I went to print something and I get this message: Summary: SELinux is preventing access to files with the default label, default_t.
Detailed Description: SELinux permission checks on files labeled default_t are being denied. These files/directories have the default label on them. This can indicate a labeling problem, especially if the files being referred to are not top level directories. Any files/directories under standard system directories, /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. The default label is for files/directories which do not have a label on a parent directory. So if you create a new directory in / you might legitimately get this label.
I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
I am trying to lock down our application and server with iptables. Anybody have any idea how to prevent accesses to the application from another application? Basically I opened up the ports 80 and 443 for the application server. However, the application points to other apps (ie. database, ldap). I want to limit what it can connect to or who can connect to it. Bascially I can limit who connects to the server itself but the application can still get input from outside servers.
I'd like to grant /usr/sbin/sendmail.sendmail "connectto" access to the unix_stream_socket /var/lib/imap/socket/lmtp.How do I do that?I want to eliminate error messages that keep appearing in my message log:
/var/log/messages:Jan 13 11:45:29 e setroubleshoot: SELinux is preventing /usr/sbin/sendmail.sendmail from connectto access on the unix_stream_socket /var/lib/imap/socket/lmtp. For complete SELinux messages. run sealert -l 05df828f-4402-
I just saw this message in the syslog and wondered if it could have anything to do with my previous problems with LXDE crashing:
Code: Select allSep 6 08:03:34 MyComputer kernel: [ 1003.788502] colord-sane: segfault at 21 ip b4de95ba sp b5609fb8 error 6 in libdbus-1.so.3.7.2[b4dbe000+4a000]
I have read a number of bug reports regarding this issue and it appears to go back about two years. It was supposedly fixed but that does not appear to be the case unless there is something peculiar with my Wheezy 7.8 installation.I just found this on a Ubuntu bug report. It is related to a colord-sane but not necessarily exactly the same as what I am experiencing.This is a libsane bug, not a colord bug. If you want to to work around it, change /etc/colord.conf to have UseSANE=false
I do not want my windows to be dragged and placed partially in two desktops. However, I have enabled Edge flipping to move window to next desktop. My problem is with partial overlap. Something which makes the windows stay completely in the desktop, but at the same time allow edge flipping.
I'm in the process of installing the usual Python/Numpy/Scipy/Matplotlib combination. I'm using the installed version of Python (2.7) on Ubuntu 11.04 but I've compiled Numpy and Scipy (and ATLAS/LAPACK etc.) from source. I now want to install matplotlib from the repositories but every time I do python-numpy is installed as a dependency of python-matplotlib. I've tried "apt-get hold python-numpy" etc. and also locking the version of each package in synaptic but both synaptic and apt-get will happily install the packages when requested, I assume because hold/lock version don't work on packages that aren't yet installed.
How can I prevent these packages being installed? Or is there a way to tell Ubuntu that I already have versions?
just a quick question: I have an external HD with 2 partitions, one ext3 and one FAT32.When I plug in the HD both partitions get automatically mounted, but as I only use I use the FAT32 partition to transfer data from/to Windows machines (which does not happen so often) I would like only the ext3 partition to be mounted automatically.
I'm using the Fedora Eee kernel for Fedora 12 (it's an unofficial kernel for the Eee PC), and want to update my system (I just set it up today). How can I update via command line and prevent an update to the default kernel?
So earlier today I was running out of space on my regular Windows 7 partition and I played around with extending it. I ended up somehow deleting grub and messing up my entire system. I've spent the last 2 hours looking for the answer to this and everyone has been saying to boot from a live disk and fix it that way.
Well, I've tried everything, the only way I can boot right now is via USB and it will NOT allow me to. I checked on other computers and even re-installed and formatted by external hard drive to try and get it to work and it refuses. I've changed my BIOS to boot from USB so I have no idea as to why this is happening. Also, I've tried using the "ls" command to find my partition via "ls (hdX,Y)/" and all of them come up as unknown filesystems.
