Of course the process of writing the request answers the question:
To disable donotaudit:
semodule -DB
to re-enable it:
semodule -B
This leads to the missing rule:
allow virtd_t http_port_t:tcp_socket { name_bind name_connect };
which presumably can be modified to allow connections on any o
On 28/7/24 06:45, Greg Wooledge wrote:
On Sat, Jul 27, 2024 at 22:40:10 +, Andy Smith wrote:
Hi,
On Sun, Jul 28, 2024 at 06:30:50AM +0800, cor...@free.fr wrote:
Is selinux necessary in a production environment?
"Will my door still function as a door if it has no lock on it?"
More li
On Sat, Jul 27, 2024 at 22:40:10 +, Andy Smith wrote:
> Hi,
>
> On Sun, Jul 28, 2024 at 06:30:50AM +0800, cor...@free.fr wrote:
> > Is selinux necessary in a production environment?
>
> "Will my door still function as a door if it has no lock on it?"
More like "Will my door still function as
On 28/7/24 06:30, cor...@free.fr wrote:
Hello
I have checked this doc,
https://wiki.debian.org/SELinux/Setup
Is selinux necessary in a production environment? Will it affect running
services such as web, database, mail, etc., causing potential problems?
Thanks.
I have set it up multip
Hi,
On Sun, Jul 28, 2024 at 06:30:50AM +0800, cor...@free.fr wrote:
> Is selinux necessary in a production environment?
"Will my door still function as a door if it has no lock on it?"
> Will it affect running services such as web, database, mail, etc.,
> causing potential problems?
"Has any co
Everyone,
First of all thanks for the input. Unfortunately, I have to apologize,
because the actual problem was somewhat silly: selinux appears to be
preventing only *root* login at the tty, which I neglected to mention.
(Also, I neglected to check until now).
Regular user logins are fine. I'll
On 5/17/24 02:02, George at Clug wrote:
Is AppArmor already installed and running? It is on my system, maybe this
would conflict with SeLinux?
# aa-status
https://wiki.debian.org/AppArmor/HowToUse
Disable AppArmor
AppArmor is a security mechanism and disabling it is not recommended
As you found out yourself, by default it's installed and running. And it's
quite likely they would interfere.
Still, the question remains. Why do you need SELinux? Do you have an actual
need for it? If not, go with what's already there. This will be much easier
to set up and handle.
Richard
Am F
Is there a specific reason why you want to use SELinux? AppArmor is already
there and much easier to configure. SELinux usually causes more issues than
AppArmor too as it's not as granular, especially on distros not made
specifically for it, at least in my experience. And on Debian, some apps
alrea
Is AppArmor already installed and running? It is on my system,
maybe this would conflict with SeLinux?
# aa-status
https://wiki.debian.org/AppArmor/HowToUse
DISABLE APPARMOR
AppArmor is a security mechanism and disabling it is not recommended.
If you really need to disable AppArmor on your s
On Tue, 2023-10-31 at 18:36 +1300, Alex King wrote:
> Now it seems that selinux is active again, and even when I try to set
> selinux=0 to disable it, it is still running and spamming the logs with
> messages like
>
> logrotate.service: Failed to read SELinux context of
> '/lib/systemd/system/l
> > squeeze!
>
> Speaking of obvious — the OP says 9.5, so presumably they _meant_ to say
> Stretch — no?
It does not say "9.5" anywhere in the original post. It does, however,
say 9.5 in the Subject header. Unfortunately, we have a divide here.
Newbies think that putting information in the Sub
On 11/3/18 7:45 PM, Mark Fletcher wrote:
>
> squeeze! You could be very lucky and someone with the same outdated,
> no longer supported distribution and experiencing the same problem
> comes along. I wouldn't count on it though.
>
> > Any suggestions?
>
> The obvious.
>
>
> Spe
> squeeze! You could be very lucky and someone with the same outdated,
> no longer supported distribution and experiencing the same problem
> comes along. I wouldn't count on it though.
>
> > Any suggestions?
>
> The obvious.
>
Speaking of obvious — the OP says 9.5, so presumably they _meant_ to s
On Sat 03 Nov 2018 at 18:04:49 -0400, John Jasen wrote:
> For some reason, my attempts at enabling SELinux on a squeeze system
> just aren't taking.
