I logged in as user having privileges system_u user.
I tried changing the type of cheese application on ubuntu to userdefined
The camera device is of v4l_device_t type.
But i am still able to access camera. Please let me know how do i restrict
the usage of camera.
Thanks in advance
Is there any way to change the sensitivity/category on a network resource (interface, node, port) on a system without recompiling the policy? It appears that semanage only supports the label option for the 'user' subcommand.
Running RHEL 6.2
I've given a few talks on SELinux over the past year and I've spoken to
a bunch of people on google+ about SELinux and one topic keeps coming
up. Many people find semanage to be large and convoluted with the help
text being way to large to sort through. The latter part of the
complaint is easy to address. The code for argument parsing in semanage
(last time I checked) doesn't use things like argparse. If we switched
it over to argparse we could get per sub-command help messages that
would be more useful to people when they messed up a sub-command. Would
anyone be opposed if I spent the time to migrate semanage argument
parsing and help messages over to argparse or a similar library?
The second problem some people have is that semanage is a multiplexed
command. I'm not sure what the right way to approach this is. If we look
at other applications which are multiplexers we get a few examples.
Busybox is the first example and covers most of the discussion. The two
ways of invoking busybox is either busybox command_name arguments or
command_name arguments where command_name is a symlink to the busybox
binary. If we chose the latter way of handling it we would need to
decide on one of two ways of naming the sub-commands. The first method
would be to come up with a naming convention for the subcommands to
avoid collisions like selogin for semanage login or seusers for semanage
users etc. The second method would be to do what git use to do which is
prepend the tool name onto the subcommand. For example
semanage-fcontext, semanage-login, semanage-users etc... If we chose
this route then we'd need to investigate what git's reason for moving
away from it was and decide if it applies to our situation as well.
If we convert over to argparse for argument parsing it should be
trivial to do some processing on argv to extract out a subcommand
from a name and use the correct routines. I'm not sure that solving the
second problem gets us substantial gains or if having help messages that
are specific to each subcommand will help users more.
Does anyone have any thoughts about this?
Current CentOS 6.3
I get this. / is only 54%.
SELinux is preventing /usr/bin/perl from using the sys_resource capability.
***** Plugin sys_resource (91.4 confidence) suggests
If you do not want to get this AVC any longer. These AVC's are caused by
running out of resources, usually disk space on your / partition.
Then you must cleanup diskspace or make sure you are not running too many
clear up your disk.
Could someone at least FIX THE TEXT? I mean, it's junior high school, at
most: sentence fragments, etc.
Now, the real reason for the AVC is something I've yet to look into....
mark, grammar ninja
Matthew Miller wrote:
> On Fri, Dec 14, 2012 at 09:25:04AM -0500, m.roth(a)5-cent.us wrote:
>> However, I also see that a user was running R, and oom-killer was
>> invoked. My suspicion is that it's *not* disk space that's run out, as the
>> message suggests, but rather that the system ran out of memory, and the
>> gave the wrong information.
> Is this F18? It's not putting these on /tmp, is it?
As I left at the top of my email, CentOS 6.3, fully updated.
I set up a community page on Google+ for SELinux. All of the cool kids
seems to be using google+ now for open source related projects so I
figured it would be nice to have a community page where people could
post questions ,tutorials ,articles, etc...
I'm trying to pass an input file to semanage as recommended in http://danwalsh.livejournal.com/41593.html. I'm using RHEL 6.
I get the error "/usr/sbin/semanage: Could not start semanage transaction" when I execute the following:
semanage -i - << _EOF
However, "semanage user -l" works just fine. Any suggestions?
*Note that I'm just listing the users as an example of the concept.