Fedora :: Can't Create / Install SELinux Modules

Jun 5, 2010

Trying to run Googleearth I got a SELinux denial as I would expect. So I did what I always do, and generated a policy using audit2allow. I have used this method to manage SELinux on various CentOS and Fedora installations before, I don't recognise this problem.I tried the GUI "SELinux Policy Generation Tool" but it closes itself a second after opening so I can't even explore this.

View 9 Replies


ADVERTISEMENT

Fedora Security :: How To Create A Totally New SELinux User

Jun 4, 2009

Currently working on the targeted policy, I need a help in doing the following things as quick as possible:

1- How to create a totally new SELinux user (not mapping new linux user to SELinux user) I want a new user with no roles or with a maximum of 1 role. I also need how to compile the new user so I can used it for mapping users. At the time, I've tried creating a new file inside /etc/selinux/targeted/contexts/users similar to the other users inside this directory, but it did not actually seem to appear when using the command semanage to list SELinux users : semanage user -l
2- How to create a totally new SELinux role (empty for now) ? and how to make the relation between this new role and domains or types.
3- How to create new domain, actually following some old instructions I created the .fc and .te files, but not the .if file, which is more complicated than the other 2 file.

View 10 Replies View Related

Fedora Security :: Possible To Create Selinux Profile For Program Like With Apparmor?

Jan 15, 2011

Is it possible to create a selinux profile for a program like with Apparmor?

View 4 Replies View Related

Fedora Security :: Create An SELinux Policy To Automatically Grant Apps Execstack While They Use Glxinfo

Nov 20, 2009

I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'

However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.

View 2 Replies View Related

Fedora Servers :: SELinux - Find A List Of All The Booleans For SELinux (10) Using Getsebool -a

Feb 23, 2009

You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).

View 5 Replies View Related

Fedora Security :: Install Vmware - Must Disable Selinux ?

Aug 17, 2009

I plan to install vmware but I had some problems...So I looked over the internet and I found that I must disable selinux....is this true? It means that I must have to disable the selinux for ever? And then, will my System be safe?

View 6 Replies View Related

Programming :: Create File Via Perl With Centos SELinux Setup?

Mar 31, 2011

I'm running Apache on Centos 5.5, with active SELinux, and I'm having trouble getting my Perl script to write a file that doesn't yet exist to a folder which has the proper security context.

View 9 Replies View Related

General :: FATAL: Could Not Load /lib/modules/2.6.18-194.17.1.el5.028stab070.7PAE/modules.dep: No Such File Or Directory

Mar 6, 2011

I want set up VPN on my VPS but when i try to turn on tun/tap i see:

:/lib/modules# modprobe tun
FATAL: Could not load /lib/modules/2.6.18-194.17.1.el5.028stab070.7PAE/modules.dep: No such file or directory
os : debian 5
(folder lib/modules is empty)

View 1 Replies View Related

Fedora Installation :: Erratic Install Results W/initrd - Custom Spins With Custom Drivers - Modules?

Dec 28, 2009

Just spent three whole days barking up the wrong tree, solving Fedora 11 and Fedora 12 boot failures because the correct hypothesis was illogical: installation did not update/modify the initrd.

The first couple of times I installed Fedora 11 on the HighPoint Technologies RocketRaid 2640x4, the installation inserted my "custom" driver module (rr26xx) into the initrd, permanently, so that the system booted off the controller card for which the custom driver was inserted. (I yelled about this success in this thread: [url]

My most recent installs of BOTH F11 and F12 on the RocketRaid failed to properly set up the boot. It turns out that the "rr2640" module I "slipstreamed" into the installation process was *NOT* permanently added to the initrd by anaconda. (F12 gave me "no root device found boot has failed, sleeping forever", on boot; F11 hung also, without such error, I presume, during the init script execution). Because of limited resources and time, I only know for sure the module was missing from the F11 initrd, and am ASSUMING the same was the case with F12.

The only difference between the successful installs and the ones with failed boot is that the successful installs were made on a single-drive (JBOD) mode on the controller; whereas, the failed ones were placed on RAID 5. But, AFAIK, the created logical device for the card is "/dev/sda", in both cases, and the kernel can not distinguish between the two cases (or can it?). Thus, the inconsistency cost me a lot of time, and is still inexplicable to me.

Question: What is the best way to deal with custom drivers, today? There are custom spins, and many tools, like isomaster. Stupid question: Is there a way to modify the initrd inside an installer ISO -- be it for CD/DVD/USBboot drive -- beefing the init RAM disk with whatever modules you'd like, for the boot process (using, say, isomaster)?

And what makes anaconda understand that a module must be added to the initrd ? How can one force anaconda to do so?

How does moving to dracut as the initrd tool affect any/all of the above?

View 1 Replies View Related

Slackware :: How To Save Needed Modules Config To Create .config?

Apr 9, 2011

I am running a server with a GRSecurity patched Kernel 2.6.32.36. I've tried to optimize the kernel as much as I can and know it (removing options, not needed drivers and so on) and compiled the modules into the kernel (no loadable modules anymore). I've started with Slackware 13.0 and the default config for 2.6.29.6-huge. Still I am not sure what to remove/optimize further now.

