Re: [CentOS] selinux problem policies

2017-04-30 Thread Gordon Messmer 

On 04/30/2017 07:24 PM, Günther J. Niederwimmer wrote:

when I like to set this Rule ?
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
typo3conf(/.*)?"

This Errors are displayd ?
neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
cil:244


I see, now.  What happens if you run "find /etc/selinux/targeted/tmp"?  
I'm not sure if you're getting an error because a tmp file was left 
behind earlier, or because something is wrong with the command you're 
running.



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux problem policies

2017-04-30 Thread Günther J . Niederwimmer 
Hello,

On Sonntag, 30. April 2017 18:40:23 CEST Gordon Messmer wrote:
> On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote:
> >   I write this!
> > 
> > semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
> > typo3conf(/.*)?"
> 
> OK.  Did you get an error?
I have only Errors ;-).

when I like to set this Rule ?
semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
typo3conf(/.*)?" 

This Errors are displayd ?
neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
cil:244
  (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto)))

allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675
  (allow restorecond_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))

allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108
  (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))

But the Rule are not added/set ?

> > I have more instances from typo3
> > I found this construct in the selinux policies
> > "/var/www/html(/.*)?/uploads(/.*)?"
> > 
> > but my is not working ?
> 
> Can you be specific about what "not working" means?  Did you get an
> error from the semanage command?  Are files not labeled correctly?
> 
> After setting context rules, you can "restorecon -R -v /var/www/html/"
> to fix the labels of any existing files.  You can see their current
> labels using "ls -lZ /var/www/html".
> 
> > and I have only errors?
> > 
> > neverallow check failed at
> > /etc/selinux/targeted/tmp/modules/100/selinuxutil/ cil:244
> 
> When do you see that error?
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos


-- 
mit freundlichen Grüssen / best regards

  Günther J. Niederwimmer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-docs] New User

2017-04-30 Thread Alan Bartlett 
On 28 April 2017 at 01:00, Lev Lazinskiy  wrote:
> Hi Folks!
>
> Per the process outlined in the wiki[1]. I just joined the CentOS community 
> and would like to request access to create personal home page. I plan on 
> making some decent contributions to the wiki moving forward.
>
> username: LevLazinskiy
>
> [1] 
> https://wiki.centos.org/Contribute#head-42b3d8e26400a106851a61aebe5c2cca54dd79e5
>
> Best,
> Lev

Sorry for the delay. I have now initialised a home page for you --

https://wiki.centos.org/LevLazinskiy

Perhaps you would like to tell us something about your experiences,
your usage of CentOS products and how you can assist the CentOS
Project.

Alan.
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS] SCSI drives and Centos 7

2017-04-30 Thread Akemi Yagi 
On Sun, Apr 30, 2017 at 1:03 PM, Gregory P. Ennis  wrote:

> Thanks for your help.  I did not want to replace this machine with new
> equipment, but it looks like I may need to do just that.
>
> Here are the results with respect to the lsi raid board for :
>
> lspci -nn
>
>
> 02:01.0 RAID bus controller [0104]: LSI Logic / Symbios Logic MegaRAID 
> [1000:1960] (rev 01)
> 02:02.0 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] 
> (rev 10)
> 02:02.1 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] 
> (rev 10)

The driver for your device LSI Logic / Symbios Logic MegaRAID
[1000:1960] is disabled in the CentOS kernel (C6 and C7).

# CONFIG_MEGARAID_LEGACY is not set

You'd need a driver disk with the required driver to install CentOS on
your system. My suggestion is that you ask ELRepo to offer such a disk
by filing an RFE at http://elrepo.org/bugs .

Akemi
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SCSI drives and Centos 7

2017-04-30 Thread Gregory P. Ennis 


-Original Message-From: John R Pierce 
Reply-to: CentOS mailing list 
To: centos@centos.org
Subject: Re: [CentOS] SCSI drives and Centos 7
Date: Sat, 29 Apr 2017 13:31:11 -0700

On 4/29/2017 12:42 PM, Gregory P. Ennis wrote:
> what does `lspci` have to say about this raid card ?
>
> John,
>
> Thanks for the prompt :
>
> lspci demonstrates :
>
> 02:01.0 RAID bus controller: LSI Logic / Symbios Logic MegaRAID (rev 01)
> 02:02.0 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10)
> 02:02.1 SCSI storage controller: Adaptec AIC-7902B U320 (rev 10)

could you try `lspci -nn`,  this will return the vendor/device ID, which 
will pin down which megaraid it is.

but, I'm afraid the answer is, that hardware is way over 10 years old, 
and support has been dropped from newer OS releases.   Those raid 
controllers require not only specific drivers, but also support 
utilities for monitoring the status of the raids, and configuring them.

