RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver

2016-06-29 Thread Bill Maidment 
Hey guys
It's an interesting discussion

> >
> > Refusing to to use, accept and learn SELinux will serve you no good in
> > the long run.
> 
> See above. Security is a trade-off between trouble saved by having
> security, and caused by the security itself.

Today, We had the local council workers digging up our road and blocking us in, 
claiming it was because a sink-hole had developed and had to be fixed for 
safety reasons.
So they scraped off the top surface, and relaid tarmac over it. Sink hole 
neatly hidden.

Security box ticked, inconvenience box ticked, safety - we wait and see.

BTW Today is the last day of our financial year and the the remaining road 
works fund had to be spent. If you've watched "Yes, Minister" you will know 
what that means.
Anyway, I digress.

Some of my servers are now SELinux enforcing, others await testing.

Cheers
Bill

Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver

2016-06-29 Thread jdow 

Nonsense.

Haven't met a distro yet that has SELinux correctly setup from the gitgo. It 
still doesn't completely like samba on my 6.6 install, for example. I had to 
make some "fake" changes to get something else rather pedestrian to work. (It's 
in the archives some time back with projected fix pushed all the way out to 6.7.)


{^_^}

On 2016-06-29 03:12, David Sommerseth wrote:

On 29/06/16 10:00, Bill Maidment wrote:

My final attempt was successful, sort of.
I switched SElinux to enabled and rebooted, then the install worked OK.
Then I had to use a live CD to be able to boot, changed SElinux to disabled, 
and reboot again.
Then I had to us lpoptions to set the default parameters as the CUPS gui tool 
refused to change anything.
Phew. What a tortuous route.
Back to sleep now.




Let this be an example why NOT to disable SELinux.  SELinux has been (if
my memory serves me right) available since Fedora 6 (released in 2006)
and RHEL *4*!  I believe it was turned on by default in Fedora 8 and
RHEL 5.  And in RHEL 6 you could no longer disable SELinux at install time.

SELinux is not the obstacle it once was over a decade ago.  So if you
have issues when it is enabled, learn to use the proper tools to debug
and fix it correctly.  (audit2why, audit2allow, semanage, restorecon,
etc, etc)

Disabling SELinux is in 2016 *not* a solution and can barely be
considered a workaround.

Refusing to to use, accept and learn SELinux will serve you no good in
the long run.

Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS
installations and versions over the last 8-9 years.  In SL7 SELinux have
not bitten me much at all (only one issue with logrotate on servers
running Zimbra Collaboration Suite, that's all).   I have the last 6-7
years never needed to disable SELinux to accomplish my tasks.  Yes, I've
put systems into permissive modes to see if SELinux was to blame, but
mostly that was not the issue.

So if you are badly hit by SELinux troubles, you need to look into if
you or the software you use are doing the right things.




--
kind regards,

David Sommerseth




-Original message-

From:Bill Maidment 
Sent: Wednesday 29th June 2016 16:34
To: Akemi Yagi ; SL Users 
Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
printer driver

Well I've heard back from Brother and they suggest that my SElinux set up has a 
problem. They recommended that I do
semodule -vR
This gave me exactly the same error messages. Then I did semodule -vB which 
worked OK, but repeating semodule -vR still gives

[root@ferguson src]# semodule -vB
Committing changes:
Ok: transaction number 0.
[root@ferguson src]# semodule -vR
SELinux:  Could not downgrade policy file 
/etc/selinux/targeted/policy/policy.29, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.29: 
 No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such 
file or directory).
[root@ferguson src]#

This is happening on two different SL 7.2 machines with SElinux installed but 
disabled.

I even tried uninstalling selinux* but that got me into deeper trouble.

[root@ferguson src]# rpm -qv selinux-policy
selinux-policy-3.13.1-60.el7_2.7.noarch

Is there an issue with this version of selinux???