>
> As I understand it, the following steps are required:
>
> a) installing selinux-policy-default and dependencies
>
> b) editing /etc/selinux/co
On Monday 27 April 2015 15:01:21 Ian Pilcher wrote:
> On 04/26/2015 08:46 PM, Ric Moore wrote:
> > On 04/26/2015 07:23 PM, Ian Pilcher wrote:
> >> As part of my CentOS-to-Debian visionquest, I'm trying to enable SELinux
> >> on Jessie, but I haven't been able to install the policy:
> >>
> >>E:
Am 2015-04-27 01:23, schrieb Ian Pilcher:
As part of my CentOS-to-Debian visionquest, I'm trying to enable
SELinux
on Jessie, but I haven't been able to install the policy:
E: Package 'selinux-policy-default' has no installation candidate
Does it simply not exist yet?
It isn't part of the
On 04/26/2015 08:46 PM, Ric Moore wrote:
On 04/26/2015 07:23 PM, Ian Pilcher wrote:
As part of my CentOS-to-Debian visionquest, I'm trying to enable SELinux
on Jessie, but I haven't been able to install the policy:
E: Package 'selinux-policy-default' has no installation candidate
Does it si
On 04/26/2015 07:23 PM, Ian Pilcher wrote:
As part of my CentOS-to-Debian visionquest, I'm trying to enable SELinux
on Jessie, but I haven't been able to install the policy:
E: Package 'selinux-policy-default' has no installation candidate
Does it simply not exist yet?
You old yum friend,
I don't know of such a list, but what I recommend is to run it in
permissive mode for some period of time (days? A week?) and see what
is captured in the logs, then use that to adjust your rules.
Your logs should also tell you at this point at least some of what is
subtly broken.
--b
On Tue, Apr
--- On Tue, 3/15/11, Josep M. Gasso wrote:
> Hello Patrick.
>
> Thanks for Your answers, the only doubts that I have now
> with selinux
> are:
>
> System update with "aptitude safe-upgrade" and "aptitude
> full-upgrade"
> did You give any problems?
With SELinux, you never know until you try.
Hello Shawn
Thanks for Your answers,I installed selinux on a virtual machine, and ok
for first steps...but not with all apps that I have installed in my
host.
The only doubts that I have now with selinux are:
System update with "aptitude safe-upgrade" and "aptitude full-upgrade"
did You give any
Hello Patrick.
Thanks for Your answers, the only doubts that I have now with selinux
are:
System update with "aptitude safe-upgrade" and "aptitude full-upgrade"
did You give any problems?
About backups, the only tool for backups is "star", seems that are not
inclosed in squeeze, there is more si
On Sun, Mar 13, 2011 at 12:00 PM, Josep M. Gasso wrote:
> Hello.
>
> I would like ask if someone have in his home a Desktop/Server machine
> what runs selinux, my Debian Squeeze machine is always on and is a
> mailserver too.
>
> So, I would like if there is any desktop problems with selinux, and
--- On Sun, 3/13/11, Josep M. Gasso wrote:
> I would like ask if someone have in his home a
> Desktop/Server machine
> what runs selinux, my Debian Squeeze machine is always on
> and is a
> mailserver too.
I run Fedora. (And have since FC3.) SELinux is installed by default. It has
problems.
On Wed, Oct 10, 2007 at 10:01:17PM -0400, Kevin Mark wrote:
> On Tue, Oct 09, 2007 at 11:10:26AM +1000, Alex Samad wrote:
> > Hi
> >
> >
On Tue, Oct 09, 2007 at 11:10:26AM +1000, Alex Samad wrote:
> Hi
>
>
>
On Tue, Oct 09, 2007 at 11:10:26AM +1000, Alex Samad wrote:
> Hi
>
>
>
On Tue, Oct 09, 2007 at 11:10:26AM +1000, Alex Samad wrote:
> Hi
>
>
>
Am 2007-09-22 00:00:09, schrieb Mumia W..:
> It probably is good technology. But I think it should be good
> technology--elsewhere.
>
> Including SElinux in Debian is not like including tuxracer. Too much of
> the core security parts of Debian have to be changed to accommodate SElinux.
>
> If I
On Mon, 24 Sep 2007 09:10:50 -0500
Manoj Srivastava <[EMAIL PROTECTED]> wrote:
Hello Manoj,
> /selinux is like /proc; the contents are created by the
> kernel. The selinuxfs support in the kernel is not enabled by the
> default grub menu.lst; hence the mount fails.
