Hi, folks,
We're working on several new CentOS 7 systems, moving users from CentOS 6. Now, the users have had some *sigh* custom stuff, like their own version of Perl (please do *not* ask, and I would *love* to get them off it, but....)
Anyway, in the directory it's in, I did a semanage fcontext -e /usr/bin, and now I'm seeing errors in the log of selinux complaining it can't find the rpm (because there's not one for this).
What's the correct way to deal with this - different labelling, a local policy, or ?
mark
On 05/16/2016 03:39 PM, m.roth@5-cent.us wrote:
Hi, folks,
Hi,
We're working on several new CentOS 7 systems, moving users fromCentOS 6. Now, the users have had some *sigh* custom stuff, like their own version of Perl (please do *not* ask, and I would *love* to get them off it, but....)
Anyway, in the directory it's in, I did a semanage fcontext -e /usr/bin, and now I'm seeing errors in the log of selinux complaining it can't find the rpm (because there's not one for this).
Could you attach exact command you used?
And also log with errors.
Thank you.
What's the correct way to deal with this - different labelling, a local policy, or ?
mark-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Lukas Vrabec wrote:
On 05/16/2016 03:39 PM, m.roth@5-cent.us wrote:
We're working on several new CentOS 7 systems, moving users fromCentOS 6. Now, the users have had some *sigh* custom stuff, like their own version of Perl (please do *not* ask, and I would *love* to get them off it, but....)
Anyway, in the directory it's in, I did a semanage fcontext -e /usr/bin, and now I'm seeing errors in the log of selinux complaining it can't find the rpm (because there's not one for this).
Could you attach exact command you used?
semanage fcontext -m -e /usr/local/<user's path>/bin /usr/bin
And also log with errors.
setroubleshoot: failed to retrieve rpm info for /usr/local/<user's path/bin/perl
Thanks!
mark
What's the correct way to deal with this - different labelling, a local policy, or ?
mark-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
On 05/16/2016 05:26 PM, m.roth@5-cent.us wrote:
Lukas Vrabec wrote:
On 05/16/2016 03:39 PM, m.roth@5-cent.us wrote:
We're working on several new CentOS 7 systems, moving users fromCentOS 6. Now, the users have had some *sigh* custom stuff, like their own version of Perl (please do *not* ask, and I would *love* to get them off it, but....)
Anyway, in the directory it's in, I did a semanage fcontext -e /usr/bin, and now I'm seeing errors in the log of selinux complaining it can't find the rpm (because there's not one for this).
Could you attach exact command you used?
semanage fcontext -m -e /usr/local/<user's path>/bin /usr/bin
And also log with errors.
setroubleshoot: failed to retrieve rpm info for /usr/local/<user's path/bin/perl
Hi Mark, could we make sure you get right labels in /usr/local/<user's path>/bin for rpm?
$ ls -lZ /usr/local/<user's path>/bin/rpm
Thank you.
Thanks!
markWhat's the correct way to deal with this - different labelling, a local policy, or ?
mark-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- Lukas Vrabec SELinux Solutions Red Hat, Inc. -- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
-- selinux mailing list selinux@lists.fedoraproject.org http://lists.fedoraproject.org/admin/lists/selinux@lists.fedoraproject.org
Lukas Vrabec wrote:
On 05/16/2016 03:39 PM, m.roth@5-cent.us wrote:
We're working on several new CentOS 7 systems, moving users fromCentOS 6. Now, the users have had some *sigh* custom stuff, like their own version of Perl (please do *not* ask, and I would *love* to get them off it, but....)
Anyway, in the directory it's in, I did a semanage fcontext -e /usr/bin, and now I'm seeing errors in the log of selinux complaining it can't find the rpm (because there's not one for this).
What's the correct way to deal with this - different labelling, a local policy, or ?
*Speaking* of could not find rpm... we're required to use, for some websites, CA's SiteMinder. Now, I could go off on a rant about how CA, that's the megacompany, Computer Associates) are utterly clueless and incompetent... no, I *will* have a short rant: the damn stuff is a tarball, *not* a package, *and* it knows nothing whatever about selinux, so forget having a CA-provided SiteMinder selinux policy... anyway, that stuff is installed in /opt, and with no policy... do I have to do what I was doing before, with special local policies on the machines it runs on, to make setroubleshoot stop complaining it can't find the .rpm, or...?
mark
selinux@lists.fedoraproject.org
-
Lukas Vrabec -
mark -
Miroslav Grepl