Re: [CentOS] selinux problem policies
On 04/30/2017 07:24 PM, Günther J. Niederwimmer wrote: when I like to set this Rule ? semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" This Errors are displayd ? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 I see, now. What happens if you run "find /etc/selinux/targeted/tmp"? I'm not sure if you're getting an error because a tmp file was left behind earlier, or because something is wrong with the command you're running. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux problem policies
Hello, On Sonntag, 30. April 2017 18:40:23 CEST Gordon Messmer wrote: > On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote: > > I write this! > > > > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ > > typo3conf(/.*)?" > > OK. Did you get an error? I have only Errors ;-). when I like to set this Rule ? semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" This Errors are displayd ? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom relabelto))) But the Rule are not added/set ? > > I have more instances from typo3 > > I found this construct in the selinux policies > > "/var/www/html(/.*)?/uploads(/.*)?" > > > > but my is not working ? > > Can you be specific about what "not working" means? Did you get an > error from the semanage command? Are files not labeled correctly? > > After setting context rules, you can "restorecon -R -v /var/www/html/" > to fix the labels of any existing files. You can see their current > labels using "ls -lZ /var/www/html". > > > and I have only errors? > > > > neverallow check failed at > > /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 > > When do you see that error? > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos -- mit freundlichen Grüssen / best regards Günther J. Niederwimmer ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS-docs] New User
On 28 April 2017 at 01:00, Lev Lazinskiywrote: > Hi Folks! > > Per the process outlined in the wiki[1]. I just joined the CentOS community > and would like to request access to create personal home page. I plan on > making some decent contributions to the wiki moving forward. > > username: LevLazinskiy > > [1] > https://wiki.centos.org/Contribute#head-42b3d8e26400a106851a61aebe5c2cca54dd79e5 > > Best, > Lev Sorry for the delay. I have now initialised a home page for you -- https://wiki.centos.org/LevLazinskiy Perhaps you would like to tell us something about your experiences, your usage of CentOS products and how you can assist the CentOS Project. Alan. ___ CentOS-docs mailing list CentOS-docs@centos.org https://lists.centos.org/mailman/listinfo/centos-docs
Re: [CentOS] SCSI drives and Centos 7
On Sun, Apr 30, 2017 at 1:03 PM, Gregory P. Enniswrote: > Thanks for your help. I did not want to replace this machine with new > equipment, but it looks like I may need to do just that. > > Here are the results with respect to the lsi raid board for : > > lspci -nn > > > 02:01.0 RAID bus controller [0104]: LSI Logic / Symbios Logic MegaRAID > [1000:1960] (rev 01) > 02:02.0 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] > (rev 10) > 02:02.1 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] > (rev 10) The driver for your device LSI Logic / Symbios Logic MegaRAID [1000:1960] is disabled in the CentOS kernel (C6 and C7). # CONFIG_MEGARAID_LEGACY is not set You'd need a driver disk with the required driver to install CentOS on your system. My suggestion is that you ask ELRepo to offer such a disk by filing an RFE at http://elrepo.org/bugs . Akemi ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SCSI drives and Centos 7
-Original Message-From: John R PierceReply-to: CentOS mailing list To: centos@centos.org Subject: Re: [CentOS] SCSI drives and Centos 7 Date: Sat, 29 Apr 2017 13:31:11 -0700 On 4/29/2017 12:42 PM, Gregory P. Ennis wrote: > what does `lspci` have to say about this raid card ? > > John, > > Thanks for the prompt : > > lspci demonstrates : > > 02:01.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 01) > 02:02.0 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10) > 02:02.1 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10) could you try `lspci -nn`, this will return the vendor/device ID, which will pin down which megaraid it is. but, I'm afraid the answer is, that hardware is way over 10 years old, and support has been dropped from newer OS releases. Those raid controllers require not only specific drivers, but also support utilities for monitoring the status of the raids, and configuring them. The Megaraid family started back under NCR/Symbios in the late 80s, LSI acquired what was left of Symbios in 1998, Avago acquired LSI in 2014, then merged with Broadcom in 2016 (as I understand it, Avago acquired Broadcom, but then renamed themselves). Sadly, support for legacy hardware tends to evaporate in corporate takeovers as its seen as pure John, Thanks for your help. I did not want to replace this machine with new equipment, but it looks like I may need to do just that. Here are the results with respect to the lsi raid board for : lspci -nn 02:01.0 RAID bus controller [0104]: LSI Logic / Symbios Logic MegaRAID [1000:1960] (rev 01) 02:02.0 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] (rev 10) 02:02.1 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] (rev 10) Greg ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Getting to Mate or Xfce
