Re: Docker storage on Fedora 25?

On 12/27/2016 10:55 AM, Dave Johansen wrote: > On Tue, Dec 27, 2016 at 5:16 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > > On 12/26/2016 08:39 PM, Matthew Miller wrote: > > On Mon, Dec 26, 2016 at 12:37:46PM -0700, Dave Johansen

Re: Docker storage on Fedora 25?

On 12/26/2016 08:39 PM, Matthew Miller wrote: > On Mon, Dec 26, 2016 at 12:37:46PM -0700, Dave Johansen wrote: >> http://www.projectatomic.io/blog/2015/06/notes-on-fedora-centos-and-docker-storage-drivers/ >> Does the above recommendation still hold true with Fedora 25/Docker 1.12.5? >> If so, is

Re: Apache Authentication with System Accounts?

On 12/23/2016 05:38 PM, Aero Maxx D wrote: >> On 23 Dec 2016, at 21:19, Matthew Miller wrote: >> >> Oh, just to check -- any SELinux AVC logged? From the mod_authnz_pam >> page, you need to do `sudo setsebool -P allow_httpd_mod_auth_pam 1`. >> >> Other than that, anything at all else logged? > Y

Re: SELinux forces Fedora 25 upgrade into a reboot loop

On 11/25/2016 01:28 PM, Sam Varshavchik wrote: > Patrick O'Callaghan writes: > >> On Fri, 2016-11-25 at 11:08 -0500, Sam Varshavchik wrote: >> > Wondering if all upgrades with selinux enabled are broken, or just >> something >> > with this particular laptop. This doesn't look like a system-speci

Re: Running docker images crashing F25?

On 09/16/2016 11:22 PM, Philip Rhoades wrote: > People, > > I couldn't find a specific docker Fedora list so I am posting here - > feel free to tell me a more appropriate list . . > > I decided to live on the edge and did a bare-metal install of F25 > x86_64 a little while ago - it has been going

FYI: systemd as pid one on an unprivileged container.

http://developers.redhat.com/blog/2016/09/13/running-systemd-in-a-non-privileged-container/ -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@lists.fedoraproject.org Fedora Code of Conduct: http://fed

Re: Fedora 23 Server: can't startx

On 03/30/2016 12:06 PM, Braden McDaniel wrote: I have a fresh, updated install of Fedora 23 Server. After installation, I installed the "Basic Desktop" group. Now, when I try to run startx, it fails with the error: xf86EnableIOPorts: failed to set IOPL for I/O (Operation not permitt

Re: PulseAudio

On 03/25/2016 12:49 PM, Joe Zeff wrote: On 03/25/2016 06:58 AM, Richard Ibbotson wrote: On Friday 25 March 2016 09:41:05 Daniel J Walsh wrote: What avcs are you seeing ausearch -m avc -ts recent Well, that just about proves that SELinux isn't involved, doesn't it? Well may

Re: PulseAudio

On 03/25/2016 09:20 AM, Richard Ibbotson wrote: Hi I know a lot of people don't like PulseAudio but that's what comes with Fedora 23. My problem is this. After a dnf update I find that selinux has done something it didn't do before. PulseAudio has ceased to work properly. I'm looking at a dumm

Re: Discourse - DeviceMapper causing corruption?

Do we have bugzillas with these Spectacular failures? On 03/21/2016 03:03 PM, Philip Rhoades wrote: People, I had a couple of issues to sort out with installing the Docker Discourse app and while that was being done people made these comments: "Devicemapper is non starter, fails spectacularl

Re: SELinux is preventing rsyslogd from getattr access on the file

Looks like it wants you to fix your labels on /var/log restorecon -R -v /var/log On 10/22/2015 11:00 AM, Neal Becker wrote: > Oct 22 10:59:22 nbecker2 setroubleshoot: Plugin Exception restorecon_source > Oct 22 10:59:22 nbecker2 setroubleshoot: SELinux is preventing rsyslogd from > getattr acce

Re: Copying files without losing selinux context

On 10/10/2015 05:07 AM, Suvayu Ali wrote: > Hi Rejy, > > On Sat, Oct 10, 2015 at 12:31:59PM +0530, Rejy M Cyriac wrote: >> On 10/08/2015 06:35 PM, Suvayu Ali wrote: >>> Yesterday I installed a new SSD in my laptop. I moved all my files >>> (/home, /var, /opt) with rsync and rebooted. However I

