Wifi connection issues with Intel?
Daniel J Walsh
dwalsh at redhat.com
Mon Jun 16 18:08:02 UTC 2014
On 06/16/2014 01:35 PM, Richard Shaw wrote:
> On Mon, Jun 16, 2014 at 12:19 PM, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
>
> On 06/12/2014 10:14 AM, Richard Shaw wrote:
>> On Thu, Jun 12, 2014 at 6:56 AM, Daniel J Walsh
>> <dwalsh at redhat.com <mailto:dwalsh at redhat.com>> wrote:
>>
>>> The full unifi software is java with a mongodb database
>>> backend and works fine. I have a RPM I created, the only
>>> problem I haven't been able to fix is the selinux issues,
>>> one for the private mongodb instance, and then the ports it
>>> binds to.
>> Please open a bugzilla for the SELinux issues.
>>
>>
>> Before I open a BZ, here's what I have in my spec file which from
>> what I understand should be persistent...
>>
>> %posttrans
>> /usr/sbin/semanage fcontext -e /var/lib/mongod
>> "/var/lib/unifi/logs(/.*)?"
>> /usr/sbin/semanage fcontext -e /var/lib/mongod
>> "/var/lib/unifi/data(/.*)?"
>> /usr/sbin/semanage port -m -t mongod_port_t 27117
>>
>> Or should this be handled in a policy?
>>
>> Thanks,
>> Richard
>>
>>
> I think your post install should look like.
>
> /usr/sbin/semanage fcontext -e /var/log/mongod "/var/lib/unifi/logs"
> /usr/sbin/semanage fcontext -e /var/lib/mongod "/var/lib/unifi/data"
> /usr/sbin/semanage port -m -t mongod_port_t 27117
>
> Don't use the regex. Also I would figure the logs should be
> labeled mongod_log_t rather then mongod_lib_t.
>
>
> What is the concern with regex?
> It is specific to packaging? Most of the examples I found online used
> that method... As far as the label, since everything is getting dumped
> in /var/lib I figured that would be OK.
>
Not a concern with regex. it just will not work. The examples you have
seen on line, were not using equivalence. They were using generic
labelling.
Equivalence tells SELinux to swap the second part of the path with the
first. You code would only match file paths that began with
/var/lib/unifi/logs(/.*?) Not /var/lib/unifi/logs/foobar.log
>
> If this is a standard location for this code, we should put it
> into the base package.
>
>
> There is not a standard install location, the install will "work" as
> long as everything stays in the same relative location (the unifi
> directory). Since it writes a lot of stuff I figured /var was the best
> (only?) real option.
>
Yes
> Following the example of a draft wiki I can't find anymore I had
> modified the scripts to this instead of using %posttrans:
> %post
> semanage fcontext -a -t mongod_var_lib_t \
> "%{_sharedstatedir}/unifi/logs(/.*)?" 2>/dev/null || :
> semanage fcontext -a -t mongod_var_lib_t \
> "%{_sharedstatedir}/unifi/data(/.*)?" 2>/dev/null || :
> restorecon -R %{_sharedstatedir}/unifi/logs || :
> restorecon -R %{_sharedstatedir}/unifi/data || :
> semanage port -m -t mongod_port_t 27117 || :
>
> %postun
> if [ $1 -eq 0 ] ; then # final removal
> semanage fcontext -d -t mongod_var_lib_t \
> "%{_sharedstatedir}/unifi/logs(/.*)?" 2>/dev/null || :
> semanage fcontext -d -t mongod_var_lib_t \
> "%{_sharedstatedir}/unifi/data(/.*)?" 2>/dev/null || :
> fi
>
> Thanks,
> Richard
>
>
That should work. You could speed it up by combining both semange
fcontext lines into a single transaction. Something like.
semanage -S targeted -i - << _EOF
fcontext -a -t mongod_var_lib_t "%{_sharedstatedir}/unifi/logs(/.*)?"
fcontext -a -t mongod_var_lib_t "%{_sharedstatedir}/unifi/data(/.*)?"
_EOF 2>/dev/null || :
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20140616/8ebf5079/attachment.html>
More information about the users
mailing list