Re: support term for Fedora 34

[Rahul Sundaram]

Hi

On Wed, Jan 5, 2022 at 11:30 PM Ben Cotton wrote:

> In addition to fixing the typo, I also de-indented the "Supported
> Releases" and "EOL Releases" (thus removing the "Old Releases") in the
> navigation bar to help make things more clear.
>

Quick note:  The gmane link in that page is dead because gmane itself is
unfortunately gone.  I added this page and the link to the wiki years back
but I am not as familiar with the current process for pushing updates.   So
please fix that link.  Might be helpful to also automatically check for
dead links on docs periodically

Rahul
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: SELinux is preventing mktemp from using the dac_read_search capability.

[Samuel Sieb]

On 1/5/22 18:18, Robert Moskowitz wrote:

On 1/5/22 21:16, Ed Greshko wrote:

On 06/01/2022 09:25, Robert Moskowitz wrote:



On 1/5/22 17:17, Ed Greshko wrote:

On 05/01/2022 21:02, Robert Moskowitz wrote:


If you want to help identify if domain needs this access or you 
have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the 
offending file and generate the error again.

Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix 
it,

otherwise report as a bugzilla.


These instructions could be useful to find out what it's trying to access.


Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023



# ls -Z /usr/sbin/logwatch
system_u:object_r:bin_t:s0 /usr/sbin/logwatch


This isn't really useful.  The problem is that it's being run from the 
context listed above and that's what is being denied.  Depending on what 
it's trying to access, it might be an issue for the selinux policy.


Are you running it as a systemd service or running it from cron?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Slade Watkins via users]

On 1/5/2022 8:47 PM, Robert Moskowitz wrote:
> 
> Three approaches:
> 
> Upgrade 1 release close to the EOL of current release.  This way you are 
> moving to a mature release.

I generally like to recommend staying 1 release behind for stability... but as 
you note:

> 
> Choose your poison.

it's ultimately up to you.

slade
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Next notebook

[Robert Moskowitz]

Oh, and 4 year old unit from ebay is good.  I really don't like buying 
new and paying new prices.


On 1/5/22 21:43, Robert Moskowitz wrote:
I am currently using Lenovo Thinkpad x140e with 4Gb mem.  I have 3, 2 
for Fedora and 1 for Win10.  The Fedora ones have been upgraded with 
500Gb SSD drives.


I like Thinkpads for the eraser head pointer device. and x140e for the 
12" monitor format (works well in airplane seats).


But what next to replace the circa 2013 device?

I have tried to figure this out from the Lenovo site.  It was easy 
figuring out going from the x120e (got 4 of those still) to the x140e, 
but I don't see the upgrade path from the x140e.


Anyone here familiar with Lenovo to help me?

I figure scouting around and having it ready for the F36 install.

thanks

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Next notebook

[Robert Moskowitz]

I am currently using Lenovo Thinkpad x140e with 4Gb mem.  I have 3, 2 
for Fedora and 1 for Win10.  The Fedora ones have been upgraded with 
500Gb SSD drives.


I like Thinkpads for the eraser head pointer device. and x140e for the 
12" monitor format (works well in airplane seats).


But what next to replace the circa 2013 device?

I have tried to figure this out from the Lenovo site.  It was easy 
figuring out going from the x120e (got 4 of those still) to the x140e, 
but I don't see the upgrade path from the x140e.


Anyone here familiar with Lenovo to help me?

I figure scouting around and having it ready for the F36 install.

thanks

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Tom Horsley]

On Wed, 5 Jan 2022 21:12:04 -0500
Robert Moskowitz wrote:

> that sounds interesting, but don't you also need separate / partitions 
> with all the release specific software?

Yep. My actual scheme has a tiny grub2 stand alone partition
which uses the "configfile" grub command to be able to boot
one or the other. I install by installing inside a KVM virtual
machine from the DVD image, then use guestmount and rsync to copy
the virtual image to the partion I want it in. Edit a few places
that refer to UUIDs and I can boot it in the new location. The
/ partition is setup with /boot under it, so the KVM install
is just to /, no other partitions created.

I have no idea if this scheme could work under EFI, bur it works
great with old DOS BIOS.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: SELinux is preventing mktemp from using the dac_read_search capability.

[Robert Moskowitz]

On 1/5/22 21:16, Ed Greshko wrote:

On 06/01/2022 09:25, Robert Moskowitz wrote:



On 1/5/22 17:17, Ed Greshko wrote:

On 05/01/2022 21:02, Robert Moskowitz wrote:

I keep getting these errors.

I got them back with F32 and Xfce, and now with F35 and Xfce.

I asked on the SElinux list, but no one seems to be home.

Here is the full detail; it looks like it may be logwatch causing 
the problem.  What do I do to fix this?


===

SELinux is preventing mktemp from using the dac_read_search 
capability.


*  Plugin dac_override (91.4 confidence) suggests 
**


If you want to help identify if domain needs this access or you 
have a file with the wrong permissions on your system
Then turn on full auditing to get path information about the 
offending file and generate the error again.

Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix 
it,

otherwise report as a bugzilla.

*  Plugin catchall (9.59 confidence) suggests 
**


If you believe that mktemp should have the dac_read_search 
capability by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp

Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Objects    Unknown [ capability ]
Source    mktemp
Source Path   mktemp
Port  
Host  lx140e.htt-consult.com
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Selinux Enabled   True
Policy Type   targeted
Enforcing Mode    Enforcing
Host Name lx140e.htt-consult.com
Platform  Linux lx140e.htt-consult.com
  5.15.11-200.fc35.x86_64 #1 SMP Wed 
Dec 22 15:41:11

  UTC 2021 x86_64 x86_64
Alert Count   13912
First Seen    2021-11-15 03:27:05 EST
Last Seen 2022-01-02 03:09:16 EST
Local ID 2ef8a1a9-ddf5-42cc-b5dc-c08354265cc8

Raw Audit Messages
type=AVC msg=audit(1641110956.728:1612): avc:  denied  { 
dac_read_search } for  pid=24078 comm="dotlockfile" capability=2 
scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tclass=capability permissive=0



Hash: 
mktemp,logwatch_mail_t,logwatch_mail_t,capability,dac_read_search


Before doing as suggested in the sealert output.

What is the output of "ls -Z /usr/bin/dotlockfile" and "ls -X 
/usr/bin/mktemp"?


# ls -Z /usr/bin/dotlockfile
system_u:object_r:bin_t:s0 /usr/bin/dotlockfile

# ls -X /usr/bin/mktemp
/usr/bin/mktemp




Ooops  I made a typo.

What is "ls -Z /usr/bin/mktemp" and also "ls -Z /usr/sbin/logwatch".


# ls -Z /usr/bin/mktemp
system_u:object_r:bin_t:s0 /usr/bin/mktemp

# ls -Z /usr/sbin/logwatch
system_u:object_r:bin_t:s0 /usr/sbin/logwatch


___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: SELinux is preventing mktemp from using the dac_read_search capability.

[Ed Greshko]

On 06/01/2022 09:25, Robert Moskowitz wrote:



On 1/5/22 17:17, Ed Greshko wrote:

On 05/01/2022 21:02, Robert Moskowitz wrote:

I keep getting these errors.

I got them back with F32 and Xfce, and now with F35 and Xfce.

I asked on the SElinux list, but no one seems to be home.

Here is the full detail; it looks like it may be logwatch causing the problem.  
What do I do to fix this?

===

SELinux is preventing mktemp from using the dac_read_search capability.

*  Plugin dac_override (91.4 confidence) suggests **

If you want to help identify if domain needs this access or you have a file 
with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and 
generate the error again.
Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

*  Plugin catchall (9.59 confidence) suggests **

If you believe that mktemp should have the dac_read_search capability by 
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp

Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Objects    Unknown [ capability ]
Source    mktemp
Source Path   mktemp
Port  
Host  lx140e.htt-consult.com
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Selinux Enabled   True
Policy Type   targeted
Enforcing Mode    Enforcing
Host Name lx140e.htt-consult.com
Platform  Linux lx140e.htt-consult.com
  5.15.11-200.fc35.x86_64 #1 SMP Wed Dec 22 15:41:11
  UTC 2021 x86_64 x86_64
Alert Count   13912
First Seen    2021-11-15 03:27:05 EST
Last Seen 2022-01-02 03:09:16 EST
Local ID 2ef8a1a9-ddf5-42cc-b5dc-c08354265cc8

Raw Audit Messages
type=AVC msg=audit(1641110956.728:1612): avc:  denied  { dac_read_search } for  pid=24078 
comm="dotlockfile" capability=2 
scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tclass=capability permissive=0


Hash: mktemp,logwatch_mail_t,logwatch_mail_t,capability,dac_read_search


Before doing as suggested in the sealert output.

What is the output of "ls -Z /usr/bin/dotlockfile" and "ls -X /usr/bin/mktemp"?


# ls -Z /usr/bin/dotlockfile
system_u:object_r:bin_t:s0 /usr/bin/dotlockfile

# ls -X /usr/bin/mktemp
/usr/bin/mktemp




Ooops  I made a typo.

What is "ls -Z /usr/bin/mktemp" and also "ls -Z /usr/sbin/logwatch".

--
Did 황준호 die?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Robert Moskowitz]

On 1/5/22 21:03, Tom Horsley wrote:

On Wed, 5 Jan 2022 20:47:06 -0500
Robert Moskowitz wrote:


Three approaches:

I go with the 4th approach: Keep two separate boot partitions and
upgrade right away in one of them so I can go back to previous
version trivially if it turns out something is horribly wrong.

I running fedora 35 now with no problems, when 36 comes along I'll
install it where 34 currently lives (and hasn't been used since I switched
to 35).


that sounds interesting, but don't you also need separate / partitions 
with all the release specific software?


And only /home and swap partitions can be shared?

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Tom Horsley]

On Wed, 5 Jan 2022 20:47:06 -0500
Robert Moskowitz wrote:

> Three approaches:

I go with the 4th approach: Keep two separate boot partitions and
upgrade right away in one of them so I can go back to previous
version trivially if it turns out something is horribly wrong.

I running fedora 35 now with no problems, when 36 comes along I'll
install it where 34 currently lives (and hasn't been used since I switched
to 35).
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

F35 HP-toolbox in Xfce

[Robert Moskowitz]

I notice that when I use HP-toolbox (normally to get to scanning from my 
network attached printer) that when I close the toobox an icon that 
looks like a lightbulb stays on the system tray.


It has a 'quit' option when I right click on it, but it never seems to 
quit.  It just stays there, reporting anything I send to my printer.


Seems like a bug?

thanks
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Robert Moskowitz]

On 1/4/22 18:20, Slade Watkins via users wrote:

hi,

Until when will Fedora 34 be supported?

if I recall correctly, the End of Life (EOL) date is May 17th, 2022. someone 
else on the list can correct me if I am wrong though.


Is it highly recommended that I upgrade to Fedora 35 at this point?

would worry about it closer to EOL.


Three approaches:

Upgrade 1 release close to the EOL of current release.  This way you are 
moving to a mature release.


Upgrade 2 releases typically at EOL of current release.  This lessens 
the number of upgrades, but means moving to a immature release.


Upgrade 2 releases some 3 months past EOL of current release.  This 
lessens the number of upgrades, and you move to a somewhat mature 
release.  But means operating without any updates (especially security 
related) for this period of time.


Choose your poison.

I normally go with choice 2 but often delay and end up with choice 3.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: SELinux is preventing mktemp from using the dac_read_search capability.

[Robert Moskowitz]

On 1/5/22 17:17, Ed Greshko wrote:

On 05/01/2022 21:02, Robert Moskowitz wrote:

I keep getting these errors.

I got them back with F32 and Xfce, and now with F35 and Xfce.

I asked on the SElinux list, but no one seems to be home.

Here is the full detail; it looks like it may be logwatch causing the 
problem.  What do I do to fix this?


===

SELinux is preventing mktemp from using the dac_read_search capability.

*  Plugin dac_override (91.4 confidence) suggests 
**


If you want to help identify if domain needs this access or you have 
a file with the wrong permissions on your system
Then turn on full auditing to get path information about the 
offending file and generate the error again.

Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

*  Plugin catchall (9.59 confidence) suggests 
**


If you believe that mktemp should have the dac_read_search capability 
by default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp

Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Objects    Unknown [ capability ]
Source    mktemp
Source Path   mktemp
Port  
Host  lx140e.htt-consult.com
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Selinux Enabled   True
Policy Type   targeted
Enforcing Mode    Enforcing
Host Name lx140e.htt-consult.com
Platform  Linux lx140e.htt-consult.com
  5.15.11-200.fc35.x86_64 #1 SMP Wed Dec 
22 15:41:11

  UTC 2021 x86_64 x86_64
Alert Count   13912
First Seen    2021-11-15 03:27:05 EST
Last Seen 2022-01-02 03:09:16 EST
Local ID 2ef8a1a9-ddf5-42cc-b5dc-c08354265cc8

Raw Audit Messages
type=AVC msg=audit(1641110956.728:1612): avc:  denied  { 
dac_read_search } for  pid=24078 comm="dotlockfile" capability=2 
scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tclass=capability permissive=0



Hash: mktemp,logwatch_mail_t,logwatch_mail_t,capability,dac_read_search


Before doing as suggested in the sealert output.

What is the output of "ls -Z /usr/bin/dotlockfile" and "ls -X 
/usr/bin/mktemp"?


# ls -Z /usr/bin/dotlockfile
system_u:object_r:bin_t:s0 /usr/bin/dotlockfile

# ls -X /usr/bin/mktemp
/usr/bin/mktemp

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Re: Upgrading Containerized ds-389

[Steven Falzon]

Perfect, thankyou so much! 


From: William Brown 
Sent: Thursday, January 6, 2022 10:39 AM
To: 389-users@lists.fedoraproject.org <389-users@lists.fedoraproject.org>
Subject: [389-users] Re: Upgrading Containerized ds-389



> On 6 Jan 2022, at 08:49, Steve F  wrote:
>
> Hello,
>
> I am in the process of building my own container containing ds-389, using 
> this docker file as the initial guidance -> 
> https://build.opensuse.org/package/view_file/home:firstyear/389-ds-container/Dockerfile?expand=1
>  (and using /usr/lib/dirsrv/dscontainer to bootstrap the image and bring up 
> the container)
>
> I am having a think about the upgrade process for this instance. If I am 
> storing the schema/relevant files on persistent storage, will 
> /usr/lib/dirsrv/dscontainer be smart enough to upgrade the backend on startup 
> if I have built a new container with a new version of ds-389? In the past, I 
> beleive the installer RPM's were running perl/python scripts to perform 
> backend updates.
>
> I THINK it is, but I can't find anything definitive.

Yes, it is smart enough to upgrade on startup. Provided you mount your 
persistent storage in the same location, it will do all the upgrading for you :)

It's actually the dirsrv binary itself that does the upgrade, dscontainer just 
knows how to launch it.

Hope that helps!


>
> Any help is appriciated.
>
> Cheers,
> Steve
> ___
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam on the list, report it: 
> https://pagure.io/fedora-infrastructure

--
Sincerely,

William Brown

Senior Software Engineer, Identity and Access Management
SUSE Labs, Australia
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[389-users] Upgrading Containerized ds-389

[Steve F]

Hello,

I am in the process of building my own container containing ds-389, using this 
docker file as the initial guidance -> 
https://build.opensuse.org/package/view_file/home:firstyear/389-ds-container/Dockerfile?expand=1
 (and using /usr/lib/dirsrv/dscontainer to bootstrap the image and bring up the 
container) 

I am having a think about the upgrade process for this instance. If I am 
storing the schema/relevant files on persistent storage, will 
/usr/lib/dirsrv/dscontainer be smart enough to upgrade the backend on startup 
if I have built a new container with a new version of ds-389? In the past, I 
beleive the installer RPM's were running perl/python scripts to perform backend 
updates.

I THINK it is, but I can't find anything definitive. 

Any help is appriciated.

Cheers,
Steve
___
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: SELinux is preventing mktemp from using the dac_read_search capability.

[Ed Greshko]

On 05/01/2022 21:02, Robert Moskowitz wrote:

I keep getting these errors.

I got them back with F32 and Xfce, and now with F35 and Xfce.

I asked on the SElinux list, but no one seems to be home.

Here is the full detail; it looks like it may be logwatch causing the problem.  
What do I do to fix this?

===

SELinux is preventing mktemp from using the dac_read_search capability.

*  Plugin dac_override (91.4 confidence) suggests **

If you want to help identify if domain needs this access or you have a file 
with the wrong permissions on your system
Then turn on full auditing to get path information about the offending file and 
generate the error again.
Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

*  Plugin catchall (9.59 confidence) suggests **

If you believe that mktemp should have the dac_read_search capability by 
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp

Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Objects    Unknown [ capability ]
Source    mktemp
Source Path   mktemp
Port  
Host  lx140e.htt-consult.com
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Selinux Enabled   True
Policy Type   targeted
Enforcing Mode    Enforcing
Host Name lx140e.htt-consult.com
Platform  Linux lx140e.htt-consult.com
  5.15.11-200.fc35.x86_64 #1 SMP Wed Dec 22 15:41:11
  UTC 2021 x86_64 x86_64
Alert Count   13912
First Seen    2021-11-15 03:27:05 EST
Last Seen 2022-01-02 03:09:16 EST
Local ID 2ef8a1a9-ddf5-42cc-b5dc-c08354265cc8

Raw Audit Messages
type=AVC msg=audit(1641110956.728:1612): avc:  denied  { dac_read_search } for  pid=24078 
comm="dotlockfile" capability=2 
scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 tclass=capability permissive=0


Hash: mktemp,logwatch_mail_t,logwatch_mail_t,capability,dac_read_search


Before doing as suggested in the sealert output.

What is the output of "ls -Z /usr/bin/dotlockfile" and "ls -X /usr/bin/mktemp"?


--
Did 황준호 die?
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Slade Watkins via users]

On 1/5/2022 12:59 PM, Ben Cotton wrote:
> On Wed, Jan 5, 2022 at 11:32 AM Matthew Miller  
> wrote:
>> Oh! I see Ben has already changed it. Should be live soon. :)
> 
> Well, once the build failures[1] are fixed.
> 
> In addition to fixing the typo, I also de-indented the "Supported
> Releases" and "EOL Releases" (thus removing the "Old Releases") in the
> navigation bar to help make things more clear.
> 
> [1] https://pagure.io/fedora-infrastructure/issue/10460
> 
> 

awesome! (well, not the build failures, hopefully those are worked out soon, 
haha!)

thanks to you both for listening and improving it so quickly! :)

cheers,
slade
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Screen sharing: global solution for Wayland that works for all apps

[Neal Becker]

You may have heard me mention on this list that this is a barrier for me to
switch to Wayland.  Working from home, as so many of us are, I need to give
presentations.  I prefer not to share my screen, but share a window.  Using
chrome, for example, I could share a screen, a window, or a tab.  Problem
is, when run on Wayland, when I try to share a window only some windows are
shown as  choices.  Apparently these are the Wayland native windows.  In my
testing, none of the pdf viewers I've tried fall into this category and are
given as choices to share a window.  To me this is a showstopper, and I
have to believe a lot of others have similar issues.  For now I haven't
found any alternative except stay on X11.

On Wed, Jan 5, 2022 at 2:07 PM Raman Gupta  wrote:

> I'm finally switching over to Wayland as my daily driver.
>
> However, I'm still finding big problems with screen sharing in general.
> I'm on KDE/Plasma.
>
> Many apps that are supposed to support screen sharing on Wayland --
> Electron-based apps, Chromium, OBS, proprietary apps like Zoom etc. either
> completely don't work, or work but only partially. For example, Chrome can
> share X11 windows but not Wayland windows, and cannot share screens at all
> (the option is available, but the screens are just black). OBS doesn't work
> with Pipewire+Wireplumber either, though it does seem to be able to capture
> windows that are running under XWayland.
>
> Some very nice and useful apps e.g. Pop simply output: "we don't support
> Wayland, switch to X11".
>
> As long as it is up to each app to develop their own solutions for Wayland
> this situation is likely to only change in a decade or so, if even then.
> Are there any tech initiatives on the go -- maybe at the compositor level?
> -- to have Wayland screen sharing work essentially transparently to apps
> that have already got screen sharing working for X11? I'm fine with a
> global setting that says "I don't care about screen sharing security" --
> that's essentially what I'm doing by changing my desktop back to X11 anyway.
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>


-- 
*Those who don't understand recursion are doomed to repeat it*
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Screen sharing: global solution for Wayland that works for all apps

[Raman Gupta]

I'm finally switching over to Wayland as my daily driver.

However, I'm still finding big problems with screen sharing in general. I'm
on KDE/Plasma.

Many apps that are supposed to support screen sharing on Wayland --
Electron-based apps, Chromium, OBS, proprietary apps like Zoom etc. either
completely don't work, or work but only partially. For example, Chrome can
share X11 windows but not Wayland windows, and cannot share screens at all
(the option is available, but the screens are just black). OBS doesn't work
with Pipewire+Wireplumber either, though it does seem to be able to capture
windows that are running under XWayland.

Some very nice and useful apps e.g. Pop simply output: "we don't support
Wayland, switch to X11".

As long as it is up to each app to develop their own solutions for Wayland
this situation is likely to only change in a decade or so, if even then.
Are there any tech initiatives on the go -- maybe at the compositor level?
-- to have Wayland screen sharing work essentially transparently to apps
that have already got screen sharing working for X11? I'm fine with a
global setting that says "I don't care about screen sharing security" --
that's essentially what I'm doing by changing my desktop back to X11 anyway.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Ben Cotton]

On Wed, Jan 5, 2022 at 11:32 AM Matthew Miller  wrote:
> Oh! I see Ben has already changed it. Should be live soon. :)

Well, once the build failures[1] are fixed.

In addition to fixing the typo, I also de-indented the "Supported
Releases" and "EOL Releases" (thus removing the "Old Releases") in the
navigation bar to help make things more clear.

[1] https://pagure.io/fedora-infrastructure/issue/10460


-- 
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Doug Herr]

On Tue, Jan 4, 2022, at 3:11 PM, Anil Felipe Duggirala wrote:
> I will ask this question here since I didn't understand the 
> explanations I found elsewhere.
> Until when will Fedora 34 be supported? 
> Is it highly recommended that I upgrade to Fedora 35 at this point?

I know this is all sorted out but wanted to give some tips on planning your 
updates...

If you want to contribute to the testing of Fedora then update as soon as a new 
release comes out. There are always a few things that need attention so it is 
good to have the "early adopters" in there checking things out.

If you want a little more stability then it makes sense to update somewhere in 
the middle of the schedule. That gives time for that early stuff to get sorted 
out and it is not so close to the next release that all the developers are 
stressed out with the new release. By that thinking it *is* about time to do an 
upgrade but no real hurry.

Using that method I have been happily running an install that has not been 
"Fresh" since Fedora 19.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Matthew Miller]

On Wed, Jan 05, 2022 at 11:26:40AM -0500, Matthew Miller wrote:
> Thanks! Yeah, I agree that that's confusing. The problem is that that
> document is coming from our Program Management team, and that team mostly is
> concerned with the releases we're developing — so current releases are
> "old". :)

Oh! I see Ben has already changed it. Should be live soon. :)

-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Matthew Miller]

On Wed, Jan 05, 2022 at 08:05:03AM -0500, Slade Watkins wrote:
> yes, happy to help! what I was referring to was the sorting of the
> sections in the sidebar on this page:
> https://docs.fedoraproject.org/en-US/releases/lifecycle/


Thanks! Yeah, I agree that that's confusing. The problem is that that
document is coming from our Program Management team, and that team mostly is
concerned with the releases we're developing — so current releases are
"old". :)

> something I came up with last night: was thinking a chart with releases
> and EOL dates (like a couple other distros have) might help? including the
> 4-5 most recent releases of Fedora as well as their EOL dates in the chart
> would make digging around just to find the date much easier.

Yeah, I think that's a good idea.

-- 
Matthew Miller

Fedora Project Leader
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: I have defeated Wayland!

[Tom Horsley]

On Wed, 5 Jan 2022 08:09:10 -0400
George N. White III wrote:

> This commit enables those two features in mutter for both X11 and Wayland.

It does make more sense for it to be in the software, especially for
laptops where there is no "between" to wedge the microcode, but I really
hope someone will come up with a standard library interface
all the compositors can use to get the same level of support
for input mappings, otherwise we'll just have duelling compositors
with different features.

The microcode was fun though (and it works now rather than someday :-).
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Ben Cotton]

On Wed, Jan 5, 2022 at 2:45 AM Anil Felipe Duggirala
 wrote:
>
> Then I consulted this site, 
> https://docs.fedoraproject.org/en-US/releases/lifecycle/
> That site says exactly what you confirmed (13 months after the release). 
> However I got a bit confused in the section called Maintenance schedule where 
> it says "''Release n'' is supported until four weeks after the release of 
> ''Release M+2''". I didn't know if 'n' and 'M' were the same thing here.
>

Sorry, those should both be "N". I just can't type. :-) I'll push a
fix for that momentarily.

-- 
Ben Cotton
He / Him / His
Fedora Program Manager
Red Hat
TZ=America/Indiana/Indianapolis
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[George N. White III]

On Wed, 5 Jan 2022 at 03:44, Anil Felipe Duggirala <
anilduggir...@fastmail.fm> wrote:

> On Tue, Jan 4, 2022, at 7:04 PM, Matthew Miller wrote:
> > On Tue, Jan 04, 2022 at 06:11:24PM -0500, Anil Felipe Duggirala wrote:
> >> I will ask this question here since I didn't understand the
> explanations I
> >> found elsewhere. Until when will Fedora 34 be supported?
> >
> > Until 4 weeks after the Fedora Linux 36 release. That's currently
> scheduled
> > for 2022-04-19, which makes EOL for Fedora Linux 34 2022-05-17.
> >
>
> Thanks for that clarification Matthew, I guess I will upgrade soon then. I
> always wonder if upgrading is as good as performing a clean installation
> (that's an additional question).
>

I use Fedora and Debian unstable for "future proofing" workflows that will
be used on LTS systems.
A fresh install is needed every few releases as "orphaned" cruft that
updating doesn't remove accumulates.
Debian's aptitude has a category for "obsolete and locally created"
packages that catches most of those.

Upgrading generally preserves configurations and "locally created"
packages, so workflows may run on
after an update but need extra work after a fresh install.


>
> > I'm curious where you found the explanations that were confusing, and
> how we
> > could improve them.
>
> Well, I did a search asking something for "Fedora release support" and
> didn't get much.
> Then I consulted this site,
> https://docs.fedoraproject.org/en-US/releases/lifecycle/
> That site says exactly what you confirmed (13 months after the release).
> However I got a bit confused in the section called Maintenance schedule
> where it says "''Release n'' is supported until four weeks after the
> release of ''Release M+2''". I didn't know if 'n' and 'M' were the same
> thing here.
>
> Its all clear to me now though,
> thanks a lot,
>
> Anil
> ___
> users mailing list -- users@lists.fedoraproject.org
> To unsubscribe send an email to users-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>


-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: support term for Fedora 34

[Slade Watkins via users]

On 1/4/2022 10:57 PM, Matthew Miller wrote:
> 
> Sorry, which section? Do you have a link? We're working on redesigning the
> layout of our docs, so looking at this is timely. :)
> 

yes, happy to help! what I was referring to was the sorting of the sections in 
the sidebar on this page: 
https://docs.fedoraproject.org/en-US/releases/lifecycle/

something I came up with last night: was thinking a chart with releases and EOL 
dates (like a couple other distros have) might help? including the 4-5 most 
recent releases of Fedora as well as their EOL dates in the chart would make 
digging around just to find the date much easier.

slade
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

SELinux is preventing mktemp from using the dac_read_search capability.

[Robert Moskowitz]

I keep getting these errors.

I got them back with F32 and Xfce, and now with F35 and Xfce.

I asked on the SElinux list, but no one seems to be home.

Here is the full detail; it looks like it may be logwatch causing the 
problem.  What do I do to fix this?


===

SELinux is preventing mktemp from using the dac_read_search capability.

*  Plugin dac_override (91.4 confidence) suggests 
**


If you want to help identify if domain needs this access or you have a 
file with the wrong permissions on your system
Then turn on full auditing to get path information about the offending 
file and generate the error again.

Do

Turn on full auditing
# auditctl -w /etc/shadow -p w
Try to recreate AVC. Then execute
# ausearch -m avc -ts recent
If you see PATH record check ownership/permissions on file, and fix it,
otherwise report as a bugzilla.

*  Plugin catchall (9.59 confidence) suggests 
**


If you believe that mktemp should have the dac_read_search capability by 
default.

Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mktemp' --raw | audit2allow -M my-mktemp
# semodule -X 300 -i my-mktemp.pp

Additional Information:
Source Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Context system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023
Target Objects    Unknown [ capability ]
Source    mktemp
Source Path   mktemp
Port  
Host  lx140e.htt-consult.com
Source RPM Packages
Target RPM Packages
SELinux Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Local Policy RPM selinux-policy-targeted-35.7-1.fc35.noarch
Selinux Enabled   True
Policy Type   targeted
Enforcing Mode    Enforcing
Host Name lx140e.htt-consult.com
Platform  Linux lx140e.htt-consult.com
  5.15.11-200.fc35.x86_64 #1 SMP Wed Dec 22 
15:41:11

  UTC 2021 x86_64 x86_64
Alert Count   13912
First Seen    2021-11-15 03:27:05 EST
Last Seen 2022-01-02 03:09:16 EST
Local ID  2ef8a1a9-ddf5-42cc-b5dc-c08354265cc8

Raw Audit Messages
type=AVC msg=audit(1641110956.728:1612): avc:  denied  { dac_read_search 
} for  pid=24078 comm="dotlockfile" capability=2 
scontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tcontext=system_u:system_r:logwatch_mail_t:s0-s0:c0.c1023 
tclass=capability permissive=0



Hash: mktemp,logwatch_mail_t,logwatch_mail_t,capability,dac_read_search

___
selinux mailing list -- seli...@lists.fedoraproject.org
To unsubscribe send an email to selinux-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/seli...@lists.fedoraproject.org 

Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: I have defeated Wayland!

[George N. White III]

On Mon, 3 Jan 2022 at 15:44, Tom Horsley  wrote:

> https://tomhorsley.com/hardware/mouse-tailor/mouse-tailor.html
>
> My latest silly project adds all the mouse settings to microcode
> outside of the operating system so my trackball can be useful
> when I'm forced to use Wayland (which seems to have utterly discarded
> any useful mouse settings once available under X11).
>

Drag lock is needed on ships at sea when things get rough, but for
trackpads.

Have you seen: https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1319:

Gnome now misses two libinput touchpad settings:

   - tap button mapping
   - tap dragging lock

This commit enables those two features in mutter for both X11 and Wayland.

It has to be tested against this

merge request which includes the relative keys in gsettings.

-- 
George N. White III
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Artifacts running konsole under Fedora-35

[Jonathan Ryshpan]

On Wed, 2022-01-05 at 01:19 -0800, Samuel Sieb wrote:
> On 1/5/22 01:00, Jonathan Ryshpan wrote:
> > Wayland is very flaky, crashes of various kinds, sometimes killing 
> > individual apps, sometimes an entire session.  I can't reproduce
> > the 
> > crashes reliably; they happen when they happen. The only thing that
> > may 
> > be relevant is that I am running Firefox with many (probably too
> > many) 
> > windows and tabs.
> 
> It's probably not Wayland.  When it happens, check the journal.  It's
> likely the OOM killer.

BTW: KDE is now better.  No artifacts running X11, after nothing but
investigating and replying to your email.  Go figure...


-- 
Sincerely Jonathan Ryshpan 

 If thousands of volunteers can make an operating system
 that doesn't crash, thousands of highly paid engineers
 should be able to do it, too. Then why don't they?
 -- Al Fasoldt
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Artifacts running konsole under Fedora-35

[Jonathan Ryshpan]

On Wed, 2022-01-05 at 01:19 -0800, Samuel Sieb wrote:
> On 1/5/22 01:00, Jonathan Ryshpan wrote:
> > Wayland is very flaky, crashes of various kinds, sometimes killing 
> > individual apps, sometimes an entire session.  I can't reproduce
> > the 
> > crashes reliably; they happen when they happen. The only thing that
> > may 
> > be relevant is that I am running Firefox with many (probably too
> > many) 
> > windows and tabs.
> 
> It's probably not Wayland.  When it happens, check the journal.  It's
> likely the OOM killer.

Possible though not likely.  I just started firefox and ksysguardm
still running X11 and gnome-terminal.  The situation is:
 Memory 5.9 GiB / 15.5 GiB Swap 0 B / 32.0
GiB


Also looked for action from OOM (F35 was installed on 2022-01-02 about
19:30):
   $ journalctl --since 2022-01-01 | grep -i 'killed process'
   $ 

On the other hand:
   $ journalctl --since yesterday | grep -i wayland
   Jan 04 05:39:45 amito org_kde_powerdevil[79877]: The Wayland connection
   broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito polkit-kde-authentication-agent-1[79876]: The
   Wayland connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito kactivitymanagerd[79883]: The Wayland connection
   broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito kded5[79965]: The Wayland connection broke. Did
   the Wayland compositor die?
   Jan 04 05:39:45 amito kdeconnectd[79956]: The Wayland connection broke