Re: Clean install of Fedora 39 on Dell notebook was working, but recent update not getting 50 selerts??

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 12/9/23 07:36, Michael D. Setzer II via users wrote:

On 9 Dec 2023 at 18:02, Tim wrote:

Subject:        	Re: Clean install of Fedora 39 on Dell notebook
was working, but
	recent update not getting 50 selerts??
From:           	Tim <ignored_mailbox@xxxxxxxxxxxx>
To:             	mikes@xxxxxxxx, Community support for Fedora
users
  	<users@xxxxxxxxxxxxxxxxxxxxxxx>
Date sent:      	Sat, 09 Dec 2023 18:02:43 +1030

Did a dnf reinstall * to see if maybe somethings had installed
before something else. Then reenabled selinux and rebooted.
Originally go then 50 messages again that seemed to be same.
Unfortunately, the setrouble browser has a option to show the 50
messages summary, but I can do a ctrl-a to highlight them all but
ctrl-C does not work to copy them..
Deleted them all. They didn't immediately come back.
Did just get 12 pop up, and these are for sshd and mandb?

last one is mandb
setattr
index.db

SELINUX Alert browser doesn't let on copy top part or if you were
trying part? also doesn't let copy the list of all info??

Does let one copy this part, but have no clue what FILE_TYPE
would be used, or where this index.db file is located?

First 3 are sshd with read, open, getattr all with inactive.mod
Then 9 with mandb with create, write, ioctl, read, open, rename,
unlink, lock, setattr. with 29605, 29605, xscreensaver.1.gz (3
times), 29605, index.db, 29605, index.db.

Did have 2 earlier ones that were with boinc, and talked about
missing selinux type boinc_t??

Since can't copy stuff from here is what would copy for last one?


You need to change the label on index.db
# semanage fcontext -a -t FILE_TYPE 'index.db'
where FILE_TYPE is one of the following: boot_t, cert_t, device_t,
dhcpc_state_t, etc_aliases_t, etc_mail_t, etc_runtime_t, faillog_t,
fonts_t, getty_lock_t, httpd_lock_t, initrc_state_t, initrc_tmp_t,
initrc_var_log_t, initrc_var_run_t, ipsec_mgmt_lock_t,
ipsec_var_run_t, iptables_lock_t, krb5_host_rcache_t,
krb5kdc_lock_t, lastlog_t, local_login_lock_t, locale_t, lvm_lock_t,
mnt_t, net_conf_t, postgresql_db_t, postgresql_lock_t,
semanage_read_lock_t, semanage_trans_lock_t, sshd_key_t,
sysctl_fs_t, sysctl_t, system_conf_t, system_dbusd_var_lib_t,
systemd_passwd_var_run_t, udev_rules_t, udev_var_run_t,
user_home_dir_t, user_home_t, var_lib_t, var_lock_t, var_log_t,
var_spool_t, wtmp_t, xdm_lock_t.
Then execute:
restorecon -v 'index.db'
The files should inherit either the label of the directory they're created in, or if a specific context has been set for a filename, it should get that context.
Normally, if something's incorrectly labeled, you can just restorecon -v the file to see what it was changed to. In this example, I created an index.html in root's home directory and them moved it to /var/www/html. When I restorecon -vR /var/www it shows me what it WAS labeled, and what it was changed to: 

[root@haproxy ~]# restorecon -vR /var/www/
Relabeled /var/www/html/index.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0
So if you're getting errors on mislabeled files, the first bet is to just do a restorecon -v on it, or restorecon -vR on the parent directory.
https://www.youtube.com/watch?v=_WOKRaM-HI4 for a less than 45 minute lesson on the basics of SELinux.
If you're running something which was compiled from source, for instance, it may not understand what SELinux label it's supposed to have, or even just not understand SELinux.
You might want to set the app to run unconfined. Description on how to do this is here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/selinux_users_and_administrators_guide/index#sect-Security-Enhanced_Linux-Targeted_Policy-Unconfined_Processes 

Hope this is helpful.

Thomas
--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux