[Arm-dev] Anyone running named on armv7 with selinux?
Robert Moskowitz
rgm at htt-consult.com
Fri Feb 3 14:01:15 UTC 2017
Yes, these are all installed. Plus I add policycoreutils-python for
semanage to change policies like for changing the ssh port number.
On 02/03/2017 08:50 AM, Gordan Bobic wrote:
> I'm pretty sure I have SELinux enabled on my Chromebook 2 running
> RSEL7. I don't recall having done anything special, it works by
> default. I run that on ZoL ZFS root, and it just worked after
> relabelling the file system (I migrated from zfs-fuse, and fuse
> confuses SELinux rules because it ends up labelling everything as fuse
> instead of the appropriate labels for the paths. I cannot imagine
> CentOS 7 would be any different. You just need to make sure you have
> policycoreutils, selinux-policy and selinux-policy-targeted installed,
> and make sure /etc/selinux/config has SELINUXTYPE=targeted set.
>
> On Thu, Feb 2, 2017 at 9:55 PM, Robert Moskowitz <rgm at htt-consult.com
> <mailto:rgm at htt-consult.com>> wrote:
>
> It seems that the SELinux problem is 'built into' the Cubietruck
> image.
>
> All I did was put the image on a HD, expand the partitions, boot
> up (uboot on the mSD card)
>
> in /boot/extlinux/extlinux.conf : change the "enforcing=0" to
> "enforcing=1"
>
> touch /.autorelabel
> reboot
>
> On the console I saw the following messages:
>
> [ 14.709227] SELinux: Class binder not defined in policy.
> [ 14.714741] SELinux: the above unknown classes and permissions
> will be allowed
> [ 14.778268] audit: type=1403 audit(14.745:2): policy loaded
> auid=4294967295 ses=4294967295
> [ 14.813736] systemd[1]: Successfully loaded SELinux policy in
> 785.600ms.
> [ 15.294034] systemd[1]: Relabelled /dev and /run in 295.320ms.
>
> In the past, I did the relabeling after the 'yum update'. This
> seems to show that SELinux is unhappy from the get go. I will
> continue in permissive mode with loading up my DNS setup without
> using chroot and see how the setup works. This is my internal DNS
> that has no external access, so for now I will run a bit open...
>
> On 02/02/2017 10:50 AM, Robert Moskowitz wrote:
>
> I am ready for my next test, to try out named on a Cubieboard2.
>
> I want to run named with SELinux and not chroot named, and
> with the problems I have had so far with SELinux and HTTPD
> that no one has commented on what to do to fix the problem, I
> was interested to first check out for any experience with named.
>
> I could always run named chrooted without enabling SELinux.
> That is how I am running right now with RSEL6 (which does not
> have SELinux working). But I would rather get back to using
> SELinux and not chroot, as I had for years on Intel Centos.
>
> I have not seen any posts on updates to the Centos7-armv7
> rpms, so I am assuming that there has not been any fixes to my
> SELinux problems.
>
> So anyone out there running named?
>
> thanks
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org <mailto:Arm-dev at centos.org>
> https://lists.centos.org/mailman/listinfo/arm-dev
> <https://lists.centos.org/mailman/listinfo/arm-dev>
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org <mailto:Arm-dev at centos.org>
> https://lists.centos.org/mailman/listinfo/arm-dev
> <https://lists.centos.org/mailman/listinfo/arm-dev>
>
>
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/e3b93ccc/attachment-0001.html>
More information about the Arm-dev
mailing list