Why did SELinux relable my filesystem?
by Steven P. Ulrick
Hello, Everyone
During my most recent re-boot, SELinux relabled my entire filesystem.
Which would be fine, except for the fact that I have SELinux disabled
on my system:
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - No SELinux policy is loaded.
> SELINUX=disabled
> # SELINUXTYPE= can take one of these two values:
> # targeted - Targeted processes are protected,
> # minimum - Modification of targeted policy. Only selected
> processes are protected. # mls - Multi Level Security protection.
> SELINUXTYPE=targeted
Why did SELinux, which is disabled on my system, spend all that time re-labeling my filesystem?
Steven P. Ulrick
10 years, 3 months
fedup and selinux
by Bill Murray
Dear all,
I had trouble persuading 'fedup --network 20' to run on my f19
laptop. It install all the files and gets ready. Then it boots and gets
as far as:
[ OK ] Started trigger flushing of journal to persistent storage
[ OK ] Started Forward Password Requests to Plymouth
[ OK ] Started Forward Password Requests to Plymouth
[ OK] Started Recreate Volatile files and Directories
There are then 3 lines of selinux permission denied. But no problem,
selinux is set permissive anyway.
Earlier on I see 'dracut-initqueue[400] failed to issue method call:
Access denied'
However, when I add selinux=0 to the command line..installation proceeds.
This is very odd - selinux was in permissive mode.
This is a bug I think?
Bill
--
Bill Murray ---- ATLAS
STFC/Warwick at: Bat 40-4-C26, CERN,1211 Meyrin, Geneve 23, Switzerland
Tel:- CERN +41 22 7678432
10 years, 3 months
Reverse E-Mail Blockage.....
by EGO-II.1
Hello you Ferdorans! (FedorIANS?...) I have a question,.....now....we
all know that there's ways to block unwanted email from your system
using Message Filters, and they work by blocking a certain domain or
email address and prevent them from hitting your Inbox, I would like to
know if anyone knows of a way to filter your messages in a sort of
"reverse" order.....in other words instead of me telling the Mail Filter
Rule: Block anything with the email address of (ABC@123) I would like it
to be "Allow everything from (123@ABC) and block "Everything Else"...how
would one go about doing this using Fedora 20 and Thunderbird? Any help
would be greatly appreciated
Thank You
EGO II
10 years, 3 months
Re: failed to ..
by Patrick Dupre
Hello,
I tried to set relabel by using system-config-selinux,
but nothing happens I have to keep selinux=0 to be able to boot!
>
> On Sat, 28 Dec 2013 16:28:33 +0100, Patrick Dupre wrote:
>
> > (I did not have a rsync command on the gparted live distribution that I have)
>
> Does its "cp" command copy SELinux file contexts?
>
> > And I get always the same behavior:
> > failed to start .......
> > create static device modes in /dev
> > journal service
> > open pack file: permission denied
>
> Is this with SELinux enforcing or permissive or disabled?
> --
> users mailing list
> users(a)lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
===========================================================================
Patrick DUPRÉ | | email: pdupre(a)gmx.com
Laboratoire de Physico-Chimie de l'Atmosphère | |
Université du Littoral-Côte d'Opale | |
Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44
189A, avenue Maurice Schumann | | 59140 Dunkerque, France
===========================================================================
10 years, 3 months
GNOME questions on fc20
by Alex
Hi, I have fc20 installed successfully on my desktop.
How can I configure the clock at the top to show the date? Why would
it be so difficult to do such a simple thing? I googled a bit, and saw
a reference to editing dateMenu.js, but the suggestions didn't work. I
can't believe I'd have to edit a text file to adjust the clock?!
I get the whole thing with not being able to (easily) minimize
applications. I know I can also switch between them with alt-tab. I
also know I can select them from "Activities", but that's an extra two
steps. Is there any way to "dock" apps like we used to be able to, so
I can select them with the mouse to choose between them?
Thanks,
Alex
10 years, 3 months
Re: F20 Installs Fail From Every Angle
by Brian Hanks
On Mon, 30 Dec 2013 19:47:30 +0100, Michael Schwendt wrote:
> So, there are no repos that offer updates for those three packages?
> Or is fedup unable to handle 3rd party repos?
>
> Other than that, please don't add my name to the mail's subject line
> in such a misleading/ambiguous way. Thank you.
My apologies for leaving your name in the Subject line. It was a copy
paste error that has been perpetuated as others have replied.
The RPMFusion repos do have the proper VirtualBox packages, so it seems
that fedup is not looking at the 3rd party repos that I have configured.
Interestingly, I found this on the Fedora FedUp Wiki page:
*Will packages in third party repositories be upgraded?*
Yes, if they are set up like regular yum repositories and do not
hard code the repository path. Commonly-used third party
repositories usually work fine, but if you attempt to upgrade prior
to or soon after an official Fedora release, they may not have
updated their repository paths yet, and FedUp may be unable to find
their packages. This will usually not prevent the upgrade running
successfully, though, and you can update the packages from the
third-party repository later.
After reading this, I checked my RPMFusion repos and found that none are
hard-coded. All are using the $releasever variable, and all resolve to
valid repos with the proper packages available. My assumption is that
something isn't working as described.
