FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-03-2012, 06:53 PM
 
Default Was, FC17 and setroubleshoot, is policy bugs

Well, I went looking for setroubleshoot because we were getting a lot of
crap in the logs after I upgraded one system to FC17. I installed it, and
Dominick says is ought to be autorun on an event.

Wellllll, I'm not seeing the usual "avc, blah, blah, run sealert ....".

I thought I'd try another way, and found one immediate problem, that
use_nfs_home_dirs was off. I tried to set it on, as root....

setsebool -P use_nfs_home_dirs on
libsepol.scope_copy_callback: entropyd: Duplicate declaration in module:
type/attribute entropyd_var_run_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
Could not change policy booleans

Bug?

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-03-2012, 08:01 PM
Miroslav Grepl
 
Default Was, FC17 and setroubleshoot, is policy bugs

On 07/03/2012 08:53 PM, m.roth@5-cent.us wrote:

Well, I went looking for setroubleshoot because we were getting a lot of
crap in the logs after I upgraded one system to FC17. I installed it, and
Dominick says is ought to be autorun on an event.

Wellllll, I'm not seeing the usual "avc, blah, blah, run sealert ....".

I thought I'd try another way, and found one immediate problem, that
use_nfs_home_dirs was off. I tried to set it on, as root....

setsebool -P use_nfs_home_dirs on
libsepol.scope_copy_callback: entropyd: Duplicate declaration in module:
type/attribute entropyd_var_run_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
Could not change policy booleans

Bug?

Could you try to run

semodule -n -s targeted -r xfs kudzu kerneloops execmem openoffice ada
tzdata hal hotplug howl java mono moilscanner gamin audio_entropy
audioentropy iscsid polkit_auth polkit rtkit_daemon ModemManager
telepathysofiasip ethereal passanger qpidd pyzor razor


Which is supposed to be done in the package.


mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux



--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-03-2012, 08:16 PM
 
Default Was, FC17 and setroubleshoot, is policy bugs

Miroslav Grepl wrote:
> On 07/03/2012 08:53 PM, m.roth@5-cent.us wrote:
>> Well, I went looking for setroubleshoot because we were getting a lot of
>> crap in the logs after I upgraded one system to FC17. I installed it,
>> and Dominick says is ought to be autorun on an event.
>>
>> Wellllll, I'm not seeing the usual "avc, blah, blah, run sealert ....".
>>
>> I thought I'd try another way, and found one immediate problem, that
>> use_nfs_home_dirs was off. I tried to set it on, as root....
>>
>> setsebool -P use_nfs_home_dirs on
>> libsepol.scope_copy_callback: entropyd: Duplicate declaration in module:
>> type/attribute entropyd_var_run_t (No such file or directory).
>> libsemanage.semanage_link_sandbox: Link packages failed (No such file or
>> directory).
>> Could not change policy booleans
>>
>> Bug?
> Could you try to run
>
> semodule -n -s targeted -r xfs kudzu kerneloops execmem openoffice ada
> tzdata hal hotplug howl java mono moilscanner gamin audio_entropy
> audioentropy iscsid polkit_auth polkit rtkit_daemon ModemManager
> telepathysofiasip ethereal passanger qpidd pyzor razor
>
> Which is supposed to be done in the package.

That worked. After running that, I could do my setsebool.

I will note that both the semodule and the setsebool took a truly
ridiculous amount of time. It was at *least* one full minute or more for
the setsebool.

mark

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 07-03-2012, 08:19 PM
Miroslav Grepl
 
Default Was, FC17 and setroubleshoot, is policy bugs

On 07/03/2012 10:16 PM, m.roth@5-cent.us wrote:

Miroslav Grepl wrote:

On 07/03/2012 08:53 PM, m.roth@5-cent.us wrote:

Well, I went looking for setroubleshoot because we were getting a lot of
crap in the logs after I upgraded one system to FC17. I installed it,
and Dominick says is ought to be autorun on an event.

Wellllll, I'm not seeing the usual "avc, blah, blah, run sealert ....".

I thought I'd try another way, and found one immediate problem, that
use_nfs_home_dirs was off. I tried to set it on, as root....

setsebool -P use_nfs_home_dirs on
libsepol.scope_copy_callback: entropyd: Duplicate declaration in module:
type/attribute entropyd_var_run_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
Could not change policy booleans

Bug?

Could you try to run

semodule -n -s targeted -r xfs kudzu kerneloops execmem openoffice ada
tzdata hal hotplug howl java mono moilscanner gamin audio_entropy
audioentropy iscsid polkit_auth polkit rtkit_daemon ModemManager
telepathysofiasip ethereal passanger qpidd pyzor razor

Which is supposed to be done in the package.

That worked. After running that, I could do my setsebool.

I will note that both the semodule and the setsebool took a truly
ridiculous amount of time. It was at *least* one full minute or more for
the setsebool.

mark


Yes, we know about that. You can execute

# semodule -d unconfined

which will disable unconfined domains but unconfined user will still
exist. Then try to run semodule. It should be faster.


--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 02:52 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org