!! WARNING: 'var_t' is a base type.
allow httpd_t var_t:sock_file write;
The first rule I understand, however what is the second rule conveying? I am guessing because the nginx process is requesting a tcontext that has var_t in it a new selinux policy is required that includes this new context?
So why is this warning here? Is it complaining that adding a directory like var to a policy is too general / isn't specific enough? If this is the case, can't this policy be narrowed to something like var_www_t? Also if this is the case then why is the uwsgi process, which is running under a non root user, allowed to write to the socket?
nginx centos httpd selinux uwsgi
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
I am currently 'lost' in the CentOS Selinux forest.
My setup involves setting up a WSGI socket in /var/www/demo/out which nginx uses to communicate with the UWSGI process. Whenever I request the page in my browser I get an nginx error.
Why is this Selinux related?
- Disabling Selinux with
setenforce 0fixes it. - /var/log/audit/audit.log and audit2why display a
deniedandmissing type enforcement (TE) allow rule
I have tried adding the httpd_sys_content_t label to the socket so nginx was allowed to read and write to the socket file, restorecon after adding the new label.
Running the violation through audit2allow returns the following policy:
module nginx 1.0;
require
type httpd_t;
type var_t;
type httpd_sys_content_t;
class sock_file write;
#============= httpd_t ==============
allow httpd_t httpd_sys_content_t:sock_file write;
#!!!! WARNING: 'var_t' is a base type.
allow httpd_t var_t:sock_file write;
The first rule I understand, however what is the second rule conveying? I am guessing because the nginx process is requesting a tcontext that has var_t in it a new selinux policy is required that includes this new context?
So why is this warning here? Is it complaining that adding a directory like var to a policy is too general / isn't specific enough? If this is the case, can't this policy be narrowed to something like var_www_t? Also if this is the case then why is the uwsgi process, which is running under a non root user, allowed to write to the socket?
nginx centos httpd selinux uwsgi
nginx centos httpd selinux uwsgi
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
asked Jun 5 at 19:36
ExcellentAverageExcellentAverage
132
132
add a comment |
add a comment |
3 Answers
3
active
oldest
votes
Consider placing your socket in a location where SELinux already expects it to be.
# semanage fcontext -l | grep httpd_var_run_t | grep wsgi
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
Thus if you create /run/wsgi.anything and use that as the socket then it will work perfectly. Keep in mind that since this is a temporary directory cleared on every boot, you should create the socket yourself at startup, usually with a tmpfiles.d configuration. For example:
p+ /run/wsgi.anything 0660 user group - -
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition ofhttpd_var_run_tis.
– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
add a comment |
The warning is there because you may be giving too much away. You allowing httpd to write to any socket in /var which may not be what you want.
The httpd_sys_content_t context only allows read access to a file unless you have enabled the httpd_unified boolean. If you want your socket to be writable by httpd you need to set it to be httpd_sys_rw_content_t
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/demo/out"
restorecon -Rv /var/www/demo/out
Michael Hampton will be along soon to correct me I'm sure
answered Jun 5 at 19:58
IainIain
106k14168260
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
add a comment |
A selinux base type is a generic type which, when granted, allow access to a very significant portion of the underlying system. Enabling selinux access for var_t is almost equiparable to run the process unconfined.
From the blog of one of the selinux developer:
The thing we really want to stop is domains writing to BASE types. If
I allow a confined domain to write to a BASE type like etc_t or usr_t,
then a hacked system can attack other domains, since almost all other
domains need to read some etc_t or usr_t content.
Files under /var/www/ are already labeled with httpd_sys_content_t; by relabeling it with the same label you change nothing. From what I remember, httpd_sys_content_t should be used for static HTML files rather than sockets. Try relabeling your socket with something as:
semanage fcontext -a -t httpd_var_run_t </your/socket/path>
restorecon -RF </your/socket/path>
You can read here for a similar problem.
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970274%2fselinux-var-t-base-type-warning%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Consider placing your socket in a location where SELinux already expects it to be.
