search for: load_policy

Displaying 20 results from an estimated 103 matches for "load_policy".

2015 May 15
5
[PATCH 0/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1212807
2009 Aug 11
1
selinux question and answer
...ussion that happened on IRC ... We talked to some SELinux experts about what was required to make SELinux work with libguestfs, and it seems reasonably simple to load the policy from the guest filesystem. All that needs to be done is to mount the guest disks up and then run: sh "/usr/sbin/load_policy -i" That command also mounts up <sysroot>/selinux, so that solves the other problem they raised. I wasn't completely sure how to test this was actually working. My best effort was to try to run some commands that would label files. This is using a fresh Fedora 11 install that has...
2015 May 15
0
[PATCH 2/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds (RHBZ#1212807).
...customize/customize_run.ml index 0f1d72a..cd4616c 100644 --- a/customize/customize_run.ml +++ b/customize/customize_run.ml @@ -338,15 +338,19 @@ exec >>%s 2>&1 if ops.flags.selinux_relabel then ( msg (f_"SELinux relabelling"); - let cmd = sprintf " - if load_policy && fixfiles restore; then - rm -f /.autorelabel - else - touch /.autorelabel - echo '%s: SELinux relabelling failed, will relabel at boot instead.' - fi - " prog in - do_run ~display:"load_policy && fixfiles restore" cmd +...
2014 Jan 24
2
[PATCH 0/2] Implement virt-builder --selinux-relabel option.
Do SELinux relabelling properly.
2014 Jan 21
2
Re: virt-builder & virt-sysprep: Avoiding SELinux relabelling
On Tue, Jan 21, 2014 at 12:01:45PM -0500, R P Herrold wrote: > (5) it can do an additional step at very end of the post > install: > restorecon -R / This doesn't work on its own. I suspect this would work: load_policy && restorecon -R / except it gives an error for me: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory load_po...
2013 Jan 22
2
Re: Problems to start a xen DomU using a logical volume.
...em): Anyone knows what i need to do tho solve this problem? [root@xen]# xm create xen-pv01.cfg -c Using config file "./xen-pv01.cfg". . . . EXT3-fs (xvda1): mounted filesystem with ordered data mode dracut: Mounted root filesystem /dev/xvda1 *dracut: chroot: failed to run command `/sbin/load_policy'': No such file or directory* dracut: Switching root *Kernel panic - not syncing: Attempted to kill init! exitcode=0x00000100* Pid: 1, comm: switch_root Not tainted 3.7.1-3.el6xen.x86_64 #1 Call Trace: [<ffffffff8149d541>] panic+0xc4/0x1d6 [<ffffffff81047131>] do_exit+0x3a5/0...
2014 May 24
9
SELinux relabel API
...a thread: https://bugzilla.redhat.com/show_bug.cgi?id=1060423 That's not how we should do things. Let's discuss it on the mailing list. ] One thing that virt-customize/virt-sysprep/virt-builder have to do is relabel SELinux guests. What we do at the moment is run: if load_policy && fixfiles restore; then rm -f /.autorelabel else touch /.autorelabel echo '%s: SELinux relabelling failed, will relabel at boot instead.' fi while chrooted into the guest (using the 'guestfs_sh' API). This has a number of problems: -...
2018 Feb 07
1
[PATCH] customize: avoid Array.mem for now
...@@ open Printf module G = Guestfs +(* Simple reimplementation of Array.mem, available only with OCaml >= 40.3. *) +let array_find a l = + List.mem a (Array.to_list l) + let relabel (g : G.guestfs) = (* Is the guest using SELinux? *) if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" && @@ -44,7 +48,7 @@ let relabel (g : G.guestfs) = let config_path = "/files/etc/selinux/config" in let selinuxtype_path = config_path ^ "/SELINUXTYPE" in let keys = g#aug_ls config_path in - if Array.mem selinuxtype_path keys then...
2016 Feb 25
3
CentOS 7 SELinux issue
...inux support to my bitcoin package. Keep getting this on install: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. I Tried yum reinstall selinux-policy selinux-policy-targeted restorecon -R -v /etc/selinux as suggested on some mailing lists. Didn't work, same issue. How can I troubl...
2015 May 15
3
[PATCH v2 0/2] customize: Allow --selinux-relabel flag to work on cross-architecture builds.
Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1212807 Since v1: - Combine the virt-builder detection code into virt-customize. - Enables us to delete Architecture and Uname modules completely. Rich.
2014 Jan 21
2
virt-builder & virt-sysprep: Avoiding SELinux relabelling
A common problem that people have with virt-builder and virt-sysprep is which guests that use SELinux, like Fedora and RHEL. In both cases we touch /.autorelabel in the guest, which means the guest has to reboot once during its first boot. Recap: SELinux file labels -------------------------- SELinux requires that files have labels. Access to a file is controlled by the label on that file.
2016 Jul 13
0
[PATCH 5/5] lib: Deprecate old SELinux APIs, rewrite SELinux documentation.
...ng happens correctly -in SELinux guests, you need to enable SELinux and load the guest's -policy: - -=over 4 - -=item 1. - -Before launching, do: - - guestfs_set_selinux (g, 1); - -=item 2. - -After mounting the guest's filesystem(s), load the policy. This -is best done by running the L<load_policy(8)> command in the -guest itself: - - guestfs_sh (g, "/usr/sbin/load_policy"); - -(Older versions of C<load_policy> require you to specify the -name of the policy file). - -=item 3. - -Optionally, set the security context for the API. The correct -security context to use can onl...
2016 Jul 14
0
[PATCH v2 6/7] lib: Deprecate old SELinux APIs, rewrite SELinux documentation.
...ng happens correctly -in SELinux guests, you need to enable SELinux and load the guest's -policy: - -=over 4 - -=item 1. - -Before launching, do: - - guestfs_set_selinux (g, 1); - -=item 2. - -After mounting the guest's filesystem(s), load the policy. This -is best done by running the L<load_policy(8)> command in the -guest itself: - - guestfs_sh (g, "/usr/sbin/load_policy"); - -(Older versions of C<load_policy> require you to specify the -name of the policy file). - -=item 3. - -Optionally, set the security context for the API. The correct -security context to use can onl...
2013 Feb 13
4
[PATCH 0/3] FLASK policy build rework
These patches update the example FLASK policy shipped with Xen and enable its build if the required tools are present. The third patch requires rerunning autoconf to update tools/configure. [PATCH 1/3] flask/policy: sort dom0 accesses [PATCH 2/3] flask/policy: rework policy build system [PATCH 3/3] tools/flask: add FLASK policy to build
2016 Jul 14
10
[PATCH v2 0/7] Fix SELinux
v1 -> v2: - Add simple test of the setfiles API. - Use SELinux_relabel module in virt-v2v (instead of touch /.autorelabel). - Small fixes. Rich.
2020 May 05
3
[PATCH libguestfs-common 1/2] mlcustomize: Refactor SELinux_relabel code.
...08 100644 --- a/mlcustomize/SELinux_relabel.ml +++ b/mlcustomize/SELinux_relabel.ml @@ -28,65 +28,74 @@ module G = Guestfs let array_find a l = List.mem a (Array.to_list l) -let relabel (g : G.guestfs) = - (* Is the guest using SELinux? *) - if g#is_file ~followsymlinks:true "/usr/sbin/load_policy" && - g#is_file ~followsymlinks:true "/etc/selinux/config" then ( - (* Is setfiles / SELinux relabelling functionality available? *) - if g#feature_available [| "selinuxrelabel" |] then ( - (* Use Augeas to parse /etc/selinux/config. *) - g#aug_i...
2016 Jul 14
0
[PATCH v2 4/7] customize: Add module for doing SELinux relabel of filesystem.
...0d615 100644 --- a/customize/customize_run.ml +++ b/customize/customize_run.ml @@ -414,19 +414,7 @@ exec >>%s 2>&1 if ops.flags.selinux_relabel then ( message (f_"SELinux relabelling"); - if guest_arch_compatible then ( - let cmd = sprintf " - if load_policy && fixfiles restore; then - rm -f /.autorelabel - else - touch /.autorelabel - echo '%s: SELinux relabelling failed, will relabel at boot instead.' - fi - " prog in - do_run ~display:"load_policy && fixfiles restor...
2007 Dec 07
0
Working in linux, scheduler working mac 10.4, triggers don''t work
Thanks so much for backgroundrb, it''s nice to be able to keep the moving parts to a minimum. I''m noting some odd behavior on ruby 1.8.5, rails 1.2.5, backroundrb trunk on a macbook. When scheduling a task everything works perfectly, but triggers are not calling the methods, only blocking the background drb instance. Logs show no errors. Even more interesting is the fact that
2009 Aug 12
1
[PATCH] Add 'setcon', 'getcon' commands to set and get the SELinux context
These commands let you set and get the SELinux context of the daemon and all operations in the API and processes run from the daemon: $ ./fish/guestfish --ro -a /dev/mapper/vg_trick-F11x64 \ selinux 1 : \ run : \ mount /dev/vg_f11x64/lv_root / : \ sh "/usr/sbin/load_policy" : \ getcon : \ setcon "system_u:system_r:unconfined_t:s0" : \ getcon system_u:system_r:kernel_t:s0 system_u:system_r:unconfined_t:s0 Rich. -- Richard Jones, Emerging Technologies, Red Hat http://et.redhat.com/~rjones virt-df lists disk usage of guests without...
2006 Apr 18
3
SELinux modification
I installed SeLinux in warn mode. HOw do i check to see what it is wanring about? This wil help me in make a decision to turn it to active mode..:) -- My "Foundation" verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their