Thanks for the explan
On Mon, 24 Sep 2007 09:14:26 +0100, Brad Rogers <[EMAIL PROTECTED]> said:
> On Sun, 23 Sep 2007 17:09:39 -0400
> Joey Hess <[EMAIL PROTECTED]> wrote:
> Hello Joey,
>> He's referring to #328474. It's mostly just ugly, there's no
>> appreciable overhead.
> True, although /selinux does exist on m
On Sun, 23 Sep 2007 17:09:39 -0400
Joey Hess <[EMAIL PROTECTED]> wrote:
Hello Joey,
> He's referring to #328474. It's mostly just ugly, there's no
> appreciable overhead.
True, although /selinux does exist on my system, it's empty, hence the
warning during the boot process. Now, if only I knew
On Mon, 24 Sep 2007 06:45:18 +1000, Alex Samad <[EMAIL PROTECTED]> said:
> Why not make a different section on the normal stable / testing /
> unstable streams. so non-free contrib and selinux place all the
> selinux patch stuff under there ?
Firstly, contrib and non-free are not part o
Manoj Srivastava wrote:
> Can you elaborate? If possible, this should be either fixed, or
> the warning eliminated as nominal operation.
He's referring to #328474. It's mostly just ugly, there's no appreciable
overhead.
--
see shy jo
signature.asc
Description: Digital signature
On Sun, Sep 23, 2007 at 02:56:44PM -0500, Manoj Srivastava wrote:
> On Sun, 23 Sep 2007 16:06:11 +0900, Takehiko Abe <[EMAIL PROTECTED]> said:
>
> > Manoj Srivastava wrote:
> >> That is not the case. All core libraries and packages have already
> >> been patched and are functional in Etch. You d
On Sun, 23 Sep 2007 16:06:11 +0900, Takehiko Abe <[EMAIL PROTECTED]> said:
> Manoj Srivastava wrote:
>> That is not the case. All core libraries and packages have already
>> been patched and are functional in Etch. You did not even notice it,
>> because they are optional.
> libselinux and libse
On Sun, 23 Sep 2007 11:34:21 +0100, Brad Rogers <[EMAIL PROTECTED]> said:
> On Sun, 23 Sep 2007 01:35:25 -0400
> Joey Hess <[EMAIL PROTECTED]> wrote:
> Hello Joey,
>> -rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1 If
>> you're worried by this amount of space use, you probably have
On Sun, 23 Sep 2007, Takehiko Abe wrote:
>> Mike McCarty wrote:
>>> That is naive, is it not? The apps themselves have to be SELinux-
>>> aware. So, one can remove the policy packages, but not SELinux.
>> -rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1
>> If you're worried by this amou
On Sun, 23 Sep 2007 01:35:25 -0400
Joey Hess <[EMAIL PROTECTED]> wrote:
Hello Joey,
> -rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1
> If you're worried by this amount of space use, you probably have much
> larger problems than SE Linux.
There's more to it than that; Here, part o
Joey Hess wrote:
Mike McCarty wrote:
That is naive, is it not? The apps themselves have to be SELinux-
aware. So, one can remove the policy packages, but not SELinux.
-rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1
If you're worried by this amount of space use, you probably have
Manoj Srivastava wrote:
That is not the case. All core libraries and packages have
already been patched and are functional in Etch. You did not even
notice it, because they are optional.
libselinux and libsepol are required and are not optional.
I bet that selinux is of no use for
Mike McCarty wrote:
> That is naive, is it not? The apps themselves have to be SELinux-
> aware. So, one can remove the policy packages, but not SELinux.
-rw-r--r-- 1 root root 82K Jul 10 14:11 /lib/libselinux.so.1
If you're worried by this amount of space use, you probably have much
larger probl
On Fri, Sep 21, 2007 at 05:36:35PM -0500, Manoj Srivastava wrote:
> On Fri, 21 Sep 2007 00:14:29 -0500, Mumia W
> <[EMAIL PROTECTED]> said:
>
> > I concur. From what I've read, selinux seems complicated and
> > Linux-contorting enough to be placed at Debian's periphery--if not
> > outside of the
On Fri, 21 Sep 2007 21:32:22 -0500, Mumia W
<[EMAIL PROTECTED]> said:
> On 09/21/2007 09:20 PM, Patrick Wiseman wrote:
>> I, for one, would specifically ask that it NOT be a standard feature,
>> so please, if it's to be offered at all, make it optional. I would
>> hate one day to find, after d
On Sat, 22 Sep 2007 00:00:09 -0500, Mumia W <[EMAIL PROTECTED]> said:
> On 09/21/2007 10:15 PM, Andrew J. Barr wrote:
>> On 9/21/07, Kelly Clowers <[EMAIL PROTECTED]> wrote:
>>> On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
Why is selinux in Debian at all?
