Re: [CentOS] What to do when a selinux policy doesn't work?
On Feb 26, 2021, at 17:16, hw wrote: > Ejabberd is supposed to expire files when they are older than desired, and > selinux prevents it. How can I solve this problem other than by disabling > selinux or by deleting the files manually? It’s possible that you are only capturing part of the process, such as a stat() before unlink(), so it still fails. You need to capture the entire process. Temporarily set it to permissive (setenforce Permissive) and let it do what it does (is there a way to force it?). Then you should use ausearch to find the AVCs over the time period when it ran, and pipe that into audit2allow. HOWEVER... There’s probably a better solution than blindly creating a module. You need to figure out what the correct SELinux attribute to put on the directory so you don’t need a module. — Jonathan Billings ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] What to do when a selinux policy doesn't work?
Hi,
I'm getting log file entries about ejabberd not being able to remove
files that were uploaded by client through the file upload facility of
XMPP. With the help of audit2allow, I have already created and
installed some selinux modules to solve such issues, and still files
can't be expired.
So I used
grep '/srv/data/ejabberd' /var/log/audit/audit.log | audit2allow -w
to find out what might cause this, and the answer is:
type=AVC msg=audit(1606302910.314:2905): avc: denied { open } for
pid=18687 comm="8_dirty_io_sche" path="/srv/data/ejabberd/[...]"
dev="md100" ino=166 scontext=system_u:system_r:ejabberd_t:s0
tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
Was caused by:
Unknown - would be allowed by active policy
Possible mismatch between this policy and the one under
which the audit message was generated.
Possible mismatch between current in-memory boolean
settings vs. permanent ones.
I have reloaded the policies with 'semodule -R', and that didn't change
anything. The files in question seem to have the correct attributes like:
ls -laZ /srv/data/ejabberd/[...]
-rw-r--r--. 1 ejabberd ejabberd system_u:object_r:var_t:s0 1384362 Nov
25 12:15 /srv/data/ejabberd/[...]
Ejabberd is supposed to expire files when they are older than desired,
and selinux prevents it. How can I solve this problem other than by
disabling selinux or by deleting the files manually?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
Am 26.02.21 um 17:23 schrieb Lamar Owen: On 2/26/21 10:40 AM, Johnny Hughes wrote: From a user perspective or a building perspective? Builder. https://pagure.io/fm-orchestrator -- Leon ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On 2/26/21 10:40 AM, Johnny Hughes wrote: From a user perspective or a building perspective? Builder. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On Thu, 25 Feb 2021 at 17:26, Gionatan Danti wrote: > Il 2021-02-25 22:35 Stephen John Smoogen ha scritto: > > Mainly because customers don't want to pay for that work which is > > considerable. If Red Hat builds it, it is expected to have all kinds of > > 'promises' equivalent to its other products and that is expensive in > > terms > > of QA, engineering, documentation, various certifications, etc. Package > > growth goes up quickly so if people are complaining about the cost of a > > RHEL license for 4000 src rpms, then what would it be at 20,000 to > > 30,000. > > It is easier to allow the community to choose to do the work it wants > > and > > then 'consumers' of said repository get what they can. > > [Including Valeri] I doubt it. Price is mainly defined by offer and > demand (which is, in turn, driven by how much value the customer put > behind the product). While production/support cost can put a lower bound > on it, I don't think this is the case for Red Hat. > The fun part about this doubt is that anyone should be able to prove it right or wrong easily. All it takes is to set up a build system, recompile all the code from Fedora wanted in it, and then offer support contracts to cover work on it. If there is a market for it then they can set the price to cover all 20,000 packages and then find out what is expected by the customer for the prices charged. -- Stephen J Smoogen. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On 2/26/21 9:40 AM, Johnny Hughes wrote: > On 2/25/21 4:44 PM, Lamar Owen wrote: >> On 2/24/21 3:49 PM, Johnny Hughes wrote: >>> Not that it matters .. BUT .. EL8 is much harder to build for. There >>> are modular components, not all the Devel files exist, etc. >>> >>> It is much harder than EL7. >> And that difficulty shows; more stable perhaps, but many fewer >> packages. Is there a reference anywhere to how modularity is supposed >> to work? > > From a user perspective or a building perspective? > > > https://docs.fedoraproject.org/en-US/modularity/using-modules/ I read this article all the time: https://computingforgeeks.com/how-to-use-fedora-29-modular-repository/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to install XFCE on CentOS 8?
On 2/25/21 4:44 PM, Lamar Owen wrote: > On 2/24/21 3:49 PM, Johnny Hughes wrote: >> Not that it matters .. BUT .. EL8 is much harder to build for. There >> are modular components, not all the Devel files exist, etc. >> >> It is much harder than EL7. > And that difficulty shows; more stable perhaps, but many fewer > packages. Is there a reference anywhere to how modularity is supposed > to work? From a user perspective or a building perspective? https://docs.fedoraproject.org/en-US/modularity/using-modules/ ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] menu apps like make menu config
On 2/19/21 4:00 PM, Christopher Wensink wrote: Good morning everyone, While vi, cat more or less can work (see what I did there..) for looking at every day Linux Administration, sometimes I think it's just easier to work with a menu based interface, where you can select and navigate messages and options, with a little bit of color, possibly function key interaction, and a working interface, similar to using make menuconfig for compiling the kernel and similar to performing a legacy text based install on a new system. Is there a master list of those kinds of apps that have a menu for looking at various things? Can anyone who thinks of more of these apps rattle off some other options such as: abc - for reading logs xyz for text based chat def - for a menu based browser ghi - for a text mail client, etc mc (midnight commander) for file copy/move/delete/read/edit/... (also: standalone commands mcview, mcedit) Regards. -- Roberto Ragusamail at robertoragusa.it ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
