-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 04/25/2013 04:54 AM, Johan Vermeulen wrote:
>
>
>
>
> Op 24-04-13 22:53, m.roth@xxxxxxxxx schreef:
>> John R. Dennison wrote:
>>> On Wed, Apr 24, 2013 at 03:06:11PM -0400, Daniel J Walsh wrote:
>>>> Disabling SELinux is not going to fix your problem. Since the field
>>>> is just showing you that you have extended attibutes assigned to yr
>>>> files.
>>>>
>>>> Why not just script around it.
>>>>
>>>> ls -l | sed 's/\. / /g'
>>>>
>>>> Would replace all ". " from your output.
>>> Because that would be too easy and people absolutely love to shoot
>>> themselves in the face by disabling selinux. Because it is, as we all
>>> know, ridiculously hard to manage.
>> Don't get me started. I'm fighting it regularly. For example, SELinux is
>> preventing /usr/bin/perl from getattr access on the file
>> /sys/devices/system/node/node0/meminfo. For complete SELinux messages.
>>
>> And yes, I did post a few things to the selinux list....
>>
>> mark
>>
>> _______________________________________________ CentOS mailing list
>> CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
>
> Dear All,
>
> thanks again for the reactions.
>
> This is the NetworkManager script I'm trying to use:
>
> ----------------------------------------------------- #!/bin/sh
>
> export LC_ALL=C
>
> if [ "$2" = "down" ]; then exit0 fi
>
> if [ "$2" = "up" ]; then #LAN Subnet at work NETMASK="192.168.66.128/25" if
> [ -n "`/sbin/ip addr show $IF to $NETMASK`" ]; then
>
> rsync -azvp /home/james/ 192.168.66.129:/home/jvermeulen
>
See if chcon -t bin_t /usr/bin/rsync solves your problem.
I believe that NetworkManager runs its helper scripts as initrc_t which is an
unconfined domains, except that when it executes rsync, it transition to a
confined rsync server domain(rsync_t). Changing the context to bin_t would
eliminate the transition and leave rsync running in initrc_t.
> fi fi
>
> --------------------------------------------------------------------------------------------------------------------------------
>
> as far as I can test this at the moment, it works without Selinux and
> doesn't work with Selinux enabled.
>
> I also want Selinux enabled. So I will do some searching on how to make it
> work with Selinux.
>
> Greetings, J.
>
> _______________________________________________ CentOS mailing list
> CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlF5JlAACgkQrlYvE4MpobN/FgCfRbN/kbhKTlkuEt9LsD5cIdWN
eRQAoMNhwlUIebj9gI1Vh1iCrAiq5kWD
=8yid
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
