On 10/21/24 15:18, Samuel Sieb wrote:
On 10/21/24 3:13 PM, ToddAndMargo via users wrote:
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the label
On 10/21/24 3:13 PM, ToddAndMargo via users wrote:
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the label on /etc/mdevctl.d
Do you know what "
Hi All,
Fedroa 39 and 41 maybe.
I am throwing the follow selinux error:
If you want to allow daemon-init to have watch
access on the mdevctl.d directory Then you need to
change the label on /etc/mdevctl.d
Do
# semanage fcontext -a -t FILE_TYPE '/etc/mdevctl.d'
whe
Le 2021-08-17 01:25, Thomas Cameron a écrit :
Thank you for answering. This video is going a little bit to fast for
me: if I can read and speak English, it is easier for me if people
speak a bit slower...
Anyway, as far as I understand, if I want to re-enable selinux I have
to:
1- change the
I apologize, I will try to speak more slowly and clearly for future
presentations.
Thomas
On 8/16/2021 6:25 PM, Thomas Cameron wrote:
Thank you for answering. This video is going a little bit to fast for
me: if I can read and speak English, it is easier for me if people
speak a bit slower...
Thank you for answering. This video is going a little bit to fast for
me: if I can read and speak English, it is easier for me if people speak
a bit slower...
Anyway, as far as I understand, if I want to re-enable selinux I have to:
1- change the config file to enforcing
2- touch /.autorelabel
Le 2021-08-16 17:35, Thomas Cameron a écrit :
This may be helpful:
Security-Enhanced Linux for mere mortals
https://www.youtube.com/watch?v=_WOKRaM-HI4
I gave this presentation at Red Hat Summit a couple of years ago, it's
still relevant. I talk about how to enable SELinux on a system where
it
On Mon, 2021-08-16 at 08:50 -0700, Doug H. wrote:
> On Mon, Aug 16, 2021, at 7:53 AM, François Patte wrote:
> > Bonjour,
> >
> > For some reason (I explain later) I disabled selinux in
> > /etc/selinux/config file.
> >
> > When I re-enabled selinux (SELINUX=enforcing in the config file) I could
On Mon, Aug 16, 2021, at 7:53 AM, François Patte wrote:
> Bonjour,
>
> For some reason (I explain later) I disabled selinux in
> /etc/selinux/config file.
>
> When I re-enabled selinux (SELINUX=enforcing in the config file) I could
> not restart my system: no service could start and I got a ker
This may be helpful:
Security-Enhanced Linux for mere mortals
https://www.youtube.com/watch?v=_WOKRaM-HI4
I gave this presentation at Red Hat Summit a couple of years ago, it's
still relevant. I talk about how to enable SELinux on a system where
it's been disabled.
Hope this helps!
Thomas
Bonjour,
For some reason (I explain later) I disabled selinux in
/etc/selinux/config file.
When I re-enabled selinux (SELINUX=enforcing in the config file) I could
not restart my system: no service could start and I got a kernel panic.
I had to rescue my system (see my other post) and disab
Bonjour,
Sometimes selinux blocks access to a file without any clear reasons:
yesterday it was ok, today it is blocked... Why? I don't know, I changed
nothing, did not make any upgrade...
Today dictd cannot start:
SELinux forbids dictd an open access to /var/log/dictd.log.
Suggestion:
# aus
On Tue, 4 Feb 2020 09:33:42 -0500 sean darcy wrote:
> syslog is full of this:
>
> AVC avc: denied { read } for pid=1225843 comm="rpm"
> name="Providename" dev="dm-1" ino=2622531
> scontext=system_u:system_r:setroubleshootd_t:s0
> tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permis
syslog is full of this:
AVC avc: denied { read } for pid=1225843 comm="rpm"
name="Providename" dev="dm-1" ino=2622531
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
setroubleshootd[1223244]: error: cannot open Name index
On 12/10/18 20:50, Joe Zeff wrote:
If you use the GUI, there should be a column listing possible fixes.
.
That was what I needed. It turned out to be a virt machine that wanted
access to the wrong nfs system name. I simply deleted the no longer
needed VM.
Thanks for the help, Bob
--
Bob Goo
On 12/10/2018 06:09 PM, Bob Goodwin wrote:
On 12/10/18 7:30 PM, Joe Zeff wrote:
Try opening up the SELinux Troubleshooter, AKA sealert. It should
have a list of all alerts that haven't been dismissed, with
instructions on how to deal with them.