My question: Is there a way to boot with a kernel with loadable modules, check which modules are really needed for this hardware, (do something like lsmod) and save the running configuration modules for a next kernel compile to be the default .config instead of writing them down by hand and search for the appropriate names in .config or during menuconfig? (Note: zcat /proc/config.gz > .config is NOT the way I want, as it gives me just the current kernel config)

View 5 Replies View Related

General :: Rc.modules Not Loading Modules At Startup?

May 11, 2010

I've been trying to load my pcmcia network card driver "xirc2ps_cs" at startup with no success. I have added "modprobe xirc2ps_cs" to the rc.modules file but it doesn't load at startup. Curiously, though, if I execute rc.modules AFTER the machine has booted it will load the modules just fine. Just not during the boot up process. Thinking that hotstart might have been causing problems I've disabled hotstart (chmod -x) temporarilly to remove it from the picture, but there was no change.

View 5 Replies View Related

OpenSUSE Install :: Install Some Wireless Drivers - Don't Have A /lib/modules/<kernel>/build Directory

Dec 14, 2009

I'm trying to install some wireless drivers, but apparently I don't have a /lib/modules/<kernel>/build directory, which is causing the Makefile to throw an error. Is there a specific place I should point the Makefile at?

View 9 Replies View Related

General :: Cannot Connect To Localhost After Selinux Install

May 5, 2011

I'm in the process of setting up a new Debian box as a web server. I had apache2 and mysql set up and all of the SSl taken care of. After installing selinux I noticed that my browser and ftp in the terminal wont connect to localhost, other computers on my network can connect to the apache server via a global ip, but it wasn't pulling database info. When I checked, I found that mysql was stopped. When I try to start it, it times out.

After some googling and trying a bunch of setsebools I finally just disabled selinux in /etc/selinux/config. I rebooted and confirmed selinux was disabled, but still the same issues. If it helps the error php throws when trying to connect to mysql is "can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)"

View 2 Replies View Related

Ubuntu Installation :: Boot Error "modprobe: FATAL Could Not Load /lib/modules 2.6.35-22 Generic Modules No Such File Or Directory"

Apr 14, 2011

Tonight I installed ubuntu 10.10 (32 bit) on an external usb harddrive with a dvd I burned and I used my older desktop. I disconnected all internal and external drives first so everything had to be put on the usb drive I selected (only option available). I used the option to load extra software, use the entire hard drive, and let the software do it's thing. I basically had no options where to put things and it didn't have much choice.

When I boot the usb drive on my laptop (win 7 64 bit) by telling the bios to boot to it first... I get an error: modprobe: FATAL Could not load /lib/modules 2.6.35-22 generic modules No such file or directory. This message appears twice and then it does boot into ubuntu and seems to work fine. I'm new to this OS so that is an uneducated guess but the things I have done seem to be working. So exactly what is this error referring too? Is there a way to fix the problem or do I just ignore it.

View 9 Replies View Related

Fedora :: SELinux Will Not Allow Tor?

Jan 17, 2011

I'm running into some problems setting up Tor on Fedora 14. I have followed the following guide to a T (although I realize it is for Fedora 10):orum.org/showthread.php?t=211516.I believe the problem is SELinux... but I'm not sure. Has anyone had any success running Tor in Fedora 14 without it bugging out? If not, is there some sort of Unix alternative?

View 12 Replies View Related

CentOS 5 :: How Can I Install Per Modules

Jun 20, 2010

I have a dedicated server. It doesn't have any GUI (gnome or something like that), so i need to use terminal, which is hard for a non-advanced user. So i have a few questions:I'm hosting a CS server and a few other servers later on. But right now only CS server. With it i need to start another perl window, which updates the stats to the website and database.So how can i start both server, that program and maybe use the console at the same time?Another question is: when i quit the server, it automatically restarts. How can i just kill the process? I don't want to restart my server every time i want to shut down the CS one.

About perl: how can i install per modules and how can i know the translations of perl modules from windows to linux names?And is there any firewalls by default clean installation, which might 27500 port and any connections trough 3306 to the database on my web server? If no, how come, that my program is unable to connect to my website database?Will my own email server take a lot of resources? Which only i would use and wouldn't receive much mail? And are there any guides how can i do that?Will a web server, which wouldn't take much visitors each day take a lot of resources?

View 13 Replies View Related

Fedora :: NTP Is Blocked By SElinux?

Jul 18, 2009

How can I solve the problem?

View 1 Replies View Related

Fedora :: SELinux Does Not Like Wine

Jan 18, 2010

There are several options available, such as "Ignore Alert" and "Turn off memory protection". What are the consequences of choosing one or the other?I'm new to Fedora and I'm not familiar with SELinux. Can someone please give me guidelines (or explanation) on how to deal with SELinux alerts?

