I have an SE Linux alert that won't go away
by ToddAndMargo
Hi All,
I have an SE Linux alert that keeps coming back and back.
# ausearch -c 'geoclue' --raw | audit2allow -M my-geoclue
# semodule -X 300 -i my-geoclue.pp
Gets rid of it for a day.
And I know that geoclue has issues at the moment:
Unable to connect to GeoClue. Unable to get location from provider.
#318
https://github.com/jonls/redshift/issues/318#issuecomment-401908696
Redshift cannot get location:
https://bugzilla.redhat.com/show_bug.cgi?id=1585970
Any words of Wisdom?
Many thanks,
-T
SELinux is preventing geoclue from getattr access on the file
/proc/<pid>/cgroup.
***** Plugin catchall (100. confidence) suggests
**************************
If you believe that geoclue should be allowed getattr access on the
cgroup file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'geoclue' --raw | audit2allow -M my-geoclue
# semodule -X 300 -i my-geoclue.pp
Additional Information:
Source Context system_u:system_r:geoclue_t:s0
Target Context system_u:system_r:unconfined_service_t:s0
Target Objects /proc/<pid>/cgroup [ file ]
Source geoclue
Source Path geoclue
Port <Unknown>
Host server.storall.local
Source RPM Packages
Target RPM Packages
Policy RPM <Unknown>
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name server.storall.local
Platform Linux server.storall.local
4.17.3-200.fc28.x86_64
#1 SMP Tue Jun 26 14:17:07 UTC 2018
x86_64 x86_64
Alert Count 1
First Seen 2018-07-20 20:51:17 PDT
Last Seen 2018-07-20 20:51:17 PDT
Local ID 46bfb135-51d6-49d1-b573-eb3afe5c25b8
Raw Audit Messages
type=AVC msg=audit(1532145077.24:34049): avc: denied { getattr } for
pid=11543 comm="geoclue" path="/proc/10951/cgroup" dev="proc"
ino=284431279 scontext=system_u:system_r:geoclue_t:s0
tcontext=system_u:system_r:unconfined_service_t:s0 tclass=file permissive=0
Hash: geoclue,geoclue_t,unconfined_service_t,file,getattr
5 years, 10 months
Fedora-MATE-Compiz
by Maksym Bilak
Hello.
Using this mailing list, I would like to contact the developers of the
Fedora-MATE-Compiz distribution. I would be very grateful for solving
the problems described below.
1. By default, the keyboard shortcut for the Toggle screen reader is not
assigned in the distribution. Could you assign a keyboard shortcut super
+ alt + s to the Toggle screen reader? This key combination has already
become a peculiar standard.
It will make life easier for people with visual impairment ...
2. When installing the system on a hard drive, closer to the end of the
process, the Orca screen reader suddenly turns off (I hear Screen Reader
Off). I can easily restart Orca; But this situation will cause
discomfort for less experienced users.
There are no special conditions to reproduce the situation. Just try
installing the system on your hard drive by turning on Orca.
3. I do not know if this is a bug. When installing Fedora-Workstation,
selecting the Ukrainian language in the first dialog, I saw that the
time zone was configured correctly (Europe Kyiv). Fedora-MATE-Compiz
automatically adjusts the time zone (America New York).
I installed both systems without connecting to the Internet.
4. Add, please, the NetworkManager-ppp package to future releases. This
will allow users who do not have an alternative to the mobile Internet
to connect to the Internet without additional manipulations.
5. Using the Ukrainian MATE interface, I can not configure the keyboard
shortcuts to switch between keyboard layouts.
Steps to reproduce:
5.1. Ukrainian interface language MATE;
5.2. Press Alt + F1 to enter the main menu;
5.3. Submenu Система (System);
5.4. Submenu Налаштування (Preferences);
5.5. Submenu Пристрої (Hardware);
5.6. Activate an item Набірниця (Keyboard);
5.7. Select a tab Розкладки (Layouts);
5.8. Click the button Параметри (Options...).
After that, "Keyboard" closes and the focus falls onto the desktop.
I also note that this problem is missing when using the English-language
interface of MATE.
This problem is absent, for example, in the distribution of Ubuntu-MATE.
I would be very grateful for the attention to these problems; And sorry
for my bad English.
5 years, 10 months
Select packages missing from repo
by Alex
Hi,
I have a fedora28 machine that was upgraded from fedora25 and having
some problems with some packages showing as unavailable from the repo.
perl-Encode is one such package. On one machine "dnf info perl-Encode"
shows the package is available, but on others it is not.
# dnf info perl-Encode
Last metadata expiration check: 2:30:58 ago on Fri 20 Jul 2018 12:28:10 PM EDT.
Error: No matching Packages to list
What could cause this? I've tried running "dnf clean all" then
re-running the dnf info command with no change.
The following is the [fedora] section of /etc/yum.repos.d/fedora.repo:
# cat fedora.repo
[fedora]
name=Fedora $releasever - $basearch
failovermethod=priority
#baseurl=http://download.fedoraproject.org/pub/fedora/linux/releases/$releasever/Everything/$basearch/os/
metalink=https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasev...
enabled=1
metadata_expire=7d
repo_gpgcheck=0
type=rpm
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$releasever-$basearch
skip_if_unavailable=False
What more can be done to troubleshoot this?
5 years, 10 months
No desktop in tweak (fedrao 28)
by Patrick Dupre
Hello,
After the upgrade to fedora 28, I lost the tab "Desktop" under tweak.
I found this:
You need to install in this folder name
https://github.com/Ste74/org.gnome.desktop-icons-reworked/blob/master/met...
For an accident i forgot the -shell in the name
But I do not understand.
Some help?
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
5 years, 10 months
nedit
by Patrick Dupre
Hello,
The Numerical pad cannot be used with fedora 28.
This is an old issue, but it is still not solved.
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
5 years, 10 months
Odd ARP entry
by Jeffrey Ross
looking at the arp table on my system I see that I have one entry that
shouldn't be there -
proxy10.fedoraproject.org (209.132.181.15) at 50:3d:e5:f5:b6:c0 [ether]
on enp0s25
First, the subnet this machine lives on is 172.18.19.0/24 and all of the
other arp entries are correct as they are for hosts on my subnet. The
MAC address listed for "proxy10.fedoraproject..." is my router which
tells me that my router is supplying a proxy-arp response which I'm ok
with, at least for now.
So my questions are -
1) Why is this fedora system not following the routing table to reach
209.132.181.15, there is no route other than default that would match
this network
2) More importantly why is this machine trying to reach
proxy10.fedoraproject.org ??? (currently there are no open sessions to
this destination)
System is Fedora 28 with all the latest updates, and I have no
recollection of ever configuring a fedoraproject proxy.
Jeff
5 years, 10 months
file own by 2 packages
by Patrick Dupre
Hello,
Doing:
rpm -qf /usr/share/texmf
I get
texlive-base-2016-33.20160520.fc26.1.noarch
R-core-3.4.4-1.fc26.x86_64
showing that /usr/share/texmf
belongs to 2 different packages.
How can I remove it from one package?
This gives an issue when I try to update my distribution.
My Best.
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
5 years, 10 months
Bug 1577224
by Patrick Dupre
Hello,
Updating from fedora 26 to feora 28, I get the error:
Error: Transaction check error:
file /usr/share/texmf conflicts between attempted installs of R-core-3.4.4-1.fc28.x86_64 and texlive-base-7:20170520-37.fc28.x86_64
It seems that it is a bug, but I am not sure that it has been solved properly.
Anyway, what should I do now?
Stop the upgade?
Remove one of the packages?
Thank.
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
5 years, 10 months
Re: lost nfs mount -
by Ed Greshko
On 07/20/18 05:58, Bob Goodwin wrote:
> On 07/19/18 17:42, Ed Greshko wrote:
>> The server is a Fedora system, yes? And, has it been rebooted?
> .
> Fedora 27 and 28, rebooted several times today ...
>
> I probably should have mentioned doing:
>
> [root@Box10 86data]# ss -t -l -n
> State Recv-Q Send-Q Local
> Address:Port Peer Address:Port
> LISTEN 0 128
> 0.0.0.0:60705 0.0.0.0:*
> LISTEN 0 128
> 0.0.0.0:111 0.0.0.0:*
> LISTEN 0 32
> 192.168.124.1:53 0.0.0.0:*
> LISTEN 0 128
> 0.0.0.0:22 0.0.0.0:*
> LISTEN 0 5
> 0.0.0.0:631 0.0.0.0:*
> LISTEN 0 128
> [::]:59745 [::]:*
> LISTEN 0 128
> [::]:111 [::]:*
> LISTEN 0 128
> [::]:22 [::]:*
> LISTEN 0 5
> [::]:631 [::]:*
>> I don't currently have a Fedora system running as a NFSv4 server...but what do you
>> get when you do this from a client?
>>
>> telnet yourserver 2049
> .
> [root@Box10 86data]# telnet 192.168.1.86 2049
> Trying 192.168.1.86...
> telnet: connect to address 192.168.1.86: Connection refused
>
>
That means the nfs server isn't running....
I have a Fedora server now up on my end running F28....
Do you have something like this?
[root@f28k-b1 ~]# systemctl status nfs
● nfs-server.service - NFS server and services
Loaded: loaded (/usr/lib/systemd/system/nfs-server.service; enabled; vendor pre>
Drop-In: /run/systemd/generator/nfs-server.service.d
└─order-with-mounts.conf
Active: active (exited) since Fri 2018-07-20 06:10:15 CST; 13min ago
Process: 4800 ExecStart=/bin/sh -c if systemctl -q is-active gssproxy; then syst>
Process: 4787 ExecStart=/usr/sbin/rpc.nfsd $RPCNFSDARGS (code=exited, status=0/S>
Process: 4786 ExecStartPre=/usr/sbin/exportfs -r (code=exited, status=0/SUCCESS)
Main PID: 4800 (code=exited, status=0/SUCCESS)
Jul 20 06:10:15 f28k-b1.greshko.com systemd[1]: Starting NFS server and services...
Jul 20 06:10:15 f28k-b1.greshko.com systemd[1]: Started NFS server and services.
--
Conjecture is just a conclusion based on incomplete information. It isn't a fact.
5 years, 10 months