Brian
10 years, 3 months
Limiting disk usage by journald
by Suvayu Ali
Hi,
On one of my systems, journald is using over 1 gig of disk space. So I
tried to limit it in /etc/systemd/journald.conf like this:
[Journal]
#SystemMaxUse=1.0G
SystemMaxFileSize=1.0G
However it seems to be ignored. After a
# systemctl restart systemd-journald.service
I see the following:
Dec 31 18:45:01 <hostname> systemd-journal[13137]: Permanent journal is using 1.4G (max 4.0G, leaving 4.0G of free 78.5G, current limit 4.0G).
Dec 31 18:45:01 <hostname> systemd-journal[13137]: Journal started
What should I do to limit the journal size?
Thanks for any ideas,
--
Suvayu
Open source is the future. It sets us free.
10 years, 3 months
kickstart variables?
by Stephen Berg (Contractor)
Is there a list of available variables when doing a kickstart install?
I'm working up a kickstart for F20 and got curious if there's any that
anaconda sets by default. I know that you can use $releasever and
$basearch when defining repos. A few that I'd like to use if they exist
would be:
$mac (MAC address of the active network connection)
$ip (current IP address)
$nic (the name of the active network card, eno1, em1, eth0 or whatever)
The intent here is to do a kickstart install and end up with a system
that has eth0 as the NIC name. MatLab from Mathworks wants to see eth0
when it does it's licensing thing. I can easily get the system using
eth0 after install, but if I could set it up that way from the kickstart
it would save me some time on new installs and re-installs.
--
Stephen Berg
Systems Administrator
NRL Code: 7320
Office: 228-688-5738
stephen.berg.ctr(a)nrlssc.navy.mil
10 years, 3 months
fedup F18 => F20 failed, can't find (encrypted) partitions
by Dave Mitchell
I just tried doing a fedup F18 to F20; the fedup itself worked fine
(apart from from a few warnings about GPG keys), but booting from the
'System Upgrade' grub entry failed early on, not being able to find
any of my system's filesystems. I suspect this is due to them being LUKS
encrypted (these filesystems were all created by the F18 anaconda
installer using the defaults and ticking 'Encrypt').
Under F18:
# rpm -q fedup
fedup-0.8.0-3.fc18.noarch
# hostname
robin
# df -h
Filesystem Size Used Avail Use% Mounted on
devtmpfs 3.9G 0 3.9G 0% /dev
tmpfs 3.9G 196K 3.9G 1% /dev/shm
tmpfs 3.9G 5.3M 3.9G 1% /run
tmpfs 3.9G 0 3.9G 0% /sys/fs/cgroup
/dev/mapper/fedora_robin-root 50G 8.7G 38G 19% /
tmpfs 3.9G 44K 3.9G 1% /tmp
/dev/sda2 477M 248M 200M 56% /boot
/dev/sda1 200M 7.9M 192M 4% /boot/efi
/dev/mapper/fedora_robin-home 178G 54G 116G 32% /home
# cat /etc/crypttab
luks-ffa7256c-bd83-40f6-ba54-40db40e60cf2 UUID=ffa7256c-bd83-40f6-ba54-40db40e60cf2 none
When booting from the 'System Upgrade' boot entry, the screen clears, then
(in text mode) I get the following (this is hand-typed):
[ 4.797465] dracut-initqueue[426]: Failed to issue method call: Access denied
[ OK ] Started Show Plymouth Boot Screen
[ OK ] Reached target paths
It then sat doing nothing for a few minutes; I then pressed ESC, and the
following extra appeared:
[ 4.797465] dracut-initqueue[426]: Failed to issue method call: Access denied
[ OK ] Started Show Plymouth Boot Screen
[ OK ] Reached target paths
[ 197.600895] dracut-initqueue[426]: Warning: Could not boot.
[ 4.797465] dracut-initqueue[426]: Failed to issue method call: Access denied
[ OK ] Started Show Plymouth Boot Screen
[ OK ] Reached target paths
[ 197.600895] dracut-initqueue[426]: Warning: Could not boot.
[ 197.604308] dracut-initqueue[426]: Warning: /dev/fedora_robin/root does not exist
[ 197.604902] dracut-initqueue[426]: Warning: /dev/fedora_robin/swap does not exist
[ 197.605328] dracut-initqueue[426]: Warning: /dev/mapper/fedora_robin-root does not exist
Starting Dracut Emergency Shell...
Warning: /dev/fedora_robin/root does not exist
Warning: /dev/fedora_robin/swap does not exist
Warning: /dev/mapper/fedora_robin-root does not exist
Generating "/run/initramfs/rdsosreport.txt"
Entering emergency mode. Exit the shell to continue.
Type "journalctl" to view system logs.
You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or
/boot
after mounting them and attach it to a bug report.
The "/run/initramfs/rdsosreport.txt" file is 1400 lines long, so I haven't
attached it here; however, perusing it, this line stands out:
[ 4.797399] localhost systemd[1]: Failed to get security context on /etc/crypttab: No such file or directory
Anyone got any ideas what I should do next?
--
Red sky at night - gerroff my land!
Red sky at morning - gerroff my land!
-- old farmers' sayings #14
10 years, 3 months