Re: EXT: Re: reiserfs?

[Hinz, David (GE Healthcare)]

He would have gotten away with it too, if he hadn't kept a journal.  

Sent from my iPhone

> On Jul 18, 2017, at 7:34 PM, Nico Kadel-Garcia  wrote:
> 
>> On Fri, Jul 14, 2017 at 9:04 PM, ToddAndMargo  wrote:
>> Hi All,
>> 
>> I need to read a reiserfs partition on a flash drive.
>> Any words of wisdom?
> 
> *Why* ? reiserfs has languished since the arrest of Hans Reiser for
> murdering his wife. And much like ReiserFS, Hans claimed complete
> innocence until actually looking at evidence proved that her sudden
> absence was entirely his fault.

Re: reiserfs?

[Paul Robert Marino]

OK well reiserfs is actually EXT2 with a journal slapped on top of it just like 
EXT3 so you can try mounting it as readonly EXT2 though admittedly I haven't 
tried it it should work in theory, but certainly can't hurt if you try it in 
read only mode.

  Original Message  
From: toddandma...@zoho.com
Sent: July 18, 2017 8:50 PM
To: SCIENTIFIC-LINUX-USERS@fnal.gov
Subject: Re: reiserfs?

On 07/18/2017 05:33 PM, Nico Kadel-Garcia wrote:
> On Fri, Jul 14, 2017 at 9:04 PM, ToddAndMargo  wrote:
>> Hi All,
>>
>> I need to read a reiserfs partition on a flash drive.
>> Any words of wisdom?
> 
> *Why* ? reiserfs has languished since the arrest of Hans Reiser for
> murdering his wife. And much like ReiserFS, Hans claimed complete
> innocence until actually looking at evidence proved that her sudden
> absence was entirely his fault.
> 

Hi Niko,

Ya, no fooling!  :-)

I was trying to read the reiserfs partition on my
Knoppix Live USB drive.

I eventuality qemu-kvm boot the flash drive and used
cifs to import the data I wanted from my Samba server

-T

Re: useradd -p question

[Steven Miano]

​​usermod -p $(openssl passwd -1 ${SOME_TEXT}) ${USERNAME_HERE}

And seemingly useradd would use the same syntax.

On Tue, Jul 18, 2017 at 8:47 PM, Todd Chester  wrote:

> Hi All,
>
> Is there a way to add include a new user's password
> when creating his account with `useradd`.  There is a "-p"
> option, but it requires and "encrypted password".  And
> I have no idea what that would be.  I only know his actual
> password.  And including his actual password gets you
> some unknown password that I have to redo with `passwd`
>
> Many thanks,
> -T
>



-- 
Miano, Steven M.
http://stevenmiano.com

useradd -p question

[Todd Chester]

Hi All,

Is there a way to add include a new user's password
when creating his account with `useradd`.  There is a "-p"
option, but it requires and "encrypted password".  And
I have no idea what that would be.  I only know his actual
password.  And including his actual password gets you
some unknown password that I have to redo with `passwd`

Many thanks,
-T

Re: reiserfs?

[Nico Kadel-Garcia]

On Fri, Jul 14, 2017 at 9:04 PM, ToddAndMargo  wrote:
> Hi All,
>
> I need to read a reiserfs partition on a flash drive.
> Any words of wisdom?

*Why* ? reiserfs has languished since the arrest of Hans Reiser for
murdering his wife. And much like ReiserFS, Hans claimed complete
innocence until actually looking at evidence proved that her sudden
absence was entirely his fault.

Re: selinux preventing access to directory net

[Stephen Isard]

On Tue, 18 Jul 2017 17:03:40 +0100, Andrew C Aitchison  
wrote:

>On Tue, 18 Jul 2017, Stephen Isard wrote:
>
>> On Mon, 17 Jul 2017 23:52:22 +0200, Maarten  
>> wrote:
>>
>>> The process exim running with the the selinux context exim_t is trying
>>> to access the directory /proc/net which has the selinux context
>>> sysctl_net_t.
>>>
>>> Causing selinux to block access to directory, because the source context
>>> is different from the destination context.
>>
>> Yes, thank you, I've got that part.  As I said earlier, what I am wondering 
>> now is why exim is trying to search that directory, and whether I want it to.
>> It happens at - to me - unpredictable times, apparently unrelated to any 
>> messages being sent or received.
>
>Looking at the upstream source for exim 4.89, there are two lots of
>references to /proc
>1) /proc/loadavg
>2) /proc/net/if_inet6
>unsuprisingly exim uses these to determine load average and
>IPv6 address etc...
>
>I don't know whether the binary rpms add any other uses of /proc
>- which version of exim are you using - the one from epel ?

Yes, it is exim 4.89-1.el7 from epel.

Re: selinux preventing access to directory net

[Andrew C Aitchison]

On Tue, 18 Jul 2017, Stephen Isard wrote:


On Mon, 17 Jul 2017 23:52:22 +0200, Maarten  wrote:


The process exim running with the the selinux context exim_t is trying
to access the directory /proc/net which has the selinux context
sysctl_net_t.

Causing selinux to block access to directory, because the source context
is different from the destination context.


Yes, thank you, I've got that part.  As I said earlier, what I am wondering now 
is why exim is trying to search that directory, and whether I want it to.
It happens at - to me - unpredictable times, apparently unrelated to any 
messages being sent or received.


Looking at the upstream source for exim 4.89, there are two lots of 
references to /proc
1) /proc/loadavg 
2) /proc/net/if_inet6

unsuprisingly exim uses these to determine load average and
IPv6 address etc...

I don't know whether the binary rpms add any other uses of /proc
- which version of exim are you using - the one from epel ?

--
Andrew C Aitchison  Cambridge, UK

Re: selinux preventing access to directory net

[Stephen Isard]

On Tue, 18 Jul 2017 10:42:06 +0200, David Sommerseth 
 wrote:

>On 17/07/17 20:15, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net", with
>> the usual accompanying "if you believe that exim should be allowed..."
>> stuff, but the logs don't explain what call to exim triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might be
>> the same thing with different mta alternatives, but no response to either.
>
>Yes, this is exim trying to read some files in /proc/sys/net, starting
>with scanning the directory.  I'd suggest reporting this as an bug in
>the Red Hat bug tracker, file it under selinux-policy component - that
>team should be able to figure out if this is a bug or not.  My quick
>search there didn't turn up anything in particular.

Thanks for that advice.  I was hesitating to report it to a bug tracker partly 
because
I didn't know which category was appropriate and partly because I don't know 
what is triggering
the scans or how to make one happen.

Re: selinux preventing access to directory net

[Stephen Isard]

On Mon, 17 Jul 2017 23:52:22 +0200, Maarten  wrote:

>The process exim running with the the selinux context exim_t is trying
>to access the directory /proc/net which has the selinux context
>sysctl_net_t.
>
>Causing selinux to block access to directory, because the source context
>is different from the destination context. 

Yes, thank you, I've got that part.  As I said earlier, what I am wondering now 
is why exim is trying to search that directory, and whether I want it to.
It happens at - to me - unpredictable times, apparently unrelated to any 
messages being sent or received.

> Redhat has a package that
>updates
>
>all the active selinux policies on the system, I think it is
>selinux-policy-targeted they update the policies  every now they update
>the selinux policies. I would
>
>think they make policies for everything from the base repos. Exim is
>from epel en so is the nrpe package(which I'm getting the selinux
>messages from).  I don't know
>
>how selinux policies are managed for packages outside of the base repos.
>That's probably why there are multiple ways to manage selinux with
>custom policies, booleans, and selinux contexts etc. Maybe someone else
>knows how selinux policies for packages in third party repos are
>managed? Does that help?
>
>Cheers,
>
>Maarten
>
>
>On 07/17/2017 11:02 PM, Stephen Isard wrote:
>> On Mon, 17 Jul 2017 21:33:29 +0200, Maarten  
>> wrote:
>>
>>> Wel is exim able to do what it is supposed to do as an
>>> mta(transfer/transport mail) with selinux blocking this? If not you
>>> could create a custom selinux policy for it. If it is able to do what is
>>> supposed to and you aren't running into any unwanted results you can
>>> just leave it.
>> Indeed, but I would still prefer to understand what is going on.
>>
>>> I got selinux blocking access to /proc/sys on a couple of
>>> nagios checks via nrpe but it's not preventing the checks from working.
>>>
>>> You could probably try to create it by doing something like this if exim
>>> is not able to do it's job  by selinux blocking it:
>>>
>>> ausearch -c 'exim' --raw |audit2allow -M mypol
>>>
>>> then: semodule -i mypol.pp
>>>
>>>
>>>
>>> On 07/17/2017 09:09 PM, Stephen Isard wrote:
 On Mon, 17 Jul 2017 20:22:05 +0200, Maarten  
 wrote:

> You could use audit to allow to see what you need to allow it:
>
> cat /var/log/audit/audit.log | audit2allow.
 Thanks, that helps.  The log entry recommends
 ausearch -c 'exim' --raw |audit2allow, so I've tried that and got

 libsepol.sepol_string_to_security_class: unrecognized class dir

 #== exim_t ==
 allow exim_t sysctl_net_t:dir search;

 /proc/sys/net, as opposed to /proc/net, is of type sysctl_net_t, so that 
 may be where exim is trying to search.
 If so, the question is then why, and do I want it to.


> This output my advise you to enable a certain boolean instead of
> creating your own policy or changing the selinux context on a certain
> dir structure.
>
> And then create your own selinux policy:
>
> cat /var/log/audit/audit.log | audit2allow -M mypol
>
> then install the policy via semodule -i mypol.pp
>
>
> On 07/17/2017 08:15 PM, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net",
>> with the usual accompanying "if you believe that exim should be
>> allowed..." stuff, but the logs don't explain what call to exim
>> triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might
>> be the same thing with different mta alternatives, but no response to
>> either.
>>
>> All that the mta is supposed to be doing on these systems is reporting
>> the output of cron jobs, and that appears to be happening correctly,
>> so I am puzzled as to what this is about.  I'm not even 

Re: selinux preventing access to directory net

[David Sommerseth]

On 17/07/17 20:15, Stephen Isard wrote:
> On two SL7.3 systems where I have set exim as my mta alternative, I am
> getting a lot of entries in /var/log/messages saying "SELinux is
> preventing /usr/bin/exim from search access on the directory net", with
> the usual accompanying "if you believe that exim should be allowed..."
> stuff, but the logs don't explain what call to exim triggered the messages.
> 
> Sealert -l tells me
> 
> Raw Audit Messages
> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
> pid=3097 comm="exim" name="net" dev="proc" ino=7154
> scontext=system_u:system_r:exim_t:s0
> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
> 
> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
> 
> which doesn't seem to be much help.
> 
> Searches turn up two Centos 7 reports,
> https://bugs.centos.org/view.php?id=13247 and
> https://bugs.centos.org/view.php?id=12913 that look as if they might be
> the same thing with different mta alternatives, but no response to either.

Yes, this is exim trying to read some files in /proc/sys/net, starting
with scanning the directory.  I'd suggest reporting this as an bug in
the Red Hat bug tracker, file it under selinux-policy component - that
team should be able to figure out if this is a bug or not.  My quick
search there didn't turn up anything in particular.


-- 
kind regards,

David Sommerseth