Re: SElinux issue

re > (Invalid argument). > libsemanage.validate_handler: invalid context > system_u:object_r:httpd_prewikka_rw_content_t:s0 specified for > /usr/share/prewikka/htdocs/generated_images [all files] (Invalid > argument). > libsemanage.dbase_llist_iterate: could not iterate over records &

Re: AVC denial and the suggested actio to take (by the setroubleshoot details) window

On 09/25/2015 03:55 PM, jd1008 wrote: > > > On 09/25/2015 01:26 PM, Daniel J Walsh wrote: >> >> On 09/25/2015 01:54 PM, jd1008 wrote: >>> >>> On 09/25/2015 11:28 AM, Daniel J Walsh wrote: >>>> mount the directory there directly >>>

Re: AVC denial and the suggested actio to take (by the setroubleshoot details) window

On 09/25/2015 01:54 PM, jd1008 wrote: > > > On 09/25/2015 11:28 AM, Daniel J Walsh wrote: >> mount the directory there directly > You mean mount a partition as /home? > I do not have that. > Anyways where are your homedirs? -- users mailing list users@lists.fedoraproje

Re: SElinux issue

Looks like you might have a prewikka policy around? locate prewikka.pp Did you build a custom policy module? On 09/25/2015 02:30 PM, Paolo Galtieri wrote: > Folks, > I got an SElinux alert this morning. The suggestion to correct the > problem was to do: > > setsebool -P unconfined_mozilla_pl

Re: AVC denial and the suggested actio to take (by the setroubleshoot details) window

Why use symlinks versus bind mounts? Or mount the directory there directly. On 09/24/2015 07:20 PM, jd1008 wrote: > > > On 09/24/2015 04:54 PM, Rahul Sundaram wrote: >> Hi >> >> On Thu, Sep 24, 2015 at 4:20 PM, jd1008 wrote: >> >> But /home is a symlink to /home on another mount point. >>

Re: AVC denial and the suggested actio to take (by the setroubleshoot details) window

On 09/24/2015 03:15 PM, jd1008 wrote: > > > On 09/24/2015 12:58 PM, Daniel J Walsh wrote: >> What AVC are you seeing? >> >> On 09/24/2015 01:58 PM, jd1008 wrote: >>> After getting AVC denial, I touched /.autorelabel and rebooted. >>> Took about

Re: AVC denial and the suggested actio to take (by the setroubleshoot details) window

What AVC are you seeing? On 09/24/2015 01:58 PM, jd1008 wrote: > After getting AVC denial, I touched /.autorelabel and rebooted. > Took about 5 minutes to finish re-labeling. > Then, I started to ge more AVC denials. > I clicked on the denial icon and read the details. > > Could someone please exp

Re: doing docker build, "SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process.", kills wireless

: > On Wed, 19 Aug 2015, Rick Stevens wrote: > >> On 08/19/2015 08:41 AM, Robert P. J. Day wrote: >>> On Wed, 19 Aug 2015, Daniel J Walsh wrote: >>> >>>> >>>> On 08/19/2015 07:36 AM, Robert P. J. Day wrote: >>>>> On Wed, 19 Aug 2015, D

Re: doing docker build, "SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process.", kills wireless

On 08/19/2015 08:03 AM, Robert P. J. Day wrote: > On Wed, 19 Aug 2015, Daniel J Walsh wrote: > >> With SELinux disabled you should not be getting any AVC's >> >> If you turn SELInux back on and do a full relabel, I think the problem >> will go away. >>

Re: doing docker build, "SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process.", kills wireless

On 08/19/2015 07:36 AM, Robert P. J. Day wrote: > On Wed, 19 Aug 2015, Daniel J Walsh wrote: > >> On 08/19/2015 02:43 AM, Robert P. J. Day wrote: >>> On Tue, 18 Aug 2015, Robert P. J. Day wrote: >>> >>>> by now, i'm getting *really* good at

Re: doing docker build, "SELinux is preventing /usr/libexec/abrt-hook-ccpp from using the sigchld access on a process.", kills wireless

On 08/19/2015 02:43 AM, Robert P. J. Day wrote: > On Tue, 18 Aug 2015, Robert P. J. Day wrote: > >> by now, i'm getting *really* good at debugging. was doing a simple >> docker build (docker-1.8.1) with first few lines of Dockerfile (which >> worked fine not that long ago): >> >> FROM ubuntu:

Re: current/proposed docker-related packages?

On 08/17/2015 08:06 AM, Daniel J Walsh wrote: > > On 08/16/2015 05:04 AM, Robert P. J. Day wrote: >> On Sat, 15 Aug 2015, Kenneth Wolcott wrote: >> >>> I have a related question about Fedora docker packages. There seems >>> to be a docker-engine at versi

Re: current/proposed docker-related packages?

On 08/16/2015 05:04 AM, Robert P. J. Day wrote: > On Sat, 15 Aug 2015, Kenneth Wolcott wrote: > >> I have a related question about Fedora docker packages. There seems >> to be a docker-engine at version 1.8.1 and docker at version 1.7.1. >> I'd like to have docker AND docker engine at the same v

Re: fedora-dockerfiles: "LABEL" lines in cockpit-ws sample file look weird

, Robert P. J. Day wrote: > On Mon, 10 Aug 2015, Daniel J Walsh wrote: > >> Here are a couple of blogs on the atomic command >> >> http://developerblog.redhat.com/2015/04/21/introducing-the-atomic-command/ >> http://www.projectatomic.io/blog/2015/04/using-environmen

Re: fedora-dockerfiles: "LABEL" lines in cockpit-ws sample file look weird

/10/2015 08:43 AM, Daniel J Walsh wrote: > > On 08/10/2015 08:31 AM, Robert P. J. Day wrote: >> On Mon, 10 Aug 2015, Daniel J Walsh wrote: >> >>> On 08/10/2015 05:43 AM, Robert P. J. Day wrote: >>>> brief digression from my discussion of docker roadmap and

Re: fedora-dockerfiles: "LABEL" lines in cockpit-ws sample file look weird

On 08/10/2015 08:31 AM, Robert P. J. Day wrote: > On Mon, 10 Aug 2015, Daniel J Walsh wrote: > >> >> On 08/10/2015 05:43 AM, Robert P. J. Day wrote: >>> brief digression from my discussion of docker roadmap and stuff like >>> that ... i'm using th

Re: fedora-dockerfiles: "LABEL" lines in cockpit-ws sample file look weird

On 08/10/2015 05:43 AM, Robert P. J. Day wrote: > brief digression from my discussion of docker roadmap and stuff like > that ... i'm using the sample Dockerfiles from the > "fedora-dockerfiles" package to demonstrate various Dockerfile > instructions in an upcoming course, and i ran across thi

Re: SE alert

You can just run # restorecon -R -v / From the booted machine. On 07/20/2015 03:49 PM, jd1008 wrote: > > > On 07/20/2015 01:42 PM, Martin Cigorraga wrote: >> Hi, >> >> ~ getenforce >> Enforcing >> >> Please be aware that setenforce will only change the mode SELinux is >> running in. For a perman

Re: which images is "docker pull" supposed to pull by default?

Please open a bugzilla with the docker package to fix the man page. On 07/19/2015 05:05 AM, Robert P. J. Day wrote: > more nitpicky pedantry regarding docker on fedora 22 ... if i read > the man page for "docker-pull" on my f22 system, i see: > > "This command pulls down an image or a repository

Re: discrepancy in instructions to install docker on fedora 22

On 07/17/2015 12:59 PM, Robert P. J. Day wrote: > On Fri, 17 Jul 2015, Daniel J Walsh wrote: > >> >> On 07/17/2015 11:55 AM, Robert P. J. Day wrote: >>> On Fri, 17 Jul 2015, Daniel J Walsh wrote: >>> >>>> docker-engine == docker from fedora point o

Re: discrepancy in instructions to install docker on fedora 22

On 07/17/2015 11:55 AM, Robert P. J. Day wrote: > On Fri, 17 Jul 2015, Daniel J Walsh wrote: > >> docker-engine == docker from fedora point of view. >> >> Docker.io is trying to rebrand docker to docker-engine, so it >> can differentiate docker-swarm, docker-regi

Re: discrepancy in instructions to install docker on fedora 22

docker-engine == docker from fedora point of view. Docker.io is trying to rebrand docker to docker-engine, so it can differentiate docker-swarm, docker-registry, docker-engine ... On 07/17/2015 10:42 AM, Robert P. J. Day wrote: > been playing with docker for a few days now, then starting readi

Re: SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

On 06/30/2015 07:57 AM, Ed Greshko wrote: > On 06/30/15 19:31, Daniel J Walsh wrote: >> On 06/29/2015 01:45 PM, Andras Simon wrote: >>> [Sorry for the late answer, I was away from this machine.] >>> >>> 2015-06-28 1:01 GMT+02:00, Ed Greshko : >&g