.
This is the result:
# sealert
/usr/bin/sea
On 12/10/18 7:30 PM, Joe Zeff wrote:
Try opening up the SELinux Troubleshooter, AKA sealert. It should
have a list of all alerts that haven't been dismissed, with
instructions on how to deal with them.
.
This is the result:
# sealert
/usr/bin/sealert:32: DeprecationWarning: Importing dbus.
On 12/10/2018 04:26 PM, Bob Goodwin wrote:
.
I just upgraded this Fedora 27 to 29 and it refused to run xfce until I
"setenforce 0"
I never seem to have selinux problems and don't know how to deal with
them. Doing "ausearch -m avc" produces a slew of:
time->Mon Dec 10 17:10:06 2018
typ
.
I just upgraded this Fedora 27 to 29 and it refused to run xfce until I
"setenforce 0"
I never seem to have selinux problems and don't know how to deal with
them. Doing "ausearch -m avc" produces a slew of:
time->Mon Dec 10 17:10:06 2018
type=AVC msg=audit(1544479806.790:376): avc: d
On 05/11/2016 08:51 AM, Patrick O'Callaghan wrote:
Virtually every security measure is a partial solution. There are no
magic bullets. However just because a given measure is weak on its own
doesn't mean it isn't useful in combination with others. Using a non-
root user for remote login means th
On Wed, 2016-05-11 at 10:07 -0500, Bruno Wolff III wrote:
> On Tue, May 10, 2016 at 01:30:48 -0700,
> Joe Zeff wrote:
> >
> >
> > Excellent advice. Linux never tells you if the username you're
> > trying
> > to log in with is right, just that the combination of username and
> > password was
On Tue, May 10, 2016 at 01:30:48 -0700,
Joe Zeff wrote:
Excellent advice. Linux never tells you if the username you're trying
to log in with is right, just that the combination of username and
password was wrong. The only username that a potential cracker knows
exists is root, so if you a
Allegedly, on or about 10 May 2016, Patrick O'Callaghan sent:
> Much more important is to keep tight control of logins
> from outside your network. Only allow SSH, don't allow it to the root
> account, only allow it using token (not password) access, and run
> fail2ban.
If you run externally acce
On 05/10/2016 01:03 AM, Patrick O'Callaghan wrote:
Much more important is to keep tight control of logins
from outside your network. Only allow SSH, don't allow it to the root
account, only allow it using token (not password) access, and run
fail2ban.
Excellent advice. Linux never tells you if
On Mon, 2016-05-09 at 16:11 -0700, Samuel Sieb wrote:
> > Linux is a bit more impervious to the nefarious actions of the evil
> > hackers out there than MacOS and a lot more so that Winblows, but
> it
> > isn't perfect. If you're surfing the web, wear a full-body condom
> or
> > two. And always rem
On 05/09/2016 03:52 PM, Rick Stevens wrote:
On 05/09/2016 12:19 PM, CS DBA wrote:
1) If I want to use the plugin package:
you must turn off SELinux controls on the Firefox plugins.
# setsebool -P unconfined_mozilla_plugin_transition 0
I wouldn't go so far as to reinstall. SELinux has blocked
On 05/09/2016 03:30 PM, CS DBA wrote:
On 05/09/2016 01:39 PM, Rick Stevens wrote:
On 05/09/2016 12:19 PM, CS DBA wrote:
Hi All;
I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now
at Firefox 46.0.1) I've been getting these SELINUX alerts:
The source process: 57656220436F
On 05/09/2016 04:36 PM, Samuel Sieb wrote:
On 05/09/2016 12:19 PM, CS DBA wrote:
Thoughts? Is this a bug? Should I run the setsebool command to allow
access?
https://bugzilla.redhat.com/show_bug.cgi?id=1230052
What plugins do you have installed? Flash?
--
users mailing list
users@lists.fed
On 05/09/2016 12:19 PM, CS DBA wrote:
Thoughts? Is this a bug? Should I run the setsebool command to allow
access?
https://bugzilla.redhat.com/show_bug.cgi?id=1230052
What plugins do you have installed? Flash?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscr
On 05/09/2016 01:39 PM, Rick Stevens wrote:
On 05/09/2016 12:19 PM, CS DBA wrote:
Hi All;
I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now
at Firefox 46.0.1) I've been getting these SELINUX alerts:
The source process: 57656220436F6E74656E74
Attempted this access: crea
On 05/09/2016 12:19 PM, CS DBA wrote:
Hi All;
I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now
at Firefox 46.0.1) I've been getting these SELINUX alerts:
The source process: 57656220436F6E74656E74
Attempted this access: create
On this rawip_socket:
The alert gives me 2
Hi All;
I'm running Fedora 23 KDE Spin, After a recent firefox update (I'm now
at Firefox 46.0.1) I've been getting these SELINUX alerts:
The source process: 57656220436F6E74656E74
Attempted this access: create
On this rawip_socket:
The alert gives me 2 choices:
1) If I want to use the pl
On Tue, 2015-06-16 at 17:38 -0600, jd1008 wrote:
> So, I guess I have one of 2 options:
> touch /.autorelabel followed by reboot
If it's just a small number of files and/or directories, simply restore
their labels. That's much less disruptive, and this isn't windows.
man restorecon
--
tim@loca
On 06/16/2015 05:24 PM, Tahir Hafiz wrote:
On Tue, Jun 16, 2015 at 10:27 PM, Martin Cigorraga
mailto:martincigorr...@gmail.com>>wrote:
Check with SELinux Troubleshooter.
On Tue, Jun 16, 2015 at 6:24 PM jd1008 mailto:jd1...@gmail.com>> wrote:
On 06/16/2015 03:22 PM, jd1008
If you do a
sealert -a /var/log/audit/audit.log
That should output what SELinux policy was infringed.
SELinux logs to /var/log/audit/audit.log
grep AVC /var/log/audit/audit.log
is another way to parse the log file for SELinux comments.
Cheers,
Tahir
On Tue, Jun 16, 2015 at 10:27 PM, Martin Ci
Check with SELinux Troubleshooter.
On Tue, Jun 16, 2015 at 6:24 PM jd1008 wrote:
>
>
> On 06/16/2015 03:22 PM, jd1008 wrote:
> > Selinux comlained the a program "attempted write on this directory"
> >
> > but it does not say which directory.
> > I looked in /var/log but even there it does not sa
On 06/16/2015 03:22 PM, jd1008 wrote:
Selinux comlained the a program "attempted write on this directory"
but it does not say which directory.
I looked in /var/log but even there it does not say which directory.
So how can I find out which directory the program attempted the write?
The progr
Selinux comlained the a program "attempted write on this directory"
but it does not say which directory.
I looked in /var/log but even there it does not say which directory.
So how can I find out which directory the program attempted the write?
--
users mailing list
users@lists.fedoraproject.org
On 20 November 2011 00:09, Ian Malone wrote:
> On 19 November 2011 18:38, Deron Meranda wrote:
>> On Sat, Nov 19, 2011 at 9:42 AM, Ian Malone wrote:
>>> I've got quite a few of these during boot, anyone know what might be the
>>> cause?
>>>
>>> Loading kernel module for a network device with CA
On 19 November 2011 18:38, Deron Meranda wrote:
> On Sat, Nov 19, 2011 at 9:42 AM, Ian Malone wrote:
>> I've got quite a few of these during boot, anyone know what might be the
>> cause?
>>
>> Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).
>> Use CAP_NET_ADMIN and a
On Sat, Nov 19, 2011 at 9:42 AM, Ian Malone wrote:
> I've got quite a few of these during boot, anyone know what might be the
> cause?
>
> Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).
> Use CAP_NET_ADMIN and alias X instead.
>
> Where X includes netdev-snd_ice1724,
Hi,
I've got quite a few of these during boot, anyone know what might be the cause?
Loading kernel module for a network device with CAP_SYS_MODULE (deprecated).
Use CAP_NET_ADMIN and alias X instead.
Where X includes netdev-snd_ice1724, netdev-snd_ac97_codec, netdev-fat,
netdev-vfat, netdev-blue
Recently, I mentioned getting regular SELinux alerts from BOINC,
normally from Einstein@home. I've just received another one, although
from a WCT unit. Yes, I'm following the troubleshooting instructions as
I always do, and they seem to work, but only for that unit. (Using
restorecon as root
43 matches
Mail list logo
