On Fri, Nov 29, 2024 at 9:03 PM Stephen Morris
wrote:
> >>> Failed to start jobs: Failed to enqueue some jobs, see logs for
> details: Invalid argument
>
Start with journalctl, which should tell you more about which jobs didn't
start. Once you know which
jobs aren't starting you can determine i
Hi,
Doing a sudo dnf upgrade I got the following failure:
[ 29/106] Upgrading snapd-selinux-0:2.66.1-0.fc41.noarch
100%
| 1.5 KiB/s | 45.4 KiB | 00m30s
>>> Running post-install scriptl
On 10/23/24 02:07, Tim via users wrote:
On Wed, 2024-10-23 at 00:54 -0700, ToddAndMargo via users wrote:
SELinux is preventing login from search access on
the directory /home/todd
Is that just it looking for a face image in your homespace to show on
the login screen?
# ausearch -c '
On Wed, 2024-10-23 at 00:54 -0700, ToddAndMargo via users wrote:
> SELinux is preventing login from search access on
> the directory /home/todd
Is that just it looking for a face image in your homespace to show on
the login screen?
> # ausearch -c 'login' --raw | audi
Hi All,
SELinux is preventing login from search access on
the directory /home/todd
# ausearch -c 'login' --raw | audit2allow -M my-login
IMPORTANT ***
To make this policy package active, execute:
semodule -i my-login.pp
# semodule -X 300 -i m
On 10/21/24 15:18, Samuel Sieb wrote:
On 10/21/24 3:13 PM, ToddAndMargo via users wrote:
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the
On 10/21/24 3:13 PM, ToddAndMargo via users wrote:
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the label on /etc/mdevctl.d
Do you know what
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the label on /etc/mdevctl.d
Do
# semanage fcontext -a -t FILE_TYPE '/etc/mdev
On 7/23/24 1:06 AM, Javier Perez wrote:
It just printed this message.
root@pepewin:~# restorecon -v
/usr/lib/systemd/system-generators/zram-generator
Relabeled /usr/lib/systemd/system-generators/zram-generator from
system_u:object_r:init_exec_t:s0 to
system_u:object_r:systemd_zram_generator_e
It just printed this message.
root@pepewin:~# restorecon -v
/usr/lib/systemd/system-generators/zram-generator
Relabeled /usr/lib/systemd/system-generators/zram-generator from
system_u:object_r:init_exec_t:s0 to
system_u:object_r:systemd_zram_generator_exec_t:s0
On Tue, Jul 23, 2024 at 1:34 AM Sam
On 7/22/24 11:27 PM, Javier Perez wrote:
Done.
Let's see if it works...
I was hoping to see what the output was. The only one that would have
affected anything was the last one. Did it do anything?
--
___
users mailing list -- users@lists.fedorap
Done.
Let's see if it works...
On Tue, Jul 23, 2024 at 12:51 AM Samuel Sieb wrote:
> On 7/22/24 10:35 PM, Javier Perez wrote:
> > Hi. I am getting SELINUX notifications about zram-generator.
> >
> > Should I report the bug?
> >
> > SELinux is preventing
On 7/22/24 10:35 PM, Javier Perez wrote:
Hi. I am getting SELINUX notifications about zram-generator.
Should I report the bug?
SELinux is preventing zram-generator from open access on the file
/usr/lib/systemd/zram-generator.conf.
Try running the following:
rpm -qV zram-generator
ls -lZ
Hi. I am getting SELINUX notifications about zram-generator.
Should I report the bug?
SELinux is preventing zram-generator from open access on the file
/usr/lib/systemd/zram-generator.conf.
* Plugin catchall (100. confidence) suggests
**
If you believe that zram
Fedora 40 system cold boot shows 10 selinux errors from NeworkManager on
files in /run/NeworkManager. The contents of this directory seem to be
created during the boot process. They are owned by root and writeable,
but apparently not in the correct selinux context. My attempt to submit
a bug
I have been getting the following SElinux alert:
SELinux is preventing key.dns_resolve from setattr access on the key
labeled kernel_t.