Re: SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

On 06/29/2015 01:45 PM, Andras Simon wrote: > [Sorry for the late answer, I was away from this machine.] > > 2015-06-28 1:01 GMT+02:00, Ed Greshko : >> On 06/27/15 21:15, Andras Simon wrote: >>> 2015-06-27 15:11 GMT+02:00, Andras Simon : Should I be worried about the $subject? >>> And there'

Re: SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

On 06/29/2015 06:13 AM, Ed Greshko wrote: > On 06/29/15 18:09, Daniel J Walsh wrote: >> On 06/28/2015 07:53 AM, Suvayu Ali wrote: >>> On Sun, Jun 28, 2015 at 06:04:38AM -0400, Daniel J Walsh wrote: >>>> On 06/27/2015 07:01 PM, Ed Greshko wrote: >>>&

Re: SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

On 06/28/2015 07:53 AM, Suvayu Ali wrote: > On Sun, Jun 28, 2015 at 06:04:38AM -0400, Daniel J Walsh wrote: >> >> On 06/27/2015 07:01 PM, Ed Greshko wrote: >>> On 06/27/15 21:15, Andras Simon wrote: >>>> 2015-06-27 15:11 GMT+02:00, Andras Simon : >>

Re: SELinux is preventing sh from getattr access on the file /usr/sbin/ldconfig.

On 06/27/2015 07:01 PM, Ed Greshko wrote: > On 06/27/15 21:15, Andras Simon wrote: >> 2015-06-27 15:11 GMT+02:00, Andras Simon : >>> Should I be worried about the $subject? >> And there's also a "SELinux is preventing sh from execute access on >> the file /usr/sbin/ldconfig" which I've only just

Re: Disabling auditd on Fedora 22

On 06/23/2015 12:36 AM, Kevin Wilson wrote: > Dan, > Thanks a lot for your reply. > In fact, I ran > pm -e selinux-policy-targeted > rpm -e selinux-policy > And after reboot I got some message about freeze from systemd, I could > not login (tried twice), so I reinstalled Linux on this machine. >

Re: Disabling auditd on Fedora 22

On 06/22/2015 03:44 AM, Suvayu Ali wrote: > On Mon, Jun 22, 2015 at 08:01:41AM +0300, Kevin Wilson wrote: >> In /etc/selinux/config >> >> I set >> SELINUX=disabled >> Which means that I do not use in fact SElinux, so it seems to me. > It is recommended to keep it permissive instead of disabled. >

Re: Problem with Python??

On 06/18/2015 11:46 AM, jd1008 wrote: > selinux issues the following > If you believe /usr/bin/bython2.7 tried to disable selinux > > you may be under attack by a hacker, since confined applications > should never need this access. > Contact your security administrator and report this issue. > >

FYI: Is SELinux good anti-venom?

http://danwalsh.livejournal.com/71489.html -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org

Re: SELinux is preventing abrt-dump-journ from read access on the file /usr/lib64/libreport.so.0.

On 03/21/2015 02:03 PM, Lawrence E Graves wrote: > SELinux is preventing abrt-dump-journ from read access on the file > /usr/lib64/libreport.so.0. > > * Plugin restorecon (82.4 confidence) suggests > > > If you want to fix the label. > /usr/lib64/libreport.so.0 defau

Re: swapping

On 02/17/2015 02:16 AM, Patrick Dupre wrote: > It is very long. > Just the end. > > > time->Tue Feb 17 11:15:08 2015 > type=PROCTITLE msg=audit(1424168108.864:452969): > proctitle=2F7573722F6C696236342F66697265666F782F706C7567696E2D636F6E7461696E6572002F7573722F6C696236342F6D6F7A696C6C612F706C756

Re: swapping

ty support for Fedora users" >> Subject: Re: swapping >> >> On 01/15/2015 04:15 PM, Daniel J Walsh wrote: >>> Usually if you are in this situation, you have a bad labeling problem. >>> >>> touch /.autorelabel; reboot >>> >&g

Re: Removing obsolete selinux setup

On 01/18/2015 04:58 PM, Pete Stieber wrote: > I received an answer that worked on the fedora forums. > > 1. Edit the file > /etc/selinux/targeted/modules/active/file_contexts.local and > comment/fix the wrong contexts. > > In my case this meant changing httpd_mediawiki_rw_content_t to > mediawiki_