# semanage fcontext -l | grep httpd_var_run_t | grep wsgi
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
Thus if you create /run/wsgi.anything and use that as the socket then it will work perfectly. Keep in mind that since this is a temporary directory cleared on every boot, you should create the socket yourself at startup, usually with a tmpfiles.d configuration. For example:
p+ /run/wsgi.anything 0660 user group - -
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition ofhttpd_var_run_tis.
– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
add a comment |
Consider placing your socket in a location where SELinux already expects it to be.
# semanage fcontext -l | grep httpd_var_run_t | grep wsgi
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
Thus if you create /run/wsgi.anything and use that as the socket then it will work perfectly. Keep in mind that since this is a temporary directory cleared on every boot, you should create the socket yourself at startup, usually with a tmpfiles.d configuration. For example:
p+ /run/wsgi.anything 0660 user group - -
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition ofhttpd_var_run_tis.
– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
add a comment |
Consider placing your socket in a location where SELinux already expects it to be.
# semanage fcontext -l | grep httpd_var_run_t | grep wsgi
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
Thus if you create /run/wsgi.anything and use that as the socket then it will work perfectly. Keep in mind that since this is a temporary directory cleared on every boot, you should create the socket yourself at startup, usually with a tmpfiles.d configuration. For example:
p+ /run/wsgi.anything 0660 user group - -
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
Consider placing your socket in a location where SELinux already expects it to be.
# semanage fcontext -l | grep httpd_var_run_t | grep wsgi
/var/run/wsgi.* socket system_u:object_r:httpd_var_run_t:s0
Thus if you create /run/wsgi.anything and use that as the socket then it will work perfectly. Keep in mind that since this is a temporary directory cleared on every boot, you should create the socket yourself at startup, usually with a tmpfiles.d configuration. For example:
p+ /run/wsgi.anything 0660 user group - -
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
answered Jun 6 at 0:39
Michael Hampton♦Michael Hampton
180k28336666
180k28336666
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition ofhttpd_var_run_tis.
– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
add a comment |
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition ofhttpd_var_run_tis.
– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition of
httpd_var_run_t is.– ExcellentAverage
Jun 6 at 14:41
Do you maybe have a link / ref / tooling to the different selinux policies being explained? I have no idea what the exact definition of
httpd_var_run_t is.– ExcellentAverage
Jun 6 at 14:41
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
In my opinion the cleanest answer. Requires no custom Selinux policies to be created.
– ExcellentAverage
Jun 6 at 14:42
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
I'm not sure there is a good reference for each of them. This is unfortunate.
– Michael Hampton♦
Jun 6 at 14:51
add a comment |
The warning is there because you may be giving too much away. You allowing httpd to write to any socket in /var which may not be what you want.
The httpd_sys_content_t context only allows read access to a file unless you have enabled the httpd_unified boolean. If you want your socket to be writable by httpd you need to set it to be httpd_sys_rw_content_t
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/demo/out"
restorecon -Rv /var/www/demo/out
Michael Hampton will be along soon to correct me I'm sure
answered Jun 5 at 19:58
IainIain
106k14168260
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
add a comment |
The warning is there because you may be giving too much away. You allowing httpd to write to any socket in /var which may not be what you want.
The httpd_sys_content_t context only allows read access to a file unless you have enabled the httpd_unified boolean. If you want your socket to be writable by httpd you need to set it to be httpd_sys_rw_content_t
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/demo/out"
restorecon -Rv /var/www/demo/out
Michael Hampton will be along soon to correct me I'm sure
answered Jun 5 at 19:58
IainIain
106k14168260
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
add a comment |
The warning is there because you may be giving too much away. You allowing httpd to write to any socket in /var which may not be what you want.
The httpd_sys_content_t context only allows read access to a file unless you have enabled the httpd_unified boolean. If you want your socket to be writable by httpd you need to set it to be httpd_sys_rw_content_t
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/demo/out"
restorecon -Rv /var/www/demo/out
Michael Hampton will be along soon to correct me I'm sure
answered Jun 5 at 19:58
IainIain
106k14168260
The warning is there because you may be giving too much away. You allowing httpd to write to any socket in /var which may not be what you want.