Is it safe to create a rule to ignore this? Known issue?
--
___
users mailing list -- users@lists.fedoraproject.org
Hi guys.
I’ve just installed vanilla-default MongoDB (following
their official docs) and right away SELinux shows denials:
... SELinux is preventing /usr/bin/mongod from search access
on the directory
/var/lib/containers/storage/overlay-containers
On 22 Sep 2023 at 8:04, George N. White III wrote:
From: "George N. White III"
Date sent: Fri, 22 Sep 2023 08:04:24 -0300
Subject:Re: Noticed Failed message with selinux-policy-targeted on 3 of
5 machines??
To: mi...@guam.net,
Community support for Fedora u
On Thu, Sep 21, 2023 at 3:30 PM Michael D. Setzer II via users <
users@lists.fedoraproject.org> wrote:
> On 21 Sep 2023 at 20:09, Zdenek Pytela wrote:
>
> From: Zdenek Pytela
>
[...]
>
> > It looks like you have quite an old container-selinux installed. (I
&
On 21 Sep 2023 at 20:09, Zdenek Pytela wrote:
From: Zdenek Pytela
Date sent: Thu, 21 Sep 2023 20:09:44 +0200
Subject:Re: Noticed Failed message with selinux-policy-targeted on 3 of
5 machines??
To: mi...@guam.net
Copies to: Community support for Fedora users
Send reply
On Thu, Sep 21, 2023 at 7:21 PM Michael D. Setzer II wrote:
> On 21 Sep 2023 at 16:23, Zdenek Pytela wrote:
>
> From: Zdenek Pytela
> Date sent: Thu, 21 Sep 2023 16:23:01 +0200
> Subject:Re: Noticed Failed message with selinux-policy-targeted on
> 3 of 5 machi
On 21 Sep 2023 at 16:23, Zdenek Pytela wrote:
From: Zdenek Pytela
Date sent: Thu, 21 Sep 2023 16:23:01 +0200
Subject:Re: Noticed Failed message with selinux-policy-targeted on 3 of
5 machines??
To: mi...@guam.net
Copies to: Community support for Fedora users
Send reply
On Thu, Sep 21, 2023 at 12:28 AM Michael D. Setzer II
wrote:
> On 20 Sep 2023 at 19:57, Zdenek Pytela wrote:
>
> From: Zdenek Pytela
> Date sent: Wed, 20 Sep 2023 19:57:31 +0200
> Subject:Re: Noticed Failed message with selinux-policy-targeted on
> 3 of 5 machi
On 20 Sep 2023 at 19:57, Zdenek Pytela wrote:
From: Zdenek Pytela
Date sent: Wed, 20 Sep 2023 19:57:31 +0200
Subject:Re: Noticed Failed message with selinux-policy-targeted on 3 of
5 machines??
To: mi...@guam.net,
Community support for Fedora users
Send reply to
On Wed, Sep 20, 2023 at 8:25 AM Michael D. Setzer II via users <
users@lists.fedoraproject.org> wrote:
> In running dnf update on 5 machines noticed a fail message on 3 or 5?
> To double check ran dnf reinstall selinux* and get this on failing systems?
>
> Running transaction c
In running dnf update on 5 machines noticed a fail message on 3 or 5?
To double check ran dnf reinstall selinux* and get this on failing systems?
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Running scriptlet
On 14Aug2023 09:18, François Patte wrote:
Here is the part I get with ssh -v:
debug1: Next authentication method: publickey
debug1: Offering public key: /home/patte/.ssh/id_rsa RSA SHA256:
**
I have a server accepts line after this:
debug1: Next authentication me
onf
system_u:object_r:etc_t:s0 /etc/sysconfig/nftables.conf
I'm still on FC36, on this box.