Have any users asked
On 09/21/2007 10:15 PM, Andrew J. Barr wrote:
On 9/21/07, Kelly Clowers <[EMAIL PROTECTED]> wrote:
On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
Why is selinux in Debian at all?
Have any users asked for it?
I don't know, but if it wasn't in Debian, I would ask for it.
I don't get why peop
Apologies - I meant to reply to the list with this and forgot that gmail
behaves badly!
Patrick
On 9/21/07, Patrick Wiseman <[EMAIL PROTECTED]> wrote:
>
> On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
> >
> > On 09/21/2007 05:36 PM, Manoj Srivastava wrote:
> > > On Fri, 21 Sep 2007 00:14:29 -0
On 09/21/2007 09:20 PM, Patrick Wiseman wrote:
On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
On 09/21/2007 05:36 PM, Manoj Srivastava wrote:
On Fri, 21 Sep 2007 00:14:29 -0500, Mumia W
<[EMAIL PROTECTED]> said:
I concur. From what I've read, selinux seems complicated and
Linux-contorting e
On 9/21/07, Kelly Clowers <[EMAIL PROTECTED]> wrote:
> On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
> > Why is selinux in Debian at all?
> >
> > Have any users asked for it?
>
> I don't know, but if it wasn't in Debian, I would ask for it.
>
> I don't get why people seem to think SELinux is a b
On 9/21/07, Mumia W.. <[EMAIL PROTECTED]> wrote:
> Why is selinux in Debian at all?
>
> Have any users asked for it?
I don't know, but if it wasn't in Debian, I would ask for it.
I don't get why people seem to think SELinux is a bad thing.
Cheers,
Kelly
--
To UNSUBSCRIBE, email to [EMAIL PRO
On 09/21/2007 05:36 PM, Manoj Srivastava wrote:
On Fri, 21 Sep 2007 00:14:29 -0500, Mumia W
<[EMAIL PROTECTED]> said:
I concur. From what I've read, selinux seems complicated and
Linux-contorting enough to be placed at Debian's periphery--if not
outside of the perimeter altogether.
On Fri, 21 Sep 2007 00:14:29 -0500, Mumia W
<[EMAIL PROTECTED]> said:
> I concur. From what I've read, selinux seems complicated and
> Linux-contorting enough to be placed at Debian's periphery--if not
> outside of the perimeter altogether.
I am trying to make SELinux disappear -- back
On Fri, 21 Sep 2007 09:08:08 -0400, Neil Watson <[EMAIL PROTECTED]> said:
> On Thu, Sep 20, 2007 at 11:49:08PM -0400, Joey Hess wrote:
>> SE Linux is already included in Debian, and is even installed, though
>> not enabled, by default. You can remove the selinux-policy-* packages
>> to remove it.
On Fri, 21 Sep 2007 04:51:16 -0400, Kevin Mark <[EMAIL PROTECTED]> said:
> On Fri, Sep 21, 2007 at 12:19:40AM -0500, Mike McCarty wrote:
>> Joey Hess wrote:
>>> SE Linux is already included in Debian, and is even installed,
>>> though not enabled, by default. You can remove the selinux-policy-*
>
On Thu, Sep 20, 2007 at 11:49:08PM -0400, Joey Hess wrote:
SE Linux is already included in Debian, and is even installed, though
not enabled, by default. You can remove the selinux-policy-* packages to
remove it.
It is included but, during my testing enabling SElinux disabled many
things (e.g G
Kevin Mark wrote:
The extent to which SELinux 'infests' Debian is a minor one. For proper
SELinux support you only have to alter a handful of basic packages and
the kernel, so that's like .001% of its packages.
but it runs deep. those handful are required packages.
--
To UNSUBSCRIBE, email t
On Fri, Sep 21, 2007 at 12:19:40AM -0500, Mike McCarty wrote:
> Joey Hess wrote:
>> SE Linux is already included in Debian, and is even installed, though
>> not enabled, by default. You can remove the selinux-policy-* packages to
>> remove it.
>
> That is naive, is it not? The apps themselves have
On 09/20/2007 10:39 PM, Mike McCarty wrote:
May I suggest to the Debian developers that, should they
contemplate including SELinux into Debian, they not follow
Red Hat's decision to make it a fixed part of the distro,
which can be disabled, but rather continue to provide a
version of the distro w
Joey Hess wrote:
SE Linux is already included in Debian, and is even installed, though
not enabled, by default. You can remove the selinux-policy-* packages to
remove it.