I have a virtualbox installation, and I need fairly high security separation between host and guest traffic. The university network the box hangs off uses statically-allocated ip addresses, allocated to fixed MAC addresses (i.e. it eats any traffic with mismatched ip and MAC addresses).
VBox: 3.0.4 Guest OS: Fedora 11 64bit Hardware: dual NIC, Intel server Bridged networking, with separate NICs for host and guest
I'm aiming for high-security separation between host and guest traffic. To do this, I would like to to run all host traffic through one NIC, H, and all guest traffic through the other, G. The host and guest have separate, statically allocated, IP addresses, IPH and IPG. The network forces these to be mapped to specific MAC addresses, MACH (the address of NIC H) and MACG (the address of NIC G). So it's not too hard to write host firewall rules to enforce this policy. The rules just have to state that traffic coming into H must have a destination compatible with IPH, and traffic going out must have IPH as source - and vv for G and IPG. There also don't seem to be any trouble telling the guest to only use NIC G. As a result, turning off NIC G (or equivalently, firewalling it off from host traffic) crashes the network, I have to reboot it to get networking working.
But I can't figure how to tell the host to _only_ use NIC H for anything else except the guest. Even though we don't see any IPH traffic coming into NIC G from outside, I don't seem to be able to stop the host from starting connections on NIC G. Does anyone know any way to do this - to tell the host that it can only use IPH as its IP address unless traffic is coming from a guest process, and that it can only use address MACH and NIC H? I've been reading route and arp manuals all day, but I can't seem to figure anything on this - mainly because arp and route don't know about host/guest processes, and I guess weren't designed with this in mind...
I'm running F13 with KDE 4.4.4 on my desktop PC. A few months ago I had occasion to run Kalarm (invoked via "Kickoff" app launcher). Ever since that time, the Kalarm icon appears in my KDE "system tray" after I login. I power down my PC when I'm finished using it for the day.In an effort to get rid of the Kalarm icon, I changed my KDE "session manager" (System settings -> Advanced -> Session Manager) settings to: "on login: start with an empty session". But the Kalarm icon still appears in my "system tray" after the next reboot/login.I've also tried right-clicking on the Kalarm icon and selecting "quit". The icon still re-appears after the next reboot/login.Why didn't the session manager setting: "on login: start with an empty session" get rid of the Kalarm icon?
I'm having trouble booting after a recent bunch of updates (haven't been able to boot F12 from hard disk for a couple of days). The boot process gets as far as "NetworkManager daemon [OK]", then just stops. I get this for all 3 kernels that I can choose from the grub menu (126.96.36.199-141, 188.8.131.52-127, 184.108.40.206-115)Mounting the hard drive with a liveUSB, a quick inspection of /var/log/messages reveals that things go smoothly until: etc. until I hit the power button.I ought to mention that I wireless card that requires the Realtek RTL8192SE driver, which requires
I have a 2 monitor configuration, with the second monitor uses exclusively for mythtv. When I'm not actually watching tv or a muvie or watching visualizations with music playing, I actually use the machine for more productive uses. As the result the second monitor is typically not turned on, might have something to do the the fact it's a crt design, consumes a fair bit of power and does a good job keeping the media room overly warm.
The question is, does Fedora 11 or newer have a means to prevent applications from opening on the second monitor? I've checked the obvious places and nothing jumps out .
btw: According to the nvidia x server settings control panel the second monitor is set up as in twinview mode. This mode was chosen to allow the gpu to do most of the video decoding tasks using vdupau or something as I recall.
is it possible to block an application from using the network? If yes, how? I read it's possible with iptables and with selinux... Also, what about creating a user who can't connect and run the application with that user?
When I'm logged into my account, I can't shut down the computer if someone else is also logged in unless I supply the root password. However, if I log out, I can shut down from GDM without being challenged, even though another person is logged in, which could cause problems if that person is in the middle of some work. Is there a way to password-protect the gdm shutdown function if people are logged in?
