[CentOS] r-x and r-x.

Thu Apr 25 12:01:52 UTC 2013
mark <m.roth at 5-cent.us>

On 04/25/13 04:54, Johan Vermeulen wrote:
> Op 24-04-13 22:53, m.roth at 5-cent.us schreef:
>> John R. Dennison wrote:
>>> On Wed, Apr 24, 2013 at 03:06:11PM -0400, Daniel J Walsh wrote:
>>>> Disabling SELinux is not going to fix your problem.  Since the field is
>>>> just showing you that you have extended attibutes assigned to yr files.
>>>>
>>>> Why not just script around it.
>>>>
>>>> ls -l | sed 's/\. / /g'
>>>>
>>>> Would replace all ". " from your output.
>>> Because that would be too easy and people absolutely love to shoot
>>> themselves in the face by disabling selinux.  Because it is, as we all
>>> know, ridiculously hard to manage.
>> Don't get me started. I'm fighting it regularly. For example,
>> SELinux is preventing /usr/bin/perl from getattr access on the file
>> /sys/devices/system/node/node0/meminfo. For complete SELinux messages.
>>
>> And yes, I did post a few things to the selinux list....
>
> thanks again for the reactions.
>
> This is the NetworkManager script I'm trying to use:
<snip>
> as far as I can test this at the moment, it works without Selinux and
> doesn't work with Selinux enabled.
>
> I also want Selinux enabled.
> So I will do some searching on how to make it work with Selinux.
>

Two things: unless this is a laptop, shut down NetworkManager - there is 
*no* use for it in a wired environment. And edit 
/etc/sysconfig/network-scripts/ifcfg-eth? so that they say 
NMCONTROLLED="no". network works just fine, and doesn't introduce the 
overhead.

Second, check the selinux contexts - ll -Z, and if setroubleshoot isn't 
installed, you should do so. Running the sealert messages that show in 
/var/log/messages will frequently (NOT always) help you fix the context 
issues.

	mark


-- 
mummy, n.: An Egyptian who was pressed for time.