Try restoring the SELinux contexts, as Ian says. It should set them
back to the expected ones, and things should work normally (if *that*
is the problem).
SELinux will disallow reading of some files, if it
uot;/etc/sysconfig/nftables.conf": Permission denied
>
> This file /etc/sysconfig/nftables.conf has 755 permissions.
>
> I tried to get informatons from the internet but did not find a
> solution.
>
> I tested wether it was a selinux problem and I won...
>
> setenforce 0
>
&
nf has 755 permissions.
I tried to get informatons from the internet but did not find a solution.
I tested wether it was a selinux problem and I won...
setenforce 0
Have you tried 'restorecon -r /etc/sysconfig'?
--
===
Le 2023-08-14 00:04, Cameron Simpson a écrit :
On 13Aug2023 23:23, François Patte
wrote:
Since I upgraded to f38 it is impossible to connect to a machine using
ssh rsa-key
the file .ssh/authorized_keys has not change, but any remote
connection to this machine asks for a password
On 13Aug2023 23:23, François Patte wrote:
Since I upgraded to f38 it is impossible to connect to a machine using
ssh rsa-key
the file .ssh/authorized_keys has not change, but any remote
connection to this machine asks for a password
Is there something to change with selinux
On Sunday, August 13, 2023 5:23:51 PM EDT François Patte wrote:
> Since I upgraded to f38 it is impossible to connect to a machine using
> ssh rsa-key
The RSA algorithm is considered too weak to be safe and has been
disabled in the ssh program.
The work-around if you cannot convert to, say,
u...
- johnk*
*
On 8/13/23 17:23, François Patte wrote:
Bonjour,
Since I upgraded to f38 it is impossible to connect to a machine using
ssh rsa-key
the file .ssh/authorized_keys has not change, but any remote
connection to this machine asks for a password
Is there something to change
Bonjour,
Since I upgraded to f38 it is impossible to connect to a machine using
ssh rsa-key
the file .ssh/authorized_keys has not change, but any remote connection
to this machine asks for a password
Is there something to change with selinux?
Thank you.
--
François Patte
UFR de
Den 2023-08-12 kl. 18:07, skrev François Patte:
Bonjour,
I come accross a problem with nftables: it was impossible to start
nftables, the error message is:
internal:0:0-0: Error: Could not open file
"/etc/sysconfig/nftables.conf": Permission denied
I think this is selinux
nformatons from the internet but did not find a
solution.
I tested wether it was a selinux problem and I won...
setenforce 0
solved the problem
Now I went back to setenforce 1 but the problem is : if I reboot my
machine, the problem will come back.
How to make selinux accept nftab
> Am 22.04.2023 um 15:40 schrieb Ranjan Maitra :
>
> I tried to change selinux to permissive on the F38 box, and then I was able
> to mount the share. However, the F37 box mounts the share fine, with selinux
> set at enforcing. So, should a separate context need to be created
Barry,
Thanks for this! To answer some of your questions, I do not know what the
version of Windows is. It is something that is fairly recent, but has not been
changed for years.
After looking at dmesg (as recommended by the error message), and
/var/log/messages, I tried to change selinux to
On Tue, 21 Mar 2023 21:50:22 +0100
Patrick Dupre wrote:
> >
> > >> I get the following SELinux security alert which seems to be
> > >> difficult to fix because of the number of things to do.
> >
> > I don't understand why you think two things
>
> >> I get the following SELinux security alert which seems to be
> >> difficult to fix because of the number of things to do.
>
> I don't understand why you think two things to do is difficult.
Because, every time that I make
semanage fcontext -a -t syslog_c
I get the following SELinux security alert which seems to be
difficult to fix because of the number of things to do.
I don't understand why you think two things to do is difficult.
You can generate a local policy module to allow this access.
Do allow this access for now by exec
Hi
On Mon, 20 Mar 2023 10:28:35 +0100 Patrick Dupre wrote:
> I did not get retuen about my request.
