I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port.
To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy.
I have done exactly that, reassign port contexts, in the past without encountering this situation. So it has to be a recent development. I am not against SELinux. We use it extensively. But this is not security it is simply BS.
It is stuff like this that causes people to say just turn selinux off altogether.
semodule -r apache libsepol.print_missing_requirements: awstats's global requirements were not met: type/attribute httpd_log_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r awstats
semodule -r apache libsepol.print_missing_requirements: bugzilla's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r bugzilla
semodule -r apache libsepol.print_missing_requirements: cobbler's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r cobbler
semodule -r apache libsepol.print_missing_requirements: collectd's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r collectd
semodule -r apache libsepol.print_missing_requirements: git's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r git
semodule -r apache libsepol.print_missing_requirements: gpg's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r gpg
semodule -r apache libsepol.print_missing_requirements: mediawiki's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r mediawiki
semodule -r apache libsepol.print_missing_requirements: munin's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r munin
semodule -r apache libsepol.print_missing_requirements: nagios's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r nagios
semodule -r apache libsepol.print_missing_requirements: w3c's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r apache libsepol.print_missing_requirements: webadm's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r webadm
semodule -r apache libsepol.print_missing_requirements: webalizer's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r webalizer
semodule -r apache libsepol.context_from_record: type httpd_openshift_script_exec_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:object_r:httpd_openshift_script_exec_t:s0 to sid invalid context unconfined_u:object_r:httpd_openshift_script_exec_t:s0 libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed!
semodule -R [root@xnet241 ~]# semanage port -d -t http_port_t -p tcp 80 /usr/sbin/semanage: Port tcp/80 is defined in policy, cannot be deleted
I used the command: semanage port -m -t http_port_t -p tcp 8000 to relabel a port. perhaps you could try: "semanage port -m -t unconfined_t -p tcp 8000" Failing that; would it work to run your application in the httpd_t domain?
Ta,
Andrew
On 1 April 2015 at 18:23, James B. Byrne byrnejb@harte-lyne.ca wrote:
I want you all to see what I went through trying to simply reassign (unsuccessfully) the context of a well-known port.
To the best of my ability to recall none of the packages mentioned below are even installed on the host in question. Why are these dependices preventing me from removing a disused SELinux policy.
I have done exactly that, reassign port contexts, in the past without encountering this situation. So it has to be a recent development. I am not against SELinux. We use it extensively. But this is not security it is simply BS.
It is stuff like this that causes people to say just turn selinux off altogether.
semodule -r apache libsepol.print_missing_requirements: awstats's global requirements were not met: type/attribute httpd_log_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r awstats
semodule -r apache libsepol.print_missing_requirements: bugzilla's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r bugzilla
semodule -r apache libsepol.print_missing_requirements: cobbler's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r cobbler
semodule -r apache libsepol.print_missing_requirements: collectd's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r collectd
semodule -r apache libsepol.print_missing_requirements: git's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r git
semodule -r apache libsepol.print_missing_requirements: gpg's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r gpg
semodule -r apache libsepol.print_missing_requirements: mediawiki's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r mediawiki
semodule -r apache libsepol.print_missing_requirements: munin's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r munin
semodule -r apache libsepol.print_missing_requirements: nagios's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r nagios
semodule -r apache libsepol.print_missing_requirements: w3c's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r apache libsepol.print_missing_requirements: webadm's global requirements were not met: type/attribute httpd_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r webadm
semodule -r apache libsepol.print_missing_requirements: webalizer's global requirements were not met: type/attribute httpd_sys_content_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!
semodule -r webalizer
semodule -r apache libsepol.context_from_record: type httpd_openshift_script_exec_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:object_r:httpd_openshift_script_exec_t:s0 to sid invalid context unconfined_u:object_r:httpd_openshift_script_exec_t:s0 libsemanage.semanage_install_active: setfiles returned error code 1. semodule: Failed!
semodule -R [root@xnet241 ~]# semanage port -d -t http_port_t -p tcp 80 /usr/sbin/semanage: Port tcp/80 is defined in policy, cannot be deleted
-- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Andrew Holway -
James B. Byrne