Cheers
Bill

-Original message-

From:Bill Maidment 
Sent: Saturday 25th June 2016 17:26
To: Akemi Yagi ; SL Users 
Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
printer driver

Thanks for the suggestion Akemi.
Unfortunately, it made no difference.
I'm awaiting comment from Brother, but I suspect they will say change to Ubuntu 
:-(
Cheers
Bill

-Original message-

From:Akemi Yagi 
Sent: Saturday 25th June 2016 1:10
To: SL Users 
Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
printer driver

On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment  wrote:

Has anyone any suggestions how to get a Brother HL-3150CDN printer driver 
installed on SL7.
I have been trying to install using the Brother supplied installation script, 
which worked OK on SL6.

With SL7 I get error messages such as:
SELinux:  Could not downgrade policy file 
/etc/selinux/targeted/policy/policy.29, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.29: 
 No such file or directory /sbin/load_policy:  Can't load policy:  No such file or 
directory

The file in question does exist, but I have selinux disabled anyway.

SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that an 
issue?
I guess the Brother script is a bit out of date as it was created in 2012.

Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver

2016-06-29 Thread David Sommerseth 
On 29/06/16 10:00, Bill Maidment wrote:
> My final attempt was successful, sort of.
> I switched SElinux to enabled and rebooted, then the install worked OK.
> Then I had to use a live CD to be able to boot, changed SElinux to disabled, 
> and reboot again.
> Then I had to us lpoptions to set the default parameters as the CUPS gui tool 
> refused to change anything.
> Phew. What a tortuous route.
> Back to sleep now. 



Let this be an example why NOT to disable SELinux.  SELinux has been (if
my memory serves me right) available since Fedora 6 (released in 2006)
and RHEL *4*!  I believe it was turned on by default in Fedora 8 and
RHEL 5.  And in RHEL 6 you could no longer disable SELinux at install time.

SELinux is not the obstacle it once was over a decade ago.  So if you
have issues when it is enabled, learn to use the proper tools to debug
and fix it correctly.  (audit2why, audit2allow, semanage, restorecon,
etc, etc)

Disabling SELinux is in 2016 *not* a solution and can barely be
considered a workaround.

Refusing to to use, accept and learn SELinux will serve you no good in
the long run.

Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS
installations and versions over the last 8-9 years.  In SL7 SELinux have
not bitten me much at all (only one issue with logrotate on servers
running Zimbra Collaboration Suite, that's all).   I have the last 6-7
years never needed to disable SELinux to accomplish my tasks.  Yes, I've
put systems into permissive modes to see if SELinux was to blame, but
mostly that was not the issue.

So if you are badly hit by SELinux troubles, you need to look into if
you or the software you use are doing the right things.




--
kind regards,

David Sommerseth


>  
> -Original message-
>> From:Bill Maidment 
>> Sent: Wednesday 29th June 2016 16:34
>> To: Akemi Yagi ; SL Users 
>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
>> printer driver
>>
>> Well I've heard back from Brother and they suggest that my SElinux set up 
>> has a problem. They recommended that I do
>> semodule -vR
>> This gave me exactly the same error messages. Then I did semodule -vB which 
>> worked OK, but repeating semodule -vR still gives
>>
>> [root@ferguson src]# semodule -vB
>> Committing changes:
>> Ok: transaction number 0.
>> [root@ferguson src]# semodule -vR
>> SELinux:  Could not downgrade policy file 
>> /etc/selinux/targeted/policy/policy.29, searching for an older version.
>> SELinux:  Could not open policy file <= 
>> /etc/selinux/targeted/policy/policy.29:  No such file or directory
>> /sbin/load_policy:  Can't load policy:  No such file or directory
>> libsemanage.semanage_reload_policy: load_policy returned error code 2. (No 
>> such file or directory).
>> [root@ferguson src]# 
>>
>> This is happening on two different SL 7.2 machines with SElinux installed 
>> but disabled.
>>
>> I even tried uninstalling selinux* but that got me into deeper trouble.
>>
>> [root@ferguson src]# rpm -qv selinux-policy
>> selinux-policy-3.13.1-60.el7_2.7.noarch
>>
>> Is there an issue with this version of selinux???
>>
>> Cheers
>> Bill
>>
>> -Original message-
>>> From:Bill Maidment 
>>> Sent: Saturday 25th June 2016 17:26
>>> To: Akemi Yagi ; SL Users 
>>> 
>>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
>>> printer driver
>>>
>>> Thanks for the suggestion Akemi.
>>> Unfortunately, it made no difference.
>>> I'm awaiting comment from Brother, but I suspect they will say change to 
>>> Ubuntu :-(
>>> Cheers
>>> Bill 
>>>  
>>> -Original message-
 From:Akemi Yagi 
 Sent: Saturday 25th June 2016 1:10
 To: SL Users 
 Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
 printer driver