> runs through attempts at mirrors and keeps failing till it runs out. > It failed to connect to my wireless router (or even to find it, afaict). > So I plugged it into the router with an ethernet cable. No joy. The ethernet adapter seems to be turned off by default. To turn it on, click the 'down arrow' in the upper-right corner, then click the Settings icon (a crossed wrench and nutdriver, near as I can tell) and choose Network. Then, in the Network dialog, click Wired on the left and toggle the 'switch' in the right-hand side to ON. If you make a profile for it there, you can have it connect the wired adapter automatically (which turns it on automatically, too). In any event, you should also see its status (e.g. connected or disconnected) when you click the down arrow in the upper-right corner. Getting the wireless working *might* go smoother once all the initial updates are installed. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux problem policies
If the content is located under /var/www then you could use restorcon -Rvv to restore the context of all content under /var/www to the default context label as provided by Apache. - On 30 Apr, 2017, at 07:03, Günther J. Niederwimmer g...@gjn.priv.at wrote: | Hello, | | My problem is to add selinux policies | can any help to say what is wrong with my policies | I write this! | | semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ | typo3conf(/.*)?" | | I have more instances from typo3 | I found this construct in the selinux policies | "/var/www/html(/.*)?/uploads(/.*)?" | | but my is not working ? | | and I have only errors? | | neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ | cil:244 | (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) | |allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 | (allow restorecond_t non_auth_file_type (file (getattr relabelfrom | relabelto))) | |allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 | (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom | relabelto))) | | neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil: | 13121 | (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read))) | |allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581 | (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock | open))) | . | | or is a other way to include policies better ? | -- | mit freundlichen Grüssen / best regards | | Günther J. Niederwimmer | ___ | CentOS mailing list | CentOS@centos.org | https://lists.centos.org/mailman/listinfo/centos -- James A. Peltier IT Services - Research Computing Group Simon Fraser University - Burnaby Campus Phone : 604-365-6432 Fax : 778-782-3045 E-Mail : jpelt...@sfu.ca Website : http://www.sfu.ca/itservices Twitter : @sfu_rcg Powering Engagement Through Technology ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] selinux problem policies
On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote: I write this! semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" OK. Did you get an error? I have more instances from typo3 I found this construct in the selinux policies "/var/www/html(/.*)?/uploads(/.*)?" but my is not working ? Can you be specific about what "not working" means? Did you get an error from the semanage command? Are files not labeled correctly? After setting context rules, you can "restorecon -R -v /var/www/html/" to fix the labels of any existing files. You can see their current labels using "ls -lZ /var/www/html". and I have only errors? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 When do you see that error? ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] selinux problem policies
Hello, My problem is to add selinux policies can any help to say what is wrong with my policies I write this! semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/ typo3conf(/.*)?" I have more instances from typo3 I found this construct in the selinux policies "/var/www/html(/.*)?/uploads(/.*)?" but my is not working ? and I have only errors? neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244 (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto))) allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675 (allow restorecond_t non_auth_file_type (file (getattr relabelfrom relabelto))) allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108 (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom relabelto))) neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil: 13121 (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read))) allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581 (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock open))) . or is a other way to include policies better ? -- mit freundlichen Grüssen / best regards Günther J. Niederwimmer ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos