I recently had three problems with SELinux: httpd_unify - SELinux prevented my web server from having write access. ftp_home_dir - SELinux prevented my virtual users from connecting to their home directory. textrel_shlib_t - SELinux prevented two separate Unreal Tournament 2.5 mods from running. The troubleshooter did not notify me of any of these problems. I finally figured out how to fix them on my own and did. CentOS had a very concise, albeit excessive SELinux troubleshooter that involved notifying you of every single problem on your server multiple times. Still, I would rather be spammed with notifications than receive none at all.
If I had not switched from a CentOS box, I would not know the chcon command to set textrel_shlib_t to my mods, as I cannot do it in the SELinux Administration without making it global. How do I fix the troubleshooter to report?
I just install Fedora 15 and I see the SELinux Policy Genertation Tool and the SELinux Administration application in the app launcher but I do not see the SELinux Troubleshooter app. I seems to be missing. How do I get it on my system?
Everytime I login the SELinux Troubleshooter panel applet alerts me that I have 1 alert to view, however when I click on the icon and bring up the Troubleshooter there are no alerts
You can find a list of all the booleans for SELinux (Fedora 10) using getsebool -a My question is, is there a reference online that describes each one. Most of obvious but it's one of those "I have to know because it's there situation).
I've a physical machine with FC9 running vmware server 1.0.6 with 2 virtual machines. Each virtual machine is also running FC9. Everything was running smoothly until one day, one virtual machine stop. I've checked /var/log/messages of that machine and it says:
Code: "no space left on device" . I try to create a file Code: touch dd and the answer is the same.
The odd thing about all this is that the machine (both virtual and physical) have enough space left. This is the space available reported by df -h. Physical machine
Code: [root@halwifi hotspot]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 228G 38G 179G 18% / /dev/sda1 190M 19M 162M 11% /boot tmpfs 1010M 96K 1010M 1% /dev/shm and the Virtual Machine
I am in a class called Linux System Administration and we are setting up Fedora 8 as a server. Per the class instructions, I have changed the default runlevel to 3 so the system always boots to a command line. The instructions say log in with your regular user account [I KNOW HOW TO DO THIS] and use the startx command to load GNOME. [I HAVE NO IDEA HOW TO DO THIS]
I searched the Internet and the text book, but found nothing I could understand.
I don't think it has anything to do with the config file. More to do with SElinux. I need to know how to configure SElinux so I can see my samba share when SELinux is on. When I setenforce 0 I can seen all the files and folders set it to setenforce 1 cannot see anything.
Here is the output when I ran [root@fileserver /]# getsebool -a | grep smb allow_smbd_anon_write --> on smbd_disable_trans --> on
These two options were off I tried turning them on.
This is another one of the commands I tried running. I did change a few options but I am not sure which I do need to change. I am running a stand alone server so I don't need the DC option.
[root@fileserver /]# getsebool -a | grep samba samba_domain_controller --> off samba_enable_home_dirs --> off samba_export_all_ro --> on samba_export_all_rw --> off samba_share_nfs --> off use_samba_home_dirs --> on
I have installed Fedora Core 11 with SELinux enforcing.It appears (via log files) that if I use a .forward file in the home directory for root that SELinux prevents the use of this mechanism for forwarding e-mail.Is there a way to continue to use SELinux and be able to forward root's e-mail to an outside account?
I got the following task from my boss. I have to find out if there is some alternative tool for create reports from Squid except SARG. Now, we use SARG, but my boss told to me, that the main problem of SARG is, that SARG generate huge amount files, which cause problems during migration our servers. He told to me the following condition for change of current tool (SARG):
* standard package of Debian * generate less amount of files, optimal is to save reports to the database
So I would like to ask you if you know about some tool (I can not find some by google)... and the best would be if you told to me some practical experiences.
I receive the message "SELinux is preventing /usr/sbin/vsftpd "net_raw" access" many times. Found this bug at redhat but really do not understand what i should do about it ((( Kindly let me know how to change this to normal. Shut down Selinux is not the way out.
When I try to login as a user, I get the dreaded "500 OOPS: cannot change directory:". Almost every posting I can find related to this problem was due to SELinux being enabled. My SELinux is operating in permissive mode. So why can't it open the home directory when I log in as the tarheelnk user?
I currently know how to run a traffic report on the whole host. How can I setup a cron job to run the report on a paticular virtual host and move it to the directory where it can be view over the net?
I'm looking at setting up a script that ssh's into our netapp (server01) and then reports an environmental chassis status list-sensors. being relatively new to programming I'm a little lost. I've gotten this far:
I am trying to install a HP deskjet 1000-J110a. I downloaded a driver package thing, and I guess I unpacked it, and I made it, and I thought I installed it. I am totally confused and my brain hurts. The printing troubleshooter is telling me: Missing Printer Driver
Printer 'Deskjet-1000-J110-series' requires the 'foomatic-rip-hplip' program but it is not currently installed. I found something that is the 'foomatic-rip-hplip', but what the heck do I do with it?
I'm running Ubuntu 10.04 with a complete LAMP installation (for local developement purpose).
Everything is OK (I installed phpMyAdmin without problems) except for one big problem: php shows 500 server internal error instead of a complete error report.
I tried editing php.ini and in-script runtime configuration but nothing changed.
This is a strange problem. I have Ubuntu server installed on a proper server hardware. My RAID card reports all four HDDs to ubuntu as single drives, which is how i set it up because Ubuntu does not recognize the raid card on the server. Now you might say if thats the case, why dont i remove the raid card and have the BIOS report to ubuntu as four single drives then i can perhaps setup software raid. Well my board has only one sata port.Ubuntu is all setup. on the first drive and i have set the other three up using software RAID.
System works great only problem is it freezes sometimes. Not everytime, just on the odd occassion I use the same Hardware without the raid card and of course just one HDD and it great. No freezes.That leads me to believe its the RAID card.My question is why will it run great for days and sometimes just freeze on me? Probably silly but if theres an issue with the RAID card, it should not work at all, should it?
I love to submit all bugs as I know the importance that this can play for further development. When I click on Bugzilla it allows me to write information etc and I even sign in with my forum id (I know it is not necessarily correct) but I didn't know what else to do and thought it would work. When I sign in it does not reject me until the very final step of the bu reporting process.My question to anyone is how can I get my bug reports to be accepted or how can I sign in to this area of Fedora if required?
I've installed Logwatch 7.3.6 via the rpm on my CentOS 5.4 server. The issue is I'm getting basically empty reports from logwatch. The only two sections which have any information are samba and diskspace.
The only default options in the config file I've modified are: Code: print = No output = html I'm suspecting the issue has to do with the fact that the as-logged host name doesn't match my current host name. However, I've tried manually changing this on a few entries so they match but they didn't show up in the report. According to the config file, the default for option HostLimit is "No" -- so Logwatch should not care what hostname it sees in a log file, right?
Ive tested this on 2 different machines each running Fedora 15. If I try to install gnome-schedule the system reports nothing to do or that the software is already installed. If I try to remove it the system reports that gnome-schedule is available but not installed. Anyone know how to approach this?
I have just got rid of Ubuntu in favor of Fedora, after more than ten years using Debian and Ubuntu. Most differences are pretty minimal but one big difference I haven't been able to master yet is the realm of rpm and yum. My kernel is 2.6.40-4.fc15.x86_64. Today, when running yum update I was greeted with a number of errors.
Output of yum check: Code: Loaded plugins: fastestmirror, langpacks, presto, refresh-packagekit glibc-2.14-5.x86_64 is a duplicate with glibc-2.14-4.x86_64 glibc-common-2.14-5.x86_64 is a duplicate with glibc-common-2.14-4.x86_64 1:perl-Module-Pluggable-3.90-160.fc15.noarch is a duplicate with 1:perl-Module-Pluggable-3.90-159.fc15.noarch 1:perl-Module-Pluggable-3.90-160.fc15.noarch has missing requires of perl = ('4', '5.12.4', '160.fc15') 1:perl-Pod-Escapes-1.04-160.fc15.noarch is a duplicate with 1:perl-Pod-Escapes-1.04-159.fc15.noarch 1:perl-Pod-Escapes-1.04-160.fc15.noarch has missing requires of perl = ('4', '5.12.4', '160.fc15') 1:perl-Pod-Simple-3.13-160.fc15.noarch is a duplicate with 1:perl-Pod-Simple-3.13-159.fc15.noarch 1:perl-Pod-Simple-3.13-160.fc15.noarch has missing requires of perl = ('4', '5.12.4', '160.fc15') I have also attached the output of yum update, which I believe is more verbose on the sources, etc.
I'm afraid that if I just start forcing removal of packages I'll render my system useless.
I'm running into some problems setting up Tor on Fedora 14. I have followed the following guide to a T (although I realize it is for Fedora 10):orum.org/showthread.php?t=211516.I believe the problem is SELinux... but I'm not sure. Has anyone had any success running Tor in Fedora 14 without it bugging out? If not, is there some sort of Unix alternative?
I would like to ask if there's a program that can archive all emails from my employees to a certain server and can generate reports. specifically all types of emails incoming and outgoing. My employees are aware of my policy due to many confidential files within our office.
There are several options available, such as "Ignore Alert" and "Turn off memory protection". What are the consequences of choosing one or the other?I'm new to Fedora and I'm not familiar with SELinux. Can someone please give me guidelines (or explanation) on how to deal with SELinux alerts?
I came across the following method of how to permanently disabling selinux and it's notifications. Although changing enforcement from the gui into permissive mode does most of the job, the notifications still pop-up when some applications are started.
So to disable it do the following:
open terminal as root and execute:
Quote:
And then change the SELINUX line to SELINUX=disabled
Quote:
This is it. Now reboot the system and selinux will never bother you again.
If you are not a Fedora user and you are using this forum just because we are cooler here then you will not find the /etc/selinux/config as in the fedora releases. What you need to do is to edit the kernel boot line and add selinux=0 at the end:
After my cloning problems this morning were resolved, I have been able to complete conversion of the clone to run from an encrypted root partition. However, I have been unable to enable selinux when running from the encrypted root. /etc/selinux/config contains the settings that work on my unencrypted system
SELINUX=enforcing SELINUXTYPE=targeted
and it is not disabled from the grub bootline, but the encrypted system always comes up with selinux disabled. Attempting to enable it with the command setenforce 1 fails, and to add insult to injury, the selinux administration-gui shows that it is enabled and enforcing. The cloned, now encrypted, system was cloned via rsync -aHXv, so the selinux contexts/attributes have been maintained as near as I can tell. I did have to disable selinux while performing the rsync of the /selinux directory in order to get it to copy and I am wondering if there was still some issue with this method.
I know some of you are running from encrypted root fs's and was wondering: Do you have selinux enabled and is it functioning properly? Any suggestions as to how I might jumpstart it or force it to run? Maybe I should boot into the system and uninstalling/reinstalling selinux?
I just upgraded to fedora 12 via clean install with old /home partition and deleting old config files, and here is my issue. I need to edit the menu, and I need to set SELinux to permissive. OOo will not run with SELinux enabled for some reason, and besides, all my systems use SELinux in permissive. These two options no longer exist in the menu