Re: swapping

On 01/16/2015 03:45 PM, poma wrote: > On 16.01.2015 20:35, Daniel J Walsh wrote: >> On 01/16/2015 01:57 PM, poma wrote: >>> On 16.01.2015 19:47, Daniel J Walsh wrote: >>>> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote: >>>>> On Fri, 2015-

Re: swapping

On 01/16/2015 01:57 PM, poma wrote: > On 16.01.2015 19:47, Daniel J Walsh wrote: >> On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote: >>> On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote: >>>> On 16.01.2015, Tim wrote: >>>> >>>>&g

Re: Removing obsolete selinux setup

On 01/16/2015 12:19 PM, Pete Stieber wrote: > I have a machine that has dokuwiki loaded. In order to get it to work > with selinux, I followed some advice that was on: > > https://www.dokuwiki.org/install:fedora > > to allow apache to edit some files: > > semanage fcontext -a -t httpd_mediawiki_r

Re: swapping

On 01/16/2015 07:47 AM, Patrick O'Callaghan wrote: > On Fri, 2015-01-16 at 08:28 +0100, Heinz Diehl wrote: >> On 16.01.2015, Tim wrote: >> >>> Of course *you* do not *use* it, it's there as a protective device >>> against *things* on your system. >> Any recent Linux distribution can be secured wi

Re: swapping

Usually if you are in this situation, you have a bad labeling problem. touch /.autorelabel; reboot Will fix the labels, or you could just do restorecon -R / On 01/15/2015 08:15 AM, Michael Cronenworth wrote: > On 01/15/2015 06:06 AM, Patrick Dupre wrote: >> Very often I reach a situation where

Re: "Cannot contact any KDC for realm" since upgrading to Fedora 21

On 12/17/2014 10:19 AM, Braden McDaniel wrote: > On 2014-12-17 09:37, fedora wrote: >> selinux? > > It's set to "permissive" on the F21 (server) box; shouldn't that be > sufficient? Or do I need to disable it completely to make sure it > isn't interfering? > If it is in permissive then SELinux is

Re: selinux relabel at boot

I will schedule a relabel and take a look at my box. ssd relabel is pretty quick. On 12/16/2014 06:07 PM, Tom Horsley wrote: > On Tue, 16 Dec 2014 16:58:41 -0500 > Daniel J Walsh wrote: > >> What version of Fedora was this? > A brand new fedora 21 workstation install. >

Re: selinux relabel at boot

What version of Fedora was this? restorecon -p -R / 7.4%^C Shows Percent done now. On 12/16/2014 02:03 PM, Tom Horsley wrote: > On Tue, 16 Dec 2014 13:36:08 -0500 > Daniel J Walsh wrote: > >> There should be an indicator on the screen telling you the progress of >> t

Re: selinux relabel at boot

On 12/13/2014 11:42 AM, Marko Vojinovic wrote: > On Sat, 13 Dec 2014 09:52:35 -0500 > Tom Horsley wrote: >> Just a note for someone who might care about this: >> >> I foolishly forgot to disable selinux in a system >> I created by copying all the files from a virtual image. >> >> When it booted,

SELinux and the bash exploit.

https://danwalsh.livejournal.com/71122.html -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.or

Re: Heads up: possible BASH security vulnerability

On 09/24/2014 08:27 PM, Chris Adams wrote: > Once upon a time, jd1008 said: >> So, is this one of the ways javascripts exec bash to install malware >> or do other nasty stuff? > This has nothing to do with Javascript. It is probably more serious to > servers, such as web servers, than to desktop

Re: SELinux contexts

On 07/31/2014 01:52 PM, Paolo Galtieri wrote: > On 07/31/2014 09:51 AM, Michael Cronenworth wrote: >> On 07/31/2014 10:54 AM, pgaltieri . wrote: >>> sudo semanage fcontext -a -t var_log_t 'logs' >> [snip] >> >> You need to pass the full path here. >> >> # semanage fcontext -a -t var_log_t /media/N

Re: CPU/Memory

I would bet you have a mislabeled machine that is generating hundreds of AVC's. ausearch -m avc -ts today If the system is mislabeled, the easiest thing to do would be touch /.autorelabel; reboot On 07/22/2014 07:02 PM, Rick Stevens wrote: > On 07/22/2014 01:23 PM, Patrick Dupre issued this mis

Re: Selinux Packaging [WAS: Wifi connection issues with Intel?]