View 7 Replies View Related

General :: How Hard Will It Be To Install Modules

Apr 19, 2010

I have a Toshiba Portege S100. Its about 4yrs old so Centrino and runs XP. The hard drive is grinding so I need to replace it. I figured it would be a good opportunity to look at Linux. So, I booted up the Ubuntu 9.1 CD and it didn't pick up the wireless card or sound card. Having looked around, it seems that this will need a little work.Well, the link I was trying to post mentions I need to install the snd-intel8x0 and ipw2200 modules.This doesn't look easy. Are there any distros that would make this process less painful?Alternatively, is this the sort of thing people would be able to help me with if I just said I wanted to get it working on Ubuntu or whatever distro I chose?

View 7 Replies View Related

Fedora :: Create An Install DVD For FC 12?

Jan 26, 2010

I'm trying to create an install DVD for FC 12. This is the command I would normally use to write CDs

Code:
cdrecord dev=1,0,0 Fedora-12-i386-DVD.iso
But with a DVD, I'm getting this error message:
Code:
cdrecord: Drive does not support TAO recording.
cdrecord: Illegal write mode for this drive.

I really don't want to read several hours of User Manuals to learn how to write a single DVD. This is a standard thing that everyone does, right? What's the easiest way write an iso file to a DVD?

View 14 Replies View Related

Fedora :: Create A Ks File To Install All Packages (fedora 12 Of Course)?

Apr 26, 2010

Trying to create a ks file to install all packages (fedora 12 of course). The file have in it:

%packages
@ everything
kernel
kernel-devel

which used to work in RHEL, but in here, I get the message on screen: "You have specified that the group 'everything' should be installed. This group does not exist. Would you like to continue or abort". so what's the group name/code to install all packages?

View 1 Replies View Related

Fedora :: How To Permanently Disable Selinux

Jul 14, 2009

I came across the following method of how to permanently disabling selinux and it's notifications. Although changing enforcement from the gui into permissive mode does most of the job, the notifications still pop-up when some applications are started.

So to disable it do the following:

open terminal as root and execute:

Quote:

And then change the SELINUX line to SELINUX=disabled

Quote:

This is it. Now reboot the system and selinux will never bother you again.

If you are not a Fedora user and you are using this forum just because we are cooler here then you will not find the /etc/selinux/config as in the fedora releases. What you need to do is to edit the kernel boot line and add selinux=0 at the end:

Quote:

Reboot the system

View 14 Replies View Related

Fedora :: Selinux On Encrypted Root?

Oct 2, 2009

After my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system

SELINUX=enforcing
SELINUXTYPE=targeted

and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.

I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?

View 3 Replies View Related

Fedora :: OOo Will Not Run With SELinux - Edit Menu

Nov 18, 2009

I just upgraded to fedora 12 via clean install with old /home partition and deleting old config files, and here is my issue. I need to edit the menu, and I need to set SELinux to permissive. OOo will not run with SELinux enabled for some reason, and besides, all my systems use SELinux in permissive. These two options no longer exist in the menu

View 7 Replies View Related

Fedora :: SElinux In Permissive Mode

Dec 4, 2009

I made the Selinux inactive with easylife how can I reactivate it.

View 6 Replies View Related

Fedora Security :: SELinux Context For Cgi-bin?

Oct 20, 2010

I'm attempting to get MapServer running on my Fedora 13 computer. I was able to install with the package manager, and the executable (mapserv) was originally placed in /usr/sbin. But I need it in /var/www/cgi-bin to work on the webserver. So I copied the file to the right location. Unfortunately, it doesn't have the correct SELinux context. Here's the message from the troubleshooter:

SELinux denied access requested by /var/www/cgi-bin/mapserv. /var/www/cgi-bin/mapserv is mislabeled. /var/www/cgi-bin/mapserv default type is httpd_sys_script_exec_t, but its current type is httpd_sys_script_exec_t. Changing this file back to the default type, may fix your problem.

How's that for circular logic? Does anyone have an idea what the correct SELinux context for a cgi-bin executable might be?

View 3 Replies View Related

Fedora Security :: Selinux Not Enabled?

Nov 10, 2010

Trying to keep selinux enabled. When I start SeLinux Troubleshooter from the menu, which is inautostart as well, It tells me SELinux not enabled, sealert will not run on nonSELinus systems".How do I get SELinux permanently started then

View 10 Replies View Related

Fedora :: Get SELinux And Wine Error

Jan 2, 2011

I get the SELinux and wine error. How can this be fixed?

View 1 Replies View Related

Fedora :: SELinux Not Allow Mplayer To Play Flv?

Jan 9, 2011

I have trouble with my Fedora 14 on laptop, that I never had on previous Fedora versions (10-13).The SELinux not allow mplayer to play flv files and I cannot convert any files from flv to mp3.I have all codecs installed.Also Totem not works propely.I can shutdown SELinux (but dont want to) but there still remain (already installed) codec, which cant be found (decoder h.264).So its not matter if I shutdown SELinux because I still cant play flv
Ok so there are my error message (sorry for my english!):

Code:
ffmpeg
ffmpeg: error while loading shared libraries: libxvidcore.so.4: cannot enable executable

[code]...

View 5 Replies View Related

Fedora Security :: How To Enable The SELinux

Jan 17, 2011

My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?

View 11 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved