Yes, these are all installed. Plus I add policycoreutils-python for semanage to change policies like for changing the ssh port number. On 02/03/2017 08:50 AM, Gordan Bobic wrote: > I'm pretty sure I have SELinux enabled on my Chromebook 2 running > RSEL7. I don't recall having done anything special, it works by > default. I run that on ZoL ZFS root, and it just worked after > relabelling the file system (I migrated from zfs-fuse, and fuse > confuses SELinux rules because it ends up labelling everything as fuse > instead of the appropriate labels for the paths. I cannot imagine > CentOS 7 would be any different. You just need to make sure you have > policycoreutils, selinux-policy and selinux-policy-targeted installed, > and make sure /etc/selinux/config has SELINUXTYPE=targeted set. > > On Thu, Feb 2, 2017 at 9:55 PM, Robert Moskowitz <rgm at htt-consult.com > <mailto:rgm at htt-consult.com>> wrote: > > It seems that the SELinux problem is 'built into' the Cubietruck > image. > > All I did was put the image on a HD, expand the partitions, boot > up (uboot on the mSD card) > > in /boot/extlinux/extlinux.conf : change the "enforcing=0" to > "enforcing=1" > > touch /.autorelabel > reboot > > On the console I saw the following messages: > > [ 14.709227] SELinux: Class binder not defined in policy. > [ 14.714741] SELinux: the above unknown classes and permissions > will be allowed > [ 14.778268] audit: type=1403 audit(14.745:2): policy loaded > auid=4294967295 ses=4294967295 > [ 14.813736] systemd[1]: Successfully loaded SELinux policy in > 785.600ms. > [ 15.294034] systemd[1]: Relabelled /dev and /run in 295.320ms. > > In the past, I did the relabeling after the 'yum update'. This > seems to show that SELinux is unhappy from the get go. I will > continue in permissive mode with loading up my DNS setup without > using chroot and see how the setup works. This is my internal DNS > that has no external access, so for now I will run a bit open... > > On 02/02/2017 10:50 AM, Robert Moskowitz wrote: > > I am ready for my next test, to try out named on a Cubieboard2. > > I want to run named with SELinux and not chroot named, and > with the problems I have had so far with SELinux and HTTPD > that no one has commented on what to do to fix the problem, I > was interested to first check out for any experience with named. > > I could always run named chrooted without enabling SELinux. > That is how I am running right now with RSEL6 (which does not > have SELinux working). But I would rather get back to using > SELinux and not chroot, as I had for years on Intel Centos. > > I have not seen any posts on updates to the Centos7-armv7 > rpms, so I am assuming that there has not been any fixes to my > SELinux problems. > > So anyone out there running named? > > thanks > > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org <mailto:Arm-dev at centos.org> > https://lists.centos.org/mailman/listinfo/arm-dev > <https://lists.centos.org/mailman/listinfo/arm-dev> > > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org <mailto:Arm-dev at centos.org> > https://lists.centos.org/mailman/listinfo/arm-dev > <https://lists.centos.org/mailman/listinfo/arm-dev> > > > > > _______________________________________________ > Arm-dev mailing list > Arm-dev at centos.org > https://lists.centos.org/mailman/listinfo/arm-dev -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/e3b93ccc/attachment-0006.html>