On 06/16/2014 02:15 PM, Richard Shaw wrote: > On Mon, Jun 16, 2014 at 1:08 PM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > On 06/16/2014 01:35 PM, Richard Shaw wrote: >> On Mon, Jun 16, 2014 at 12:19 PM, Daniel J Walsh >>

Re: Wifi connection issues with Intel?

On 06/16/2014 01:35 PM, Richard Shaw wrote: > On Mon, Jun 16, 2014 at 12:19 PM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > > On 06/12/2014 10:14 AM, Richard Shaw wrote: >> On Thu, Jun 12, 2014 at 6:56 AM, Daniel J Walsh >>

Re: Wifi connection issues with Intel?

On 06/12/2014 10:14 AM, Richard Shaw wrote: > On Thu, Jun 12, 2014 at 6:56 AM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > >> The full unifi software is java with a mongodb database backend >> and works fine. I have a RPM I created, the only problem I

Re: google-chrome + selinux + ecryptfs

How is ecryptfs supposed to work? On 06/12/2014 03:13 PM, Pal, Laszlo wrote: > node= type=SYSCALL msg=audit(1402610675.802:3612): arch=c03e > syscall=47 success=yes exit=1 a0=12 a1=7f4cb29bb490 a2=40 a3=2 items=0 > ppid=8 pid=13635 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 > fsuid=1000 e

Re: Wifi connection issues with Intel?

On 06/11/2014 01:48 PM, Richard Shaw wrote: > On Wed, Jun 11, 2014 at 3:31 PM, poma > wrote: > > There are four "indoor" models, and basic one ain't 5 GHz. > > > Yes, I have the basic one, so it does support "n" but in 2.4GHz only. > > > > Besides the

Re: Problem with selinux and milter-greylist

On 05/27/2014 01:35 PM, arag...@dcsnow.com wrote: > > Looks like the milter-greylist.sock is mislabeled. What directory is it > > in? Why isn't it in /run? > > Well, see, I was following a guide (probably old) that pointed > Sendmail to /var/milter-greylist so I just changed the greylist.conf > fi

Re: Problem with selinux and milter-greylist

On 05/27/2014 12:55 PM, arag...@dcsnow.com wrote: > > Hi, > > So I'm trying to get milter-greylist working with > selinux > and I seem to have a problem. It doesn't seem to know > what > milter-greylist is trying to access so I can't add a rule to fix > it. > Here is what I see in /var/log/mes

Re: Set SELinux to allow only httpd daemon to use specific tty device

On 05/06/2014 12:03 AM, Emmanuel Noobadmin wrote: > On 5/5/14, Daniel J Walsh wrote: >> Simplest would be to just use >> # grep usbDataCollector /var/log/audit/audit.log | audit2allow -M myhttp >> # semodule -i myhttp.pp >> >> This would allot httpd_t processe

Re: Set SELinux to allow only httpd daemon to use specific tty device

On 05/04/2014 12:22 AM, Emmanuel Noobadmin wrote: > Using Fedora 20 3.11.10-301.fc20.x86_64 and selinux targeted policy.29 > > I've a PHP application that sends data to a USB tty device e.g. > /dev/usbDataCollector > > Unfortunately selinux is blocking this action. When set to permissive, > the al

Re: cups-pdf

On 05/04/2014 06:27 PM, Patrick Dupre wrote: > >> - Original Message - >> From: Steven Stern >> Sent: 05/05/14 12:03 AM >> To: Community support for Fedora users >> Subject: Re: cups-pdf >> >> On 05/04/2014 04:57 PM, Patrick Dupre wrote: >>> - Original Message - From: Ste

Re: Trouble starting webex in F20

On 05/02/2014 01:19 PM, Chris Kottaridis wrote: > > On 05/02/2014 12:07 PM, Daniel J Walsh wrote: >> >> On 05/01/2014 06:26 PM, Chris Kottaridis wrote: >>> >>> On 05/01/2014 05:08 PM, Rick Stevens wrote: >>>> On 05/01/2014 01:40 PM, Andrew Azores i

Re: Trouble starting webex in F20

On 05/01/2014 06:26 PM, Chris Kottaridis wrote: > > On 05/01/2014 05:08 PM, Rick Stevens wrote: >> On 05/01/2014 01:40 PM, Andrew Azores issued this missive: >>> On 05/01/2014 04:27 PM, Chris Kottaridis wrote: On 05/01/2014 02:11 PM, Deepak Bhole wrote: > * Chris Kottaridis [2014-05