That is naive, is it not? The apps themselves have to be SELinux-
aware. So, one can remove the policy packages, but not S
Mike McCarty wrote:
> May I suggest to the Debian developers that, should they
> contemplate including SELinux into Debian, they not follow
> Red Hat's decision to make it a fixed part of the distro,
> which can be disabled, but rather continue to provide a
> version of the distro which just does n
On Tue, Aug 21, 2007 at 04:07:16PM -0400, Neil Watson wrote:
> Has anyone managed to get Selinux running in enforced mode? I tried it
> on the weekend but enforcement began denying things. Postfix could not
> read the alias file. Gnucash would not start. It would seem that the
> policy needs so
On Fri, Apr 13, 2007 at 07:50:32PM +0200, Sven Arvidsson wrote:
> On Fri, 2007-04-13 at 19:38 +0200, Raphael wrote:
> > I want to learn the selinux in debian etch, but, it is very hard to find
> > the right doku about it. I want to learn how is the default state in
> > etch now and how to change th
On Fri, 2007-04-13 at 19:38 +0200, Raphael wrote:
> I want to learn the selinux in debian etch, but, it is very hard to find
> the right doku about it. I want to learn how is the default state in
> etch now and how to change this. Is there a good start-howto?
>
> Google don't show me a good doku..
>> Hello,
>> audit2allow (from package policycoreutils) returns the following error:
>>
>>
>> Traceback (most recent call last):
>> File "/usr/bin/audit2allow", line 27, in ?
>> import commands, sys, os, pwd, string, getopt, re, selinux
>>
Þann 2006-06-14, 12:22:27 (+0200) skrifaði Bruno Costacurta:
> Hello,
> audit2allow (from package policycoreutils) returns the following error:
>
>
> Traceback (most recent call last):
> File "/usr/bin/audit2allow", line 27, in ?
> import commands, sys, os, p
On Thu, Mar 23, 2006 at 03:30:52PM -0600, Mike McCarty wrote:
> Well, I see that Fedora Core 5 is now out, and there are some
> installation "disasters" being reported. As it turns out,
> SELINUX is implicated in a fair proportion of them, just as
> it was in FC4.
>
> I strongly recommend to the D
On Mon, Jan 23, 2006 at 05:36:14AM +0300, Roman Makurin wrote:
>
> --
> If you think of MS-DOS as mono, and Windows as stereo,
> then Linux is Dolby Digital and all the music is free...
^^
Ek!! Dolby is a noise reduction system needed because of cheap
component
В сообщении от Понедельник 23 января 2006 02:51 Glenn Meehan написал(a):
> Hi,
>
> I am getting the following error in my start up messages:
>
> "failed to mount /selinux"
>
> Why am I getting this message?
>
> I don't need SElinux or it's associated mandatory access controls.
>
> How can I opt out
I would also like to know what is trying to mount this partition and
why? Why does selinux want to mount a partition anyway?
TIA
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
http://home.tiscali.cz:8080/~cz210552/forkbomb.html
software that can be used to test your system.
2005/9/24, Arvind Autar <[EMAIL PROTECTED]>:
> Hello,
>
> Selinux is perhaps not there yet, but debian could give it a hand No
> third party hand if I may say so.
>
> However, how much of the time i
Hello,
Selinux is perhaps not there yet, but debian could give it a hand No
third party hand if I may say so.
However, how much of the time is it the software devolpers mistake
rather then SELinux's mistake?
Another different question, how does debian handle fork bomb
protection? Is this kernel
On Wed, 2005-21-09 at 20:40 +0200, Arvind Autar wrote:
> If SELinux is also suitable for desktop users for example if we look
> at the targeted policy (for fedora and RHEL) it
> shows that it doesn't restrict users sessions. Short conclusion, there
> is no loss of functionality, why hasn't debian
On Wed, 21 Sep 2005, Arvind Autar wrote:
> is no loss of functionality, why hasn't debian implented SELinux as
> default?
It is not that simple. We are doing it slowly.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the L
Arvind Autar wrote:
Helllo,
I have been using debian for quite some time now, how ever I have
watched several distrobutions implentating so many great ideas, and I
have been wondering why such a robust distorbution as debian
GNU/Linux(*) hasn't done this. One of them is:
SELinux
If SELinux is
75 matches
Mail list logo
