[Arm-dev] Anyone running named on armv7 with selinux?

Fri Feb 3 14:33:53 UTC 2017
Robert Moskowitz <rgm at htt-consult.com>


On 02/03/2017 09:05 AM, Gordan Bobic wrote:
> On Fri, Feb 3, 2017 at 1:58 PM, Robert Moskowitz <rgm at htt-consult.com 
> <mailto:rgm at htt-consult.com>> wrote:
>
>     Gordon,
>
>     One would think that, but there is something off with at least the
>     CubieTruck build.  I will check that all those rpms are installed
>     (pretty sure they are), but when I set up a web server with
>     personal directories, i got permission errors on listing the
>     files, but no problem displaying individual files. Plus there are
>     all these SELinux warnings I am getting that seem to indicate
>     something is amiss.
>
>     I am reaching the point of focusing on Fedora server for now.  I
>     had hopes of pushing Centos7-arm in a couple of business venues.
>
>
>
>
> Are you certain it is an SELinux problem, and if so, are parent 
> directory labels correct?
> The symptoms you are describing seem more typically indicative of an 
> Apache configuration problem.
> Do tail -f on /var/log/audit/audit.log and see what appears there. If 
> there is a SELinux violation, it will show up in there.

I will switch drives back to the http drive, from my current dns setup 
work to try that.

Meanwhile, on this new drive I just tested to insure that the 
selinux-policy and -targeted were installed.  Seems that there is an 
update (I have not run yum update on this install test yet) and got the 
following.  You can see that there is something wrong in SELinux land.  
What is "Class binder not defined in policy." and why is it not defined:

# yum install selinux-policy selinux-policy-targeted
Loaded plugins: fastestmirror
base                                                     | 3.6 kB     00:00
centos-kernel                                            | 2.9 kB     00:00
extras                                                   | 2.9 kB     00:00
updates                                                  | 2.9 kB     00:00
Loading mirror speeds from cached hostfile
Resolving Dependencies
--> Running transaction check
---> Package selinux-policy.noarch 0:3.13.1-102.el7 will be updated
---> Package selinux-policy.noarch 0:3.13.1-102.el7.7 will be an update
---> Package selinux-policy-targeted.noarch 0:3.13.1-102.el7 will be updated
---> Package selinux-policy-targeted.noarch 0:3.13.1-102.el7.7 will be 
an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
  Package                     Arch       Version Repository   Size
================================================================================
Updating:
  selinux-policy              noarch     3.13.1-102.el7.7 updates     412 k
  selinux-policy-targeted     noarch     3.13.1-102.el7.7 updates     6.4 M

Transaction Summary
================================================================================
Upgrade  2 Packages

Total download size: 6.8 M
Is this ok [y/d/N]: y
Downloading packages:
Delta RPMs disabled because /usr/bin/applydeltarpm not installed.
(1/2): selinux-policy-3.13.1-102.el7.7.noarch.rpm          | 412 kB   00:06
(2/2): selinux-policy-targeted-3.13.1-102.el7.7.noarch.rpm | 6.4 MB   00:09
--------------------------------------------------------------------------------
Total                                              719 kB/s | 6.8 MB  00:09
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
   Updating   : 
selinux-policy-3.13.1-102.el7.7.noarch                       1/4
   Updating   : 
selinux-policy-targeted-3.13.1-102.el7.7.noarch              2/4
[58759.850413] SELinux:  Class binder not defined in policy.
[58759.855917] SELinux: the above unknown classes and permissions will 
be allowed
   Cleanup    : 
selinux-policy-targeted-3.13.1-102.el7.noarch                3/4
   Cleanup    : 
selinux-policy-3.13.1-102.el7.noarch                         4/4
   Verifying  : 
selinux-policy-3.13.1-102.el7.7.noarch                       1/4
   Verifying  : 
selinux-policy-targeted-3.13.1-102.el7.7.noarch              2/4
   Verifying  : 
selinux-policy-targeted-3.13.1-102.el7.noarch                3/4
   Verifying  : 
selinux-policy-3.13.1-102.el7.noarch                         4/4

Updated:
   selinux-policy.noarch 0:3.13.1-102.el7.7
   selinux-policy-targeted.noarch 0:3.13.1-102.el7.7

Complete!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/arm-dev/attachments/20170203/ffdb8d53/attachment-0006.html>