There was. Please, see the archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/thread/NEDFHZEENU3YPWXCKENB2FDYL4YHYOW6/#5LDTZCEMCGHQHKSLJXRS3QIFVZ3IYE73
--
fr
ent: Thursday, March 16, 2023 at 10:32 AM
> From: "Patrick Dupre"
> To: "fedora"
> Subject: SELinux seciruty alert
>
> Hello,
>
> I get the following SELinux security alert which seems to be difficult
> to fix because of the number of things to do.
> Is
Hi.
On Thu, 16 Mar 2023 10:32:27 +0100 Patrick Dupre wrote:
> SELinux is preventing systemd from open access on the file
> /var/usermin/miniserv.pid.
Another solution beside fixing the selinux context would perhaps be to change
the associated .service file to not use a .pid file.
What
On Thu, 16 Mar 2023 10:32:27 +0100
Patrick Dupre wrote:
> I get the following SELinux security alert which seems to be difficult
> to fix because of the number of things to do.
There is really only one thing to do, just run the two commands with
the proper selinux context selected as fi
Hello,
I get the following SELinux security alert which seems to be difficult
to fix because of the number of things to do.
Is there a simple thing that I could do?
Thanks
SELinux is preventing systemd from open access on the file
/var/usermin/miniserv.pid.
* Plugin catchall_labels
2 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_file
>
> selinux alerts for gdb and devtmpfs looks like a known issue:
> https://bugzilla.redhat.com/show_bug.cgi?id=1896648
Yes, a known issue - it is required to turn this boolean
Messages
> type=AVC msg=audit(1643524262.137:696): avc: denied { open } for pid=74330
> comm="gdb" path="/dev/snd/pcmC0D0p" dev="devt
> mpfs" ino=532 scontext=system_u:system_r:abrt_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:sound_device_t:s0 tclass=chr_fi
On 12/7/22 13:04, Jeffrey Walton wrote:
On Wed, Dec 7, 2022 at 11:16 AM Robert McBroom via users
wrote:
SELinux is preventing gdb from read access on the chr_file pcmC0D0p.
What would call debug on boot sequence?
More information may be found in /var/log/audit/audit.log. `sealert -l
On Wed, Dec 7, 2022 at 11:16 AM Robert McBroom via users
wrote:
>
> SELinux is preventing gdb from read access on the chr_file pcmC0D0p.
>
> What would call debug on boot sequence?
More information may be found in /var/log/audit/audit.log. `sealert -l
"*"` might also provid
SELinux is preventing gdb from read access on the chr_file pcmC0D0p.
What would call debug on boot sequence?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of
>
> On 2022-07-12 01:02, Patrick Dupre wrote:
> > I do not how to deal wit this issue: in fc34 and fc36.
> >
> > SELinux security alert recommend the following:
> >
> > You need to change the label on /var/usermin/miniserv.pid
> > # semanage fcontext
On 2022-07-12 01:02, Patrick Dupre wrote:
I do not how to deal wit this issue: in fc34 and fc36.
SELinux security alert recommend the following:
You need to change the label on /var/usermin/miniserv.pid
# semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
where FILE_TYPE
Hello,
I do not how to deal wit this issue: in fc34 and fc36.
SELinux security alert recommend the following:
You need to change the label on /var/usermin/miniserv.pid
# semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
where FILE_TYPE is one of the
Hello,
I have the recommendation
You need to change the label on /var/usermin/miniserv.pid
# semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
where FILE_TYPE is one of the following: NetworkManager_etc_rw_t,
NetworkManager_etc_t, NetworkManager_exec_t,
etc...
a long list of FILE_TYPE
> On 7/3/22 10:03, Patrick Dupre wrote:
> > I cannot delete it.
> > I tried to follow the recommendations with you success.
> > This machine is still in FC34 before I have time to backup the machine,
> > etc..
>
> Just to make sure: did you try the instructions as yourself or as root?
As root
>
On 7/3/22 10:03, Patrick Dupre wrote:
I cannot delete it.
I tried to follow the recommendations with you success.
This machine is still in FC34 before I have time to backup the machine, etc..
Just to make sure: did you try the instructions as yourself or as root?
___
Hello,
I permanently get thus alert:
on file /var/usermin/miniserv.pid
You need to change the label on /var/usermin/miniserv.pid
# semanage fcontext -a -t FILE_TYPE '/var/usermin/miniserv.pid'
where FILE_TYPE is one of the following: NetworkManager_etc_rw_t,
NetworkManager_etc_t, NetworkManager_
Il giorno gio, 19/05/2022 alle 07.37 -0700, stan via users ha scritto:
> File a bug for selinux. If it isn't theirs, they will forward it to
> NetworkManager. You should include the above command you used to
> work
> around the issue.
I have fill this bug:
https://bu
y problem.
> Is this modify permanent at boot or I must repeat every restart?
>
It persists reboot. To undo, execute:
sudo semanage permissive -d NetworkManager_dispatcher_t
> Another question:
>
> Is this a SElinux or Network-Manager bug?
> I must fill a bugzilla or not?
>
Genera
y problem.
> Is this modify permanent at boot or I must repeat every restart?
The man page for selinux-permissive isn't clear to me on this question.
But the fact it is creating a permissive module suggests that it will
survive both reboots and selinux updates. Probably not an selinux
tion:
Is this a SElinux or Network-Manager bug?
I must fill a bugzilla or not?
Thanks
Dario
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduc
.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> D
Il giorno mar, 17/05/2022 alle 19.42 +0200, Zdenek Pytela ha scritto:
> If the /etc/NetworkManager/dispatcher.d/15-vpn-disp file is not a
> part of any package, the following command should set the correct
> label:
>
> # restorecon -v /etc/NetworkManager/dispatcher.d/15-vpn-disp
>
> but that st
On Tue, May 17, 2022 at 1:07 PM Dario Lesca wrote:
> After update to Fedora 36 I have a selinux problem with my personal
> NetworkManager dispatcher script
>
> Into logs I get this error:
>
> mag 17 12:56:30 dodo.home.solinos.it audit[160270]: AVC avc: denied {
> getattr }
After update to Fedora 36 I have a selinux problem with my personal
NetworkManager dispatcher script
Into logs I get this error:
mag 17 12:56:30 dodo.home.solinos.it audit[160270]: AVC avc: denied { getattr
} for pid=160270 comm="nm-dispatcher"
path="/etc/NetworkManager/disp
It worked after I did `setenforce 0`, so SELinux is the problem. I have
my swap file inside its own BTRFS subvolume mounted at /swap and the
SELinux context for that directory is system_u:object_r:unlabeled_t:s0.
It looks like I need to allow systemd-sleep to search that directory. I
think the
On 4/17/22 22:09, Joe Zeff wrote:
On 4/17/22 22:47, Alexander Zhang wrote:
It worked after I did `setenforce 0`, so SELinux is the problem. I
have my swap file inside its own BTRFS subvolume mounted at /swap and
the SELinux context for that directory is
system_u:object_r:unlabeled_t:s0. It
Easier still is to remove that partition from fstab and reformat it as a
swap partition.
I guess I can use a swap partition, but since I use LUKS without LVM, I
would have to make a separate LUKS volume. I wanted to use a swap file
so that everything is in one LUKS volume.
(I forgot to reply
On 4/17/22 22:47, Alexander Zhang wrote:
It worked after I did `setenforce 0`, so SELinux is the problem. I have
my swap file inside its own BTRFS subvolume mounted at /swap and the
SELinux context for that directory is system_u:object_r:unlabeled_t:s0.
It looks like I need to allow systemd
First try would be to disable SELinux to confirm your hypothesis.
However even if you fix the selinux problem i do not think this will
work, you need to have a swap partition for hibernate / resume to work,
the systemd-hibernate-resume man page makes reference to needing a
specific device node
/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-security-enhanced_linux-working_with_selinux-selinux_contexts_labeling_files
However even if you fix the selinux problem i do not think this will
work, you need to have a swap partition for hibernate / resume to work,
the
works, but doing systemctl
> hibernate only locks and briefly turns off the screen. I found these lines
> in the logs, which seems to indicate that SELinux is causing the issue:
>
> Apr 15 23:16:14 fedora systemd[1]: Reached target Sleep.
> Apr 15 23:16:14 fedora systemd[1]: Starting
briefly turns off the screen. I found these lines in the
logs, which seems to indicate that SELinux is causing the issue:
First try would be to disable SELinux to confirm your hypothesis.
Regards.
--
Roberto Ragusamail at robertoragusa.it
_
ese lines in the logs, which seems to indicate that SELinux is
causing the issue:
Apr 15 23:16:14 fedora systemd[1]: Reached target Sleep.
Apr 15 23:16:14 fedora systemd[1]: Starting Hibernate...
Apr 15 23:16:14 fedora systemd-sleep[9774]: Failed to find location to
hibernate to: Permission d
ying to
>> > access.
>>
>> Considering how random this appears to be, I would have to turn full
>> auditing on for some time. Plus they don't provide how to turn it back
>> off.
>>
>> >
>> >>>>>> Additional Information
ould have to turn full
auditing on for some time. Plus they don't provide how to turn
it back
off.
>
>>>>>> Additional Information:
>>>>>> Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
>>>>>> T
gt; auditing on for some time. Plus they don't provide how to turn it back
> off.
>
> >
> >>>>>> Additional Information:
> >>>>>> Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
> >>>>>> Target Co
ly useful. The problem is that it's being run from the
context listed above and that's what is being denied. Depending on
what it's trying to access, it might be an issue for the selinux policy.
Are you running it as a systemd service or running it from cron?
All I did
c1023
# ls -Z /usr/sbin/logwatch
system_u:object_r:bin_t:s0 /usr/sbin/logwatch
This isn't really useful. The problem is that it's being run from the
context listed above and that's what is being denied. Depending on what
it's trying to access, it might be an issue for the
On 1/5/22 21:16, Ed Greshko wrote:
On 06/01/2022 09:25, Robert Moskowitz wrote:
On 1/5/22 17:17, Ed Greshko wrote:
On 05/01/2022 21:02, Robert Moskowitz wrote:
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no
On 06/01/2022 09:25, Robert Moskowitz wrote:
On 1/5/22 17:17, Ed Greshko wrote:
On 05/01/2022 21:02, Robert Moskowitz wrote:
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no one seems to be home.
Here is the
On 1/5/22 17:17, Ed Greshko wrote:
On 05/01/2022 21:02, Robert Moskowitz wrote:
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no one seems to be home.
Here is the full detail; it looks like it may be logwatch
On 05/01/2022 21:02, Robert Moskowitz wrote:
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no one seems to be home.
Here is the full detail; it looks like it may be logwatch causing the problem.
What do I do to
I keep getting these errors.
I got them back with F32 and Xfce, and now with F35 and Xfce.
I asked on the SElinux list, but no one seems to be home.
Here is the full detail; it looks like it may be logwatch causing the
problem. What do I do to fix this?
===
SELinux is
On 10/12/2021 10:22, Nick Urbanik wrote:
There is an ongoing problem of decay of selinux labels on this
machine; I would appreciate any suggestions on how to troubleshoot
this I find it alarming.
I wouldn't call it a "decay". If it were that I wouldn't expect the context
On 06/12/21 09:10 +1100, Nick Urbanik wrote:
On 05/12/21 09:59 -0500, Jonathan Billings wrote:
On Dec 5, 2021, at 05:44, Nick Urbanik wrote:
I am regularly having selinux labels changing. This should never
happen, but it does quite continuously; many critical executables lose
their correct
system_u:object_r:cupsd_etc_t:s0 to
system_u:object_r:cupsd_rw_etc_t:s0
Can you tell us what version of the SELinux policy you have? Maybe
“rpm -qa | grep selinux”.
$ rpm -qa | grep selinux
rpm-plugin-selinux-4.17.0-1.fc35.x86_64
dnfdaemon-selinux-0.3.20-7.fc35.noarch
libselinux-3.3-1.fc35.x86_64
libselinux-utils-3.3-1
psd_etc_t:s0
> to system_u:object_r:cupsd_rw_etc_t:s0
Can you tell us what version of the SELinux policy you have? Maybe “rpm -qa |
grep selinux”. I see a lot of policy change related updates there, as well as
stuff in /bin having generic context instead of specific context.
Also, how do you update? Command line DNF
On 05/12/21 09:59 -0500, Jonathan Billings wrote:
On Dec 5, 2021, at 05:44, Nick Urbanik wrote:
I am regularly having selinux labels changing. This should never
happen, but it does quite continuously; many critical executables lose
their correct label, preventing me from logging in without
> On Dec 5, 2021, at 05:44, Nick Urbanik wrote:
>
> I am regularly having selinux labels changing. This should never
> happen, but it does quite continuously; many critical executables lose
> their correct label, preventing me from logging in without a relabel.
>
&
Dear Folks,
I am regularly having selinux labels changing. This should never
happen, but it does quite continuously; many critical executables lose
their correct label, preventing me from logging in without a relabel.
This is Fedora 35, upgraded over quite a few generations of Fedora.
The root
Le 2021-08-17 01:25, Thomas Cameron a écrit :
Thank you for answering. This video is going a little bit to fast for
me: if I can read and speak English, it is easier for me if people
speak a bit slower...
Anyway, as far as I understand, if I want to re-enable selinux I have
to:
1- change
...
Anyway, as far as I understand, if I want to re-enable selinux I have
to:
1- change the config file to enforcing
2- touch /.autorelabel
3- reboot
Did I miss something?
Yes, that will work.
___
users mailing list -- users@lists.fedoraproject.org
Thank you for answering. This video is going a little bit to fast for
me: if I can read and speak English, it is easier for me if people speak
a bit slower...
Anyway, as far as I understand, if I want to re-enable selinux I have to:
1- change the config file to enforcing
2- touch
Le 2021-08-16 17:35, Thomas Cameron a écrit :
This may be helpful:
Security-Enhanced Linux for mere mortals
https://www.youtube.com/watch?v=_WOKRaM-HI4
I gave this presentation at Red Hat Summit a couple of years ago, it's
still relevant. I talk about how to enable SELinux on a system
On Mon, 2021-08-16 at 08:50 -0700, Doug H. wrote:
> On Mon, Aug 16, 2021, at 7:53 AM, François Patte wrote:
> > Bonjour,
> >
> > For some reason (I explain later) I disabled selinux in
> > /etc/selinux/config file.
> >
> > When I re-enabled selinux (SELINU
On Mon, Aug 16, 2021, at 7:53 AM, François Patte wrote:
> Bonjour,
>
> For some reason (I explain later) I disabled selinux in
> /etc/selinux/config file.
>
> When I re-enabled selinux (SELINUX=enforcing in the config file) I could
> not restart my system: no service co
This may be helpful:
Security-Enhanced Linux for mere mortals
https://www.youtube.com/watch?v=_WOKRaM-HI4
I gave this presentation at Red Hat Summit a couple of years ago, it's
still relevant. I talk about how to enable SELinux on a system where
it's been disabled.
Hope this help
1 - 100 of 1589 matches
Mail list logo