- Newly installed Fedora 14- Firefox 3.6.12- All latest Fedora updates installed- Denial occured after the installation of jre1.6.0_22 from here - Linux (self-extracting file) and creating symbolic links as follows;
My Fedora box is giving me an SELinux security error:
SELinux is preventing the samba daemon from reading users' home directories.
SELinux has denied the samba daemon access to users' home directories. Someone is attempting to access your home directories via your samba daemon. If you only setup samba to share non-home directories, this probably signals an intrusion attempt. For more information on SELinux integration with samba, look at the samba_selinux man page. (man samba_selinux)
Allowing Access: If you want samba to share home directories you need to turn on the samba_enable_home_dirs boolean: "setsebool -P samba_enable_home_dirs=1"
make install then i got this error: postfix: fatal: chdir(/usr/libexec/postfix): No such file or directory make: *** [install] Error 1 I don't understand why it's checking the usr/libexec folder for the daemons although I've set the folder to /opt/product/postfix-2.6.5/libexec in the makefile. Here is also the cat of my makedefs.out:
Just built a new machine with FC15, and as I'm moving stiff from a old FC10 machine.I'm moving stuff over, and one of the things is an apache server. Did a yum install apache, but can only hit apached from the local machine. Then I noticed there was no xinetd running, so did a yum install of that.Both apache and xinetd I manually start, as the "services" manager in fc15 doesn't seem to know about them.NOTHING seems able to be able to hit the fc15 machine over the local lan. No httpd, ftp, telnet.What am I missing?BTW, I can ping the new box, and it sees others on the lan.(I'm building a server which will also be for dns and sendmail)i found I had a new firewall in my way on 15, and got apache to work. I opened the firewall for the specif ports for FTP and Telnet, and infact opened the whole interface on the machine!
I just upgraded to Fedora 12 on my computer. Now I can't connect to the net. Under network I show the two connections (neither working). The "connect" and "disconnect" AND the "delete" buttons are all grayed out (?). I also can't log in as root to try to gain more access. Probably just a new way of doing things. I was upgrading from F7 so it was a bit of a jump.
Does the network utility work differently from 7? Am I now rootless? It would seem that my wifi card sees the net as I can see the routers out there, but can't connect. I'm sure I'm using the correct WEP.
I've installed F10-live.iso onto a usb key but am having problems with the non-privileged user I created. When I login as kurt, I do not have access to my home directory on the hard drive. I tried [root@localhost home] #chmod kurt kurt (after cd-ing to the correct spot), but still cannot access my files there. I can do so as Live System User, but not as me.
On one machine is upgraded from F7 to F10: no problems. On my second machine, I did a fresh install. I can connect to the internet via KPPP, but both Firefox & Konqueror fail to recognize that I'm online. I tried to create a network modem connection, but when I select "new" & "modem", then press the "forward" button, nothing happens.
I have a home network with 2 WINXP machines and one I am trying to load FC10 on. If I get FC10 to work, I will convert the others to FC10. I am trying to access the WINXP machines through my LAN. I have installed samba. I have gone through a lot of places to try to configure samba. Several places say I have to set the security level on the ethernet card using system-config-securitylevel. When I enter this in terminal, I get command not found. I checked with yum and it is installed. I have tried using the menus but cannot find it anywhere. I can see the FC workgroup from one of the WINXP machines but I cannot look into it. It says I don't have the right permissions. I would like to set it so I don't need a userid/password at all. Can I do this?
I'm trying to set a kickstart DVD for automatically installing Fedora 10 without touching the existing data partitions on our systems. I've got a kickstart file that works great from a kickstart server however I'm having issues with creating an unattended kickstart DVD. I've attached a copy of the kickstart file from the DVD. For some reason even though all the packages we are installing are on the DVD, anaconda always attempts to connected to the internet to get repository information after completing the partitioning. I have changed the install type to 'cdrom' before anyone asks! I have removed my %pre and %post sections as these just copy in some config files and do not touch anything other than local paths.