[Arm-dev] Anyone running named on armv7 with selinux?

Fri Feb 3 13:50:11 UTC 2017
Gordan Bobic <gordan at redsleeve.org>

I'm pretty sure I have SELinux enabled on my Chromebook 2 running RSEL7. I
don't recall having done anything special, it works by default. I run that
on ZoL ZFS root, and it just worked after relabelling the file system (I
migrated from zfs-fuse, and fuse confuses SELinux rules because it ends up
labelling everything as fuse instead of the appropriate labels for the
paths. I cannot imagine CentOS 7 would be any different. You just need to
make sure you have policycoreutils, selinux-policy and
selinux-policy-targeted installed, and make sure /etc/selinux/config has
SELINUXTYPE=targeted set.

On Thu, Feb 2, 2017 at 9:55 PM, Robert Moskowitz <rgm at htt-consult.com>
wrote:

> It seems that the SELinux problem is 'built into' the Cubietruck image.
>
> All I did was put the image on a HD, expand the partitions, boot up (uboot
> on the mSD card)
>
> in    /boot/extlinux/extlinux.conf : change the "enforcing=0" to
> "enforcing=1"
>
> touch /.autorelabel
> reboot
>
> On the console I saw the following messages:
>
> [   14.709227] SELinux:  Class binder not defined in policy.
> [   14.714741] SELinux: the above unknown classes and permissions will be
> allowed
> [   14.778268] audit: type=1403 audit(14.745:2): policy loaded
> auid=4294967295 ses=4294967295
> [   14.813736] systemd[1]: Successfully loaded SELinux policy in 785.600ms.
> [   15.294034] systemd[1]: Relabelled /dev and /run in 295.320ms.
>
> In the past, I did the relabeling after the 'yum update'.  This seems to
> show that SELinux is unhappy from the get go.  I will continue in
> permissive mode with loading up my DNS setup without using chroot and see
> how the setup works.  This is my internal DNS that has no external access,
> so for now I will run a bit open...
>
> On 02/02/2017 10:50 AM, Robert Moskowitz wrote:
>
>> I am ready for my next test, to try out named on a Cubieboard2.
>>
>> I want to run named with SELinux and not chroot named, and with the
>> problems I have had so far with SELinux and HTTPD that no one has commented
>> on what to do to fix the problem, I was interested to first check out for
>> any experience with named.
>>
>> I could always run named chrooted without enabling SELinux.  That is how
>> I am running right now with RSEL6 (which does not have SELinux working).
>> But I would rather get back to using SELinux and not chroot, as I had for
>> years on Intel Centos.
>>
>> I have not seen any posts on updates to the Centos7-armv7 rpms, so I am
>> assuming that there has not been any fixes to my SELinux problems.
>>
>> So anyone out there running named?
>>
>> thanks
>>
>>
>> _______________________________________________
>> Arm-dev mailing list
>> Arm-dev at centos.org
>> https://lists.centos.org/mailman/listinfo/arm-dev
>>
>>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/38f51fcb/attachment-0006.html>