Re: Two SELinux-related things

On 04/24/2014 04:56 PM, Mark Brader wrote: >> # semanage fcontext -a -e /home /u >> # restorecon -R -v /u >> >> Should fix you up. > Bingo. Thanks for your time. > > I did wonder if this was the cause of the problem, but (1) it didn't happen > with the previous Linux configuration I had, and (2)

Re: fedup 19=>20 hangs: selinux

Strange, if selinux-policy-targeted is not installed SELinux is disabled. On 04/09/2014 08:31 PM, Sean Darcy wrote: > On 04/09/2014 06:01 PM, Daniel J Walsh wrote: >> So this looks like selinux-policy-targeted got removed during the >> update? >> >> On 04/09/2014

Re: fedup 19=>20 hangs: selinux

So this looks like selinux-policy-targeted got removed during the update? On 04/09/2014 04:21 PM, Sean Darcy wrote: > On 04/08/2014 11:54 AM, Daniel J Walsh wrote: >> This usually means there is no /etc/selinux/targeted/policy/policy.* >> file. >> >> If you run semodu

Re: fedup 19=>20 hangs: selinux

This usually means there is no /etc/selinux/targeted/policy/policy.* file. If you run semodule -B Does one get created? On 04/08/2014 10:59 AM, Sean Darcy wrote: > Trying to upgrade F19 to F20 using fedup. On the upgrade reboot it hangs: > > > Reached target Initrd Default Target > s

Re: new SELinux error

ausearch -m avc,user_avc -i Or just attach the full output of the sealert command. The AVC's are at the bottom. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http:

Re: new SELinux error

What was the AVC that you got? On 03/27/2014 04:58 PM, Paul Cartwright wrote: > I am not sure what to do.. > > I got this error message: > # semanage fcontext -a -t FILE_TYPE '$FIX_TARGET_PATH' > where FILE_TYPE is one of the following: NetworkManager_log_t, > NetworkManager_tmp_t, abrt_helper_exec

Re: after upgrading fedora rawhide this morning, no graphical desktop

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2014 02:58 PM, Robert P. J. Day wrote: > On Thu, 13 Mar 2014, Kevin Martin wrote: > >> On 03/13/2014 07:57 AM, Robert P. J. Day wrote: >>> >>> recently, i upgraded my ASUS G74S laptop to fedora rawhide and it was >>> running nicely. then thi

Re: google-chrome not displaying text with selinux enforcing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/27/2014 02:38 PM, Ed K. wrote: > On Thu, 27 Feb 2014, Dale Dellutri wrote: > >>> On 02/27/14 05:50, Dale Dellutri wrote: I did this and set selinux back to enforcing. google-chrome is now working as it should. >>> >>> Good to see it

Re: google-chrome not displaying text with selinux enforcing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/26/2014 02:00 PM, Dale Dellutri wrote: > I've got a Fedora 20 XFCE desktop. I installed google-chrome. It fails to > display some text on many web sites if selinux is set to enforcing, but > shows the text with selinux set to permissive. > > Fo

Re: policycoreutils packaging bug?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/17/2014 10:14 AM, Jon Ingason wrote: > 2014-02-17 15:56, Suvayu Ali skrev: >> install policycoreutils-sandbox > I have two machines, both x86_64. On does have > policycoreutils-sandbox-2.2.5-3.fc20.x86_64 installed while the other > don't. > >

Re: logwatch error messages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/23/2014 01:54 PM, Robert Moskowitz wrote: > > On 01/23/2014 08:38 AM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 01/22/2014 11:07 PM, Robert Moskowitz wrote: >>> I a

Re: logwatch error messages

uid=0 egid=0 sgid=0 fsgid=0 > ses=16 tty=(none) comm="logwatch" exe="/usr/bin/perl" > subj=system_u:system_r:logwatch_t:s0-s0:c0.c1023 key=(null) Jan 22 03:37:14 > lx120e.htt-consult.com setroubleshoot[11102]: analyze_avc() > avc=scontext=system_u:system_r:logwatch_t:s0-s0:c0.