The httpd_sys_content_t context only allows read access to a file unless you have enabled the httpd_unified boolean. If you want your socket to be writable by httpd you need to set it to be httpd_sys_rw_content_t
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/demo/out"
restorecon -Rv /var/www/demo/out
Michael Hampton will be along soon to correct me I'm sure
answered Jun 5 at 19:58
IainIain
106k14168260
answered Jun 5 at 19:58
IainIain
106k14168260
answered Jun 5 at 19:58
IainIain
106k14168260
answered Jun 5 at 19:58
IainIain
106k14168260
106k14168260
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
add a comment |
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
1
1
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
+1 for the fine print ;)
– shodanshok
Jun 8 at 10:52
add a comment |
A selinux base type is a generic type which, when granted, allow access to a very significant portion of the underlying system. Enabling selinux access for var_t is almost equiparable to run the process unconfined.
From the blog of one of the selinux developer:
The thing we really want to stop is domains writing to BASE types. If
I allow a confined domain to write to a BASE type like etc_t or usr_t,
then a hacked system can attack other domains, since almost all other
domains need to read some etc_t or usr_t content.
Files under /var/www/ are already labeled with httpd_sys_content_t; by relabeling it with the same label you change nothing. From what I remember, httpd_sys_content_t should be used for static HTML files rather than sockets. Try relabeling your socket with something as:
semanage fcontext -a -t httpd_var_run_t </your/socket/path>
restorecon -RF </your/socket/path>
You can read here for a similar problem.
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
add a comment |
A selinux base type is a generic type which, when granted, allow access to a very significant portion of the underlying system. Enabling selinux access for var_t is almost equiparable to run the process unconfined.
From the blog of one of the selinux developer:
The thing we really want to stop is domains writing to BASE types. If
I allow a confined domain to write to a BASE type like etc_t or usr_t,
then a hacked system can attack other domains, since almost all other
domains need to read some etc_t or usr_t content.
Files under /var/www/ are already labeled with httpd_sys_content_t; by relabeling it with the same label you change nothing. From what I remember, httpd_sys_content_t should be used for static HTML files rather than sockets. Try relabeling your socket with something as:
semanage fcontext -a -t httpd_var_run_t </your/socket/path>
restorecon -RF </your/socket/path>
You can read here for a similar problem.
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
add a comment |
A selinux base type is a generic type which, when granted, allow access to a very significant portion of the underlying system. Enabling selinux access for var_t is almost equiparable to run the process unconfined.
From the blog of one of the selinux developer:
The thing we really want to stop is domains writing to BASE types. If
I allow a confined domain to write to a BASE type like etc_t or usr_t,
then a hacked system can attack other domains, since almost all other
domains need to read some etc_t or usr_t content.
Files under /var/www/ are already labeled with httpd_sys_content_t; by relabeling it with the same label you change nothing. From what I remember, httpd_sys_content_t should be used for static HTML files rather than sockets. Try relabeling your socket with something as:
semanage fcontext -a -t httpd_var_run_t </your/socket/path>
restorecon -RF </your/socket/path>
You can read here for a similar problem.
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
A selinux base type is a generic type which, when granted, allow access to a very significant portion of the underlying system. Enabling selinux access for var_t is almost equiparable to run the process unconfined.
From the blog of one of the selinux developer:
The thing we really want to stop is domains writing to BASE types. If
I allow a confined domain to write to a BASE type like etc_t or usr_t,
then a hacked system can attack other domains, since almost all other
domains need to read some etc_t or usr_t content.
Files under /var/www/ are already labeled with httpd_sys_content_t; by relabeling it with the same label you change nothing. From what I remember, httpd_sys_content_t should be used for static HTML files rather than sockets. Try relabeling your socket with something as:
semanage fcontext -a -t httpd_var_run_t </your/socket/path>
restorecon -RF </your/socket/path>
You can read here for a similar problem.
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
edited Jun 6 at 8:47
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
answered Jun 5 at 19:57
shodanshokshodanshok
28.1k35295
28.1k35295
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f970274%2fselinux-var-t-base-type-warning%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