 On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment  wrote:
> Has anyone any suggestions how to get a Brother HL-3150CDN printer driver 
> installed on SL7.
> I have been trying to install using the Brother supplied installation 
> script, which worked OK on SL6.
>
> With SL7 I get error messages such as:
> SELinux:  Could not downgrade policy file 
> /etc/selinux/targeted/policy/policy.29, searching for an older version.
> SELinux:  Could not open policy file <= 
> /etc/selinux/targeted/policy/policy.29:  No such file or directory 
> /sbin/load_policy:  Can't load policy:  No such file or directory
>
> The file in question does exist, but I have selinux disabled anyway.
>
> SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that 
> an issue?
> I guess the Brother script is a bit out of date as it was created in 2012.
>
> Any help would be appreciated.
>
> Cheers
>

RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver

2016-06-29 Thread Bill Maidment 
Well I've heard back from Brother and they suggest that my SElinux set up has a 
problem. They recommended that I do
semodule -vR
This gave me exactly the same error messages. Then I did semodule -vB which 
worked OK, but repeating semodule -vR still gives

[root@ferguson src]# semodule -vB
Committing changes:
Ok: transaction number 0.
[root@ferguson src]# semodule -vR
SELinux:  Could not downgrade policy file 
/etc/selinux/targeted/policy/policy.29, searching for an older version.
SELinux:  Could not open policy file <= /etc/selinux/targeted/policy/policy.29: 
 No such file or directory
/sbin/load_policy:  Can't load policy:  No such file or directory
libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such 
file or directory).
[root@ferguson src]# 

This is happening on two different SL 7.2 machines with SElinux installed but 
disabled.

I even tried uninstalling selinux* but that got me into deeper trouble.

[root@ferguson src]# rpm -qv selinux-policy
selinux-policy-3.13.1-60.el7_2.7.noarch

Is there an issue with this version of selinux???

Cheers
Bill

-Original message-
> From:Bill Maidment 
> Sent: Saturday 25th June 2016 17:26
> To: Akemi Yagi ; SL Users 
> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
> printer driver
> 
> Thanks for the suggestion Akemi.
> Unfortunately, it made no difference.
> I'm awaiting comment from Brother, but I suspect they will say change to 
> Ubuntu :-(
> Cheers
> Bill 
>  
> -Original message-
> > From:Akemi Yagi 
> > Sent: Saturday 25th June 2016 1:10
> > To: SL Users 
> > Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN 
> > printer driver
> > 
> > On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment  wrote:
> > > Has anyone any suggestions how to get a Brother HL-3150CDN printer driver 
> > > installed on SL7.
> > > I have been trying to install using the Brother supplied installation 
> > > script, which worked OK on SL6.
> > >
> > > With SL7 I get error messages such as:
> > > SELinux:  Could not downgrade policy file 
> > > /etc/selinux/targeted/policy/policy.29, searching for an older version.
> > > SELinux:  Could not open policy file <= 
> > > /etc/selinux/targeted/policy/policy.29:  No such file or directory 
> > > /sbin/load_policy:  Can't load policy:  No such file or directory
> > >
> > > The file in question does exist, but I have selinux disabled anyway.
> > >
> > > SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that 
> > > an issue?
> > > I guess the Brother script is a bit out of date as it was created in 2012.
> > >
> > > Any help would be appreciated.
> > >
> > > Cheers
> > > Bill Maidment
> > 
> > Can you try reinstalling selinux-policy packages and see if that fixes
> > the issue?
> > 
> > yum reinstall selinux-policy\*
> > 
> > Akemi
> > 
> >