[Arm-dev] Anyone running named on armv7 with selinux?

Fri Feb 3 13:58:04 UTC 2017
Robert Moskowitz <rgm at htt-consult.com>

Gordon,

One would think that, but there is something off with at least the 
CubieTruck build.  I will check that all those rpms are installed 
(pretty sure they are), but when I set up a web server with personal 
directories, i got permission errors on listing the files, but no 
problem displaying individual files.  Plus there are all these SELinux 
warnings I am getting that seem to indicate something is amiss.

I am reaching the point of focusing on Fedora server for now.  I had 
hopes of pushing Centos7-arm in a couple of business venues.

Bob

On 02/03/2017 08:50 AM, Gordan Bobic wrote:
> I'm pretty sure I have SELinux enabled on my Chromebook 2 running 
> RSEL7. I don't recall having done anything special, it works by 
> default. I run that on ZoL ZFS root, and it just worked after 
> relabelling the file system (I migrated from zfs-fuse, and fuse 
> confuses SELinux rules because it ends up labelling everything as fuse 
> instead of the appropriate labels for the paths. I cannot imagine 
> CentOS 7 would be any different. You just need to make sure you have 
> policycoreutils, selinux-policy and selinux-policy-targeted installed, 
> and make sure /etc/selinux/config has SELINUXTYPE=targeted set.
>
> On Thu, Feb 2, 2017 at 9:55 PM, Robert Moskowitz <rgm at htt-consult.com 
> <mailto:rgm at htt-consult.com>> wrote:
>
>     It seems that the SELinux problem is 'built into' the Cubietruck
>     image.
>
>     All I did was put the image on a HD, expand the partitions, boot
>     up (uboot on the mSD card)
>
>     in    /boot/extlinux/extlinux.conf : change the "enforcing=0" to
>     "enforcing=1"
>
>     touch /.autorelabel
>     reboot
>
>     On the console I saw the following messages:
>
>     [   14.709227] SELinux:  Class binder not defined in policy.
>     [   14.714741] SELinux: the above unknown classes and permissions
>     will be allowed
>     [   14.778268] audit: type=1403 audit(14.745:2): policy loaded
>     auid=4294967295 ses=4294967295
>     [   14.813736] systemd[1]: Successfully loaded SELinux policy in
>     785.600ms.
>     [   15.294034] systemd[1]: Relabelled /dev and /run in 295.320ms.
>
>     In the past, I did the relabeling after the 'yum update'. This
>     seems to show that SELinux is unhappy from the get go. I will
>     continue in permissive mode with loading up my DNS setup without
>     using chroot and see how the setup works. This is my internal DNS
>     that has no external access, so for now I will run a bit open...
>
>     On 02/02/2017 10:50 AM, Robert Moskowitz wrote:
>
>         I am ready for my next test, to try out named on a Cubieboard2.
>
>         I want to run named with SELinux and not chroot named, and
>         with the problems I have had so far with SELinux and HTTPD
>         that no one has commented on what to do to fix the problem, I
>         was interested to first check out for any experience with named.
>
>         I could always run named chrooted without enabling SELinux. 
>         That is how I am running right now with RSEL6 (which does not
>         have SELinux working).  But I would rather get back to using
>         SELinux and not chroot, as I had for years on Intel Centos.
>
>         I have not seen any posts on updates to the Centos7-armv7
>         rpms, so I am assuming that there has not been any fixes to my
>         SELinux problems.
>
>         So anyone out there running named?
>
>         thanks
>
>
>         _______________________________________________
>         Arm-dev mailing list
>         Arm-dev at centos.org <mailto:Arm-dev at centos.org>
>         https://lists.centos.org/mailman/listinfo/arm-dev
>         <https://lists.centos.org/mailman/listinfo/arm-dev>
>
>
>     _______________________________________________
>     Arm-dev mailing list
>     Arm-dev at centos.org <mailto:Arm-dev at centos.org>
>     https://lists.centos.org/mailman/listinfo/arm-dev
>     <https://lists.centos.org/mailman/listinfo/arm-dev>
>
>
>
>
> _______________________________________________
> Arm-dev mailing list
> Arm-dev at centos.org
> https://lists.centos.org/mailman/listinfo/arm-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/07c662ec/attachment-0006.html>