Fedora Networking :: 13 - How To Enable "SELinux Named Policy"
Jun 17, 2010
I am trying to configure my live install of fedora so a PC on the same intranet can access it by hostname instead of by IP address.After I installed bind, I realized the man pages recommended against bind and said instead to enable SELinux named. I tried to guess what variables to set after googling and studying the documentation and coming up empty. I used getsebool -a, and tried turning one and all on.I test using:nslookup myhostname on the linux box, since if that is working it isnt surprising that the windows box cant see it. what buttons to push to enable SELinux named, as described in fedora 13 man page for bin slight correction, the man page is for named. It says to remove the bind-chroot and use SElinux to enable named. I think I also have to create a new zone. This seems akin to proving fermats last theorem but less rewarding. anyone know what keys to push for either. I did get system-config-selinux running. I thought it was in an infinite loop but it does *eventually* load a gui. Also if you set a boolean it will grab all CPU for a couple of minutes. (used top in another terminal).
View 5 Replies
ADVERTISEMENT
Jul 24, 2011
I need to change SELinux policy to permissive and then back to enforced for an installation. I understand that I should be able to do that through the SELinux Administration window accessed through System -> Administration ->SELinux Management. But I do not have any real sysadmin tools available in my Fedora 15 Gnome Gui interface. Am I missing something, or should I use some sort of similar command line tool to do this?
View 2 Replies
View Related
Feb 20, 2010
I just updated my system via yum and got an odd output after selinux-policy-targeted package finished updating.
Code:
Updating : selinux-policy-3.6.32-89.fc12.noarch 14/80
Updating : selinux-policy-targeted-3.6.32-89.fc12.noarch 15/80
/etc/mock/koji* /etc/rc.d/init.d/dirsrv* /srv/git* /usr/autodesk/maya2010-x64/lib /usr/lib{64,}/nagios/plugins/check_mailq /usr/sbin/ns-slapd /usr/share/e16/misc* /usr/share/shorewall/compiler.pl /var/cache/cgit* /var/lib/git* /var/lib/koji* /var/www/git/gitweb.cgi /var/www/git/gitweb.cgi
Does anyone knows what that means?
View 2 Replies
View Related
May 25, 2011
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
View 2 Replies
View Related
Nov 20, 2009
I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'
However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.
View 2 Replies
View Related
Feb 1, 2010
I have in /etc/selinux/config:
Code:
SELINUX=enforcing
SELINUXTYPE=mls
Do I have MLS enabled? I can't use Selinux commands. I thought MLS is sort of package to Selinux. I fallowed this:
Code:
[code].....
View 3 Replies
View Related
Jan 17, 2011
My newly installed Fedora-14 (64-bit) has SELinux disabled. I can't find any way to enable it. I tried to set it manually in /etc/selinux/config to enforcing or permissive but nothing happens after reboot. In GUI configuration tool it is set to disabled and grayed out so that there is no way to enable it there. Is there another way to enable SELinux?
View 11 Replies
View Related
Jun 14, 2010
i am trying to install centos 5.5 x86_64 as a guest OS in vmware server 2.0.2 using netinstall iso. Installation runs fine until the point, when it tries to install selinux-policy-targeted-2.4.6-279.el5.noarch, the whole virtual pc hangs at this.any ideas? i tried to google few things about this, but i have found nothing. this has happened 3 times in row, whole virtual pc always hangs at the same package. i dont have any other problems with vmware, gentoo runs and installs fine in it.i would prefer to do installation using netinstall.iso, it would take a lot of time to download all cds or whole dvd and all i require is a very basic set of packages.
View 7 Replies
View Related
Jul 29, 2011
My organisation is running squirrelmail on a redhat server. When users are created , at that time the admin sets a password. Thereafter the user can login to his account using the password. But he can't change it as is the case with gmail or yahoo mail. Also the password for any account is known to the admin in addition to the user himself - a weak security arrangement !So what I wish to do is provide a way for users to change his password anytime he wants and also during the first login - as is normally done in banking sites, etc
View 14 Replies
View Related
Aug 24, 2010
I configure named and stumble upon the following problem: named is serious about user rights, every config file named uses should be named:named. I set rights to named:named as follows, but they get changed to root:named when I restart named as root. The same thing happens with SELinux context. This results in access denied type errors.
View 1 Replies
View Related
Feb 23, 2009
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
View 5 Replies
View Related
Nov 30, 2009
I am new in configuring named.I want to set my firewall (Fedora 11) as a name server. The local domain is a Windows domain. I'd like internal users translate domain name into IP on this server when they go to the internet. After reading some posts on the web, I set up named as below. It seems the named does the job but with some problems.
1) When I start the server, I couldn't find the named process even if the file "named" is in /etc/init.d. I can browse Internet on the server with domain name (DNS works locally). But internal users couldn't get the domain name translated. If I shutdown the server at this stage, it will shutdown within 1 minute.
2) If I run "service named start" after the server boot up, I see process "named" and named work okay. Both internal user and local host can browse Internet with domain name. However, any command starting with "service named" has no response after this, such as "service named status" or "service named stop". I can see it shows "stopping named" and this last forever. I have to kill the process then restart named server so that named may run again.
3) If I shutdown the server now, it will take 4-5 minute instead of 1 minute in 1). The shutdown stuck at "shutdown named" for 4 minutes. Even if I kill process named before the shutdown, it will take 4-5 minutes.
It took me a week on this issue. I appreciate if you could take a look my configure files and guide me through this.
View 14 Replies
View Related
May 27, 2011
I'm trying to setup a DNS name server using fedora14. Everything is working in the LAN, I've no errors in log/messages, but cannot ping outside world. Can ping IP addresses but not domain names.
View 4 Replies
View Related
Aug 12, 2009
host A: Fedora 7 has bind 9.4.2
host B: Fedora 11 has bind 9.6.1
I want to migrate my bind configuration from A to B I've read the release notes and man pages and I can't see why copying
/etc/named*
and
/var/named/*
I checked /etc/sysconfig/named too... Seems to have no effect on my brand new install on Fedora 11. Host B stays basically un-configured.
View 2 Replies
View Related
Mar 14, 2009
Mandriva 2009, BIND 9.5.0-P2. Named will start however I'm getting the above error as well as these:
14-Mar-2009 15:45:37.084 general: error: zone 0.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.zero failed: file not found
14-Mar-2009 15:45:37.084 general: error: zone 0.0.127.in-addr.arpa/IN: loading from master file /var/lib/named/var/named/reverse/named.local failed: file not found
[code].....
Named shows to be running but with the errors above I know it's not running correctly. I also copied the above dir's over to /var/lib/named/var/lib/named which is where I 'believe' it's chroot'd at, though I could be wrong since I'm unfamiliar with chroot.
View 14 Replies
View Related
Feb 15, 2011
Fedora 13 64. NetworkManager tries to unlink /etc/hosts and is blocked:
Code:
SELinux is preventing /usr/sbin/NetworkManager from unlink access on the file /etc/hosts.
Additional Information:
[code]....
View 2 Replies
View Related
Mar 12, 2009
when I try to connect to internet SELinux give my a preventing NetworkManager here is what its say:
Code:
Summary:
SELinux is preventing NetworkManager (NetworkManager_t) "getattr" to /dev/ppp
(ppp_device_t).
[Code]....
View 2 Replies
View Related
May 26, 2009
I installed Fedora to a desktop with a hardwire ethernet connection to my router. When I ran the live CD it connected fine. When I boot now I have no connection, and when I try to connect I get this "AVC Denial" message and some mumbojumbo about SELinux is preventing nm-dhcp-client to read libdbus-glib blah blah blah. The troubleshooter app is no help to me at all. This is extremely frustrating. A couple of weeks ago I did an install to this same computer and had no problem at all. The only difference is that this time I wiped all of my old distros from the HD, and made separate /, /var, /boot, /tmp, and /usr partitions (in addition to the old /home partition which I kept.) I don't know how that could be causing this problem, but it's the only thing different about this install. Should I just go back to putting everything but /home on one partition?
View 5 Replies
View Related
Sep 5, 2009
i have problem with samba share everytime when i want to browse shared folders on fedora machine from windows i always get this msg (SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).)here is my selinuxlog
Summary:
SELinux is preventing samba (smbd) "getattr" to /proc/fs/nfsd (nfsd_fs_t).
%
View 6 Replies
View Related
Dec 1, 2009
I can not stablish PPTP VPN because SELinux blocking Network Manager.
I get the following:
Summary: SELinux is preventing NetworkManager (NetworkManager_t) "unlink" to ./reso
Code:
I'm attaching complete alert.
View 1 Replies
View Related
Apr 1, 2011
I am using Cent OS 5.5 and i want configure DNS, but while configuring bind i am getting below error.
#/etc/init.d/named restart Stopping named: [ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:57: open: /etc/named.root.hints: file not found[FAILED]
View 2 Replies
View Related
Mar 26, 2010
Is it possible to only view certain chains and more specifically certain chain policies with options when doing:
iptables -L
I would like for example view FORWARD ACCEPT rules instead of waiting for all of the drop rules to load when viewing a firewalled iptables.
View 3 Replies
View Related
Mar 3, 2010
When I reboot my computer, my iptables sets itself to a policy of dropping everything, adds a bunch of rules, and a bunch of extra chains, to the effect that (due to everything being set to drop) I can't do anything. I know how to fix this from the terminal to the extent of just clearing most of it and changing the policies back. However, what I don't know is how to make it stay that way. I have a file with the iptables rules I want, so every time I start up I just run iptables-restore, but I don't want to have to do this every time, particularly since others use this computer who do not have admin privileges.
I've tried changing /etc/network/interfaces with the added code pre-up iptables-restore < (etc) But that never does anything, or if it does it just makes stuff work even less. I've tried changing init.d before based on similar info elsewhere, still no luck. I don't know how to get it to stick, and I don't know why it is defaulting to the rules it is, other than that I used a firewall app a while ago and afterwards this was the result, for which I uninstalled that app after no success using it to reverse the damage.
View 2 Replies
View Related
Mar 25, 2010
Seems like this should be a simple question, but I've looked around and have not found an obvious location to keep custom policy based routing rules in Ubuntu./etc/network/if-up.d comes to mind, but I was wondering is that was a "standard" spot. Also it doesn't seem like these rules really need to run each time an interface is up'ed or down'ed.
View 4 Replies
View Related
Feb 19, 2010
I have set the iptables INPUT policy to DROP. As I have expected tcpdump wasn't showing any packages... for a while. Suddenly it begun to show UDP syslog packages being sent by a remote host. It is conform with the configuration of syslog, but since the INPUT policy was set to DROP, with no exceptions, it is not conform with configuration of iptables. Why after setting INPUT policy to DROP, with no exceptions most of the packets recieved before are being dropped and some not, as tcpdump shows?
View 7 Replies
View Related
Nov 27, 2010
I want to implement bandwidth shaping policy in a virtual environment. So i have 2mbps link, which i want to distribute it among Email,http(s),ssh,... and some other traffic. I want to do this in a virtual environment, for testing purpose. I want to run this script on a virtualbox virtual machine, which has ubuntu installed on it. and then use that as the router.
(a) is there any software that could simulate email,http,... traffic so that i could test it?
(b) my second question is (though not related to networking) how do i set a (virtual) machine as a router? or is it even possible?
View 1 Replies
View Related
Aug 24, 2009
It took me a while to get VNC going. It was easier with FC8-10. Once I got finished and was actually able to log in and see my remote desktop I tried to add some software... virtualbox.When I double click on the RPM I get popup that states."The action could not be completed. Failed to install file. You do not have the necessary privileges to perform this action" When I close that dialogue another one pops up that states" "The action could not be completed." When I click on more details the dialogue states. "Policykit authorization failure" How can I make this work?
View 1 Replies
View Related
Jan 5, 2010
FC12 with recent updates The bugzilla I reported is fixed in selinux 3.6.32-66 and I have 3.6.32-56. I refreshed the repositories and looked for 66 and it is not listed. Question - how often does the policy changes get posted to the repositories ? And are the repositories the normal place to get the latest and greatest ?
View 2 Replies
View Related
Jun 20, 2009
I've been experiencing a problem with Fedora in which when I enable Wireless in Fedora, Wireless networking does not work in windows. HOwever, when disabled, it works correctly. Windows claims it is "not able to find any networks to connect to"
EDIT: It seems that when wireless is disabled manually on fedora before shutdown, there are no problems in windows.
View 14 Replies
View Related
May 20, 2010
I am new to Linux world. I want to configure wireless on my laptop to use ADSL.
View 9 Replies
View Related