Re: update partially fails

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/18/2014 12:15 PM, antonio montagnani wrote: > Patrick Dupre ha scritto / said the followingil giorno/on 18/01/2014 > 17:59: >> Hello, >> >> The last update did not go very well. I got: Failed: bind.i686 >> 32:9.9.4-8.fc20 bind.i686 32:9.9.4-

Re: Trying to use mailx for logwatch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/07/2014 11:44 AM, Robert Moskowitz wrote: > getting closer. I am running a new install. So a fresh start on this... > > On 01/06/2014 11:14 AM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> &

Re: Trying to use mailx for logwatch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/03/2014 12:25 PM, Robert Moskowitz wrote: > > On 01/03/2014 12:03 PM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 01/03/2014 11:34 AM, Robert Moskowitz wrote: >>> On 01/03/20

Re: GCL get killed everytime I try to execute it

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/05/2014 09:21 PM, Rex Dieter wrote: > Isaac Cortés González wrote: > >> Ok here's my problem: I'm trying to learn (Common) Lisp, so I installed >> GCL, to compile or run the scripts that I'm making for practice; but I'm >> having problems to r

Re: Trying to use mailx for logwatch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/03/2014 11:34 AM, Robert Moskowitz wrote: > > On 01/03/2014 11:21 AM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 01/02/2014 05:29 PM, Robert Moskowitz wrote: >>> And the

Re: Trying to use mailx for logwatch

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2014 05:29 PM, Robert Moskowitz wrote: > And the mail is failing. Here is what I have done: > > I determined that in: /usr/share/logwatch/default.conf/logwatch.conf mailer > = "/usr/sbin/sendmail -t" > > so in: /etc/logwatch/conf/logwatch.c

Re: Different actions on different passwords?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/30/2013 08:09 PM, Robert Moskowitz wrote: > > On 12/30/2013 08:03 PM, Bill Oliver wrote: >> On Tue, 31 Dec 2013, Patrick O'Callaghan wrote: >> >>> >>> On Mon, Dec 30, 2013 at 11:25 PM, Bill Oliver >>> wrote: >>> >>> In linux, is it possible

Re: Why did SELinux relable my filesystem?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/25/2013 06:25 AM, Steven P. Ulrick wrote: > Hello, Everyone During my most recent re-boot, SELinux relabled my entire > filesystem. Which would be fine, except for the fact that I have SELinux > disabled on my system: > >> # This file controls t

Re: fedup and selinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I blogged on SELinux blocking stuff in permissive mode. http://danwalsh.livejournal.com/67855.html I think fedup putting the machine into permissive mode during the update is the sane thing to do, and since it should be doing this without services ru

Re: failed to ..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/31/2013 12:20 PM, Chris Murphy wrote: > > On Dec 31, 2013, at 8:57 AM, Daniel J Walsh wrote: > >> THere was a bug in libselinux which is now fixed, that was causing the >> problem. > > Right, but I thought that th

Re: failed to ..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/30/2013 11:11 AM, Chris Murphy wrote: > > On Dec 29, 2013, at 11:37 PM, Ralf Corsepius wrote: > >> On 12/30/2013 07:01 AM, Chris Murphy wrote: >>> >>> On Dec 28, 2013, at 8:15 PM, Patrick Dupre wrote: >>> Hello, I tried to s

Re: selinux=0

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/29/2013 10:31 AM, Patrick Dupre wrote: > > Thank, It works. > >> >> On Sun, 29 Dec 2013 14:40:26 +0100, Patrick Dupre wrote: >> >>> Hello, >>> >>> After cloning a distribution fedora 19, I have to set selinux=0 to be >>> able to boot. How ca

Re: sharing /boot among multible Linux distros

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/09/2013 11:17 AM, D. Hugh Redelmeier wrote: > | From: Daniel J Walsh > > | On 12/08/2013 01:11 AM, D. Hugh Redelmeier wrote: > > | > <https://bugzilla.redhat.com/show_bug.cgi?id=882568> Fedora could not > mount |

Re: [GW-C] Re: sharing /boot among multible Linux distros

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/08/2013 01:11 AM, D. Hugh Redelmeier wrote: > | From: Joe Zeff > > | On 11/26/2013 02:00 PM, Javier Perez wrote: | > For some reason, Ubuntu > does not find out Fedora unless I mount the disk | > each time I update > ubuntu kernel. | | How do y

Re: rsync errors (selinux?)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 02:54 PM, Wolfgang S. Rupprecht wrote: > > Daniel J Walsh writes: >> ausearch -m avc -ts recent > > local host (source of rsync): > > [root@arbol audit]# ausearch -m avc -ts recent [root@arbol > audit]# &g

Re: rsync errors (selinux?)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/25/2013 07:51 AM, poma wrote: > On 24.11.2013 19:03, Wolfgang S. Rupprecht wrote: >> >> For several years I've been doing an rsync across-the-lan backup for home >> directories. All has worked well until recently (well, since the fedup >> to f2

  1   2   3   4   5   >