The Megaraid family started back under NCR/Symbios in the late 80s, LSI 
acquired what was left of Symbios in 1998, Avago acquired LSI in 2014, 
then merged with Broadcom  in 2016 (as I understand it, Avago acquired 
Broadcom, but then renamed themselves). Sadly, support for legacy 
hardware tends to evaporate in corporate takeovers as its seen as pure 

John,

Thanks for your help.  I did not want to replace this machine with new
equipment, but it looks like I may need to do just that.

Here are the results with respect to the lsi raid board for :

lspci -nn


02:01.0 RAID bus controller [0104]: LSI Logic / Symbios Logic MegaRAID 
[1000:1960] (rev 01)
02:02.0 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] (rev 
10)
02:02.1 SCSI storage controller [0100]: Adaptec AIC-7902B U320 [9005:801d] (rev 
10)

Greg



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Getting to Mate or Xfce

2017-04-30 Thread Darr247 
> runs through attempts at mirrors and keeps failing till it runs out.
> It failed to connect to my wireless router (or even to find it, afaict).
> So I plugged it into the router with an ethernet cable. No joy.

The ethernet adapter seems to be turned off by default.
To turn it on, click the 'down arrow' in the upper-right corner, then click
the Settings icon (a crossed wrench and nutdriver, near as I can tell) and
choose Network. Then, in the Network dialog, click Wired on the left and
toggle the 'switch' in the right-hand side to ON.
If you make a profile for it there, you can have it connect the wired
adapter automatically (which turns it on automatically, too).  

In any event, you should also see its status (e.g. connected or
disconnected) when you click the down arrow in the upper-right corner.

Getting the wireless working *might* go smoother once all the initial
updates are installed.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux problem policies

2017-04-30 Thread James A. Peltier 
If the content is located under /var/www then you could use restorcon -Rvv to 
restore the context of all content under /var/www to the default context label 
as provided by Apache.

- On 30 Apr, 2017, at 07:03, Günther J. Niederwimmer g...@gjn.priv.at wrote:

| Hello,
| 
| My problem is to add selinux policies
| can any help to say what is wrong with my policies
| I write this!
| 
| semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
| typo3conf(/.*)?"
| 
| I have more instances from typo3
| I found this construct in the selinux policies
| "/var/www/html(/.*)?/uploads(/.*)?"
| 
| but my is not working ?
| 
| and I have only errors?
| 
| neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
| cil:244
|  (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto)))
|
|allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675
|  (allow restorecond_t non_auth_file_type (file (getattr relabelfrom
| relabelto)))
|
|allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108
|  (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom
| relabelto)))
| 
| neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil:
| 13121
|  (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read)))
|
|allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581
|  (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock
| open)))
| .
| 
| or is a other way to include policies better ?
| --
| mit freundlichen Grüssen / best regards
| 
|  Günther J. Niederwimmer
| ___
| CentOS mailing list
| CentOS@centos.org
| https://lists.centos.org/mailman/listinfo/centos

-- 
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 604-365-6432
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] selinux problem policies

2017-04-30 Thread Gordon Messmer 

On 04/30/2017 07:03 AM, Günther J. Niederwimmer wrote:

  I write this!

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
typo3conf(/.*)?"


OK.  Did you get an error?


I have more instances from typo3
I found this construct in the selinux policies
"/var/www/html(/.*)?/uploads(/.*)?"

but my is not working ?


Can you be specific about what "not working" means?  Did you get an 
error from the semanage command?  Are files not labeled correctly?


After setting context rules, you can "restorecon -R -v /var/www/html/" 
to fix the labels of any existing files.  You can see their current 
labels using "ls -lZ /var/www/html".



and I have only errors?

neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
cil:244


When do you see that error?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] selinux problem policies

2017-04-30 Thread Günther J . Niederwimmer 
Hello,

My problem is to add selinux policies 
can any help to say what is wrong with my policies 
 I write this!

semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html(/.*)?/
typo3conf(/.*)?"

I have more instances from typo3
I found this construct in the selinux policies
"/var/www/html(/.*)?/uploads(/.*)?"

but my is not working ?

and I have only errors?

neverallow check failed at /etc/selinux/targeted/tmp/modules/100/selinuxutil/
cil:244
  (neverallow selinuxutil_typeattr_1 semanage_store_t (file (relabelto)))

allow at /etc/selinux/targeted/tmp/modules/100/selinuxutil/cil:675
  (allow restorecond_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))

allow at /etc/selinux/targeted/tmp/modules/100/systemd/cil:1108
  (allow systemd_tmpfiles_t non_auth_file_type (file (getattr relabelfrom 
relabelto)))

neverallow check failed at /etc/selinux/targeted/tmp/modules/100/base/cil:
13121
  (neverallow base_typeattr_18 scsi_generic_device_t (blk_file (read)))

allow at /etc/selinux/targeted/tmp/modules/100/munin/cil:581
  (allow disk_munin_plugin_t device_node (blk_file (ioctl read getattr lock 
open)))
.

or is a other way to include policies better ?
-- 
mit freundlichen Grüssen / best regards

  Günther J. Niederwimmer
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos