[CentOS] r-x and r-x.

Daniel J Walsh dwalsh at redhat.com
Thu Apr 25 12:49:20 UTC 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/25/2013 04:54 AM, Johan Vermeulen wrote:
> 
> 
> 
> 
> Op 24-04-13 22:53, m.roth at 5-cent.us schreef:
>> John R. Dennison wrote:
>>> On Wed, Apr 24, 2013 at 03:06:11PM -0400, Daniel J Walsh wrote:
>>>> Disabling SELinux is not going to fix your problem.  Since the field
>>>> is just showing you that you have extended attibutes assigned to yr
>>>> files.
>>>> 
>>>> Why not just script around it.
>>>> 
>>>> ls -l | sed 's/\. / /g'
>>>> 
>>>> Would replace all ". " from your output.
>>> Because that would be too easy and people absolutely love to shoot 
>>> themselves in the face by disabling selinux.  Because it is, as we all 
>>> know, ridiculously hard to manage.
>> Don't get me started. I'm fighting it regularly. For example, SELinux is
>> preventing /usr/bin/perl from getattr access on the file 
>> /sys/devices/system/node/node0/meminfo. For complete SELinux messages.
>> 
>> And yes, I did post a few things to the selinux list....
>> 
>> mark
>> 
>> _______________________________________________ CentOS mailing list 
>> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
> 
> Dear All,
> 
> thanks again for the reactions.
> 
> This is the NetworkManager script I'm trying to use:
> 
> ----------------------------------------------------- #!/bin/sh
> 
> export LC_ALL=C
> 
> if [ "$2" = "down" ]; then exit0 fi
> 
> if [ "$2" = "up" ]; then #LAN Subnet at work NETMASK="192.168.66.128/25" if
> [ -n "`/sbin/ip addr show $IF to $NETMASK`" ]; then
> 
> rsync -azvp /home/james/ 192.168.66.129:/home/jvermeulen
> 
See if chcon -t bin_t /usr/bin/rsync solves your problem.

I believe that NetworkManager runs its helper scripts as initrc_t which is an
unconfined domains, except that when it executes rsync, it transition to a
confined rsync server domain(rsync_t).  Changing the context to bin_t would
eliminate the transition and leave rsync running in initrc_t.
> fi fi
> 
> --------------------------------------------------------------------------------------------------------------------------------
>
>  as far as I can test this at the moment, it works without Selinux and 
> doesn't work with Selinux enabled.
> 
> I also want Selinux enabled. So I will do some searching on how to make it
> work with Selinux.
> 
> Greetings, J.
> 
> _______________________________________________ CentOS mailing list 
> CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlF5JlAACgkQrlYvE4MpobN/FgCfRbN/kbhKTlkuEt9LsD5cIdWN
eRQAoMNhwlUIebj9gI1Vh1iCrAiq5kWD
=8yid
-----END PGP SIGNATURE-----

More information about the CentOS mailing list