Re: [CentOS] CentOS 5 + Quagga + SELinux

From: SilverTip257 silvertip...@gmail.com On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ~]# man zebra_selinux No manual entry for zebra_selinux This man page seems to be in selinux-policy-doc package for CentOS 6...   # yum whatprovides

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Fri, Mar 7, 2014 at 5:16 AM, John Doe jd...@yahoo.com wrote: From: SilverTip257 silvertip...@gmail.com On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ~]# man zebra_selinux No manual entry for zebra_selinux This man page seems to be in

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 07:07 PM, SilverTip257 wrote: On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux Thank you for the quick reply. ~]# man zebra_selinux No manual entry for zebra_selinux This is a

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Thu, Mar 6, 2014 at 7:07 PM, SilverTip257 silvertip...@gmail.com wrote: On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh dwa...@redhat.com wrote: ... If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config boolean.

Re: [CentOS] CentOS 5 + Quagga + SELinux

On 05/03/2014 19:11, Les Mikesell wrote: On Wed, Mar 5, 2014 at 9:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ... If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config boolean. Disabled by default.

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2014 02:11 PM, Les Mikesell wrote: On Wed, Mar 5, 2014 at 9:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ... If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Thu, Mar 6, 2014 at 8:02 AM, Daniel J Walsh dwa...@redhat.com wrote: setsebool -P zebra_write_config 1 Is there some global registration facility for selinux context names or are you the only one that knows them all? Don't really know what you mean by that. I mean, if different people

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 10:39 AM, Les Mikesell wrote: On Thu, Mar 6, 2014 at 8:02 AM, Daniel J Walsh dwa...@redhat.com wrote: setsebool -P zebra_write_config 1 Is there some global registration facility for selinux context names or are you the only one

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Thu, Mar 6, 2014 at 11:03 AM, Daniel J Walsh dwa...@redhat.com wrote: All in the world, or all that have been created for currently installed packages? Is this as bad as rpm packaging where any two different sources are likely to conflict in name and/or contents? Well we have not had

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2014 01:15 PM, Les Mikesell wrote: On Thu, Mar 6, 2014 at 11:03 AM, Daniel J Walsh dwa...@redhat.com wrote: All in the world, or all that have been created for currently installed packages? Is this as bad as rpm packaging where any two

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Thu, Mar 6, 2014 at 2:53 PM, Daniel J Walsh dwa...@redhat.com wrote: Not sure what you mean but these are files on a file system, Which I guess you define as a giant list of global variables. Yes, in the sense that there can only be one of each. And if you intend for it to be widely used

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Wed, Mar 5, 2014 at 10:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux Thank you for the quick reply. ~]# man zebra_selinux No manual entry for zebra_selinux This is a rather basic (headless) install of CentOS 5.10 from the netinstall ISO. I haven't ripped out any

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2014 07:56 PM, SilverTip257 wrote: Hello All, Does anyone happen to be running Quagga on CentOS 5 with SELinux in enforcing mode? Have you had to create SELinux policies or did it just work out of the box? (I'll get around to

Re: [CentOS] CentOS 5 + Quagga + SELinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/04/2014 07:56 PM, SilverTip257 wrote: Hello All, Does anyone happen to be running Quagga on CentOS 5 with SELinux in enforcing mode? Have you had to create SELinux policies or did it just work out of the box? (I'll get around to

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Wed, Mar 5, 2014 at 10:18 AM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Does setsebool -P zebra_write_conf 1 Fix your problem? So far I ran: setsebool -P allow_zebra_write_config=1 ( per https://bugzilla.redhat.com/show_bug.cgi?id=429252#c1

Re: [CentOS] CentOS 5 + Quagga + SELinux

On Wed, Mar 5, 2014 at 9:19 AM, Daniel J Walsh dwa...@redhat.com wrote: man zebra_selinux ... If you want to allow zebra daemon to write it configuration files, you must turn on the zebra_write_config boolean. Disabled by default. setsebool -P zebra_write_config 1 Is

[CentOS] CentOS 5 + Quagga + SELinux

Hello All, Does anyone happen to be running Quagga on CentOS 5 with SELinux in enforcing mode? Have you had to create SELinux policies or did it just work out of the box? (I'll get around to building this out on CentOS 6 as well.) I'm simply trying to write my config (for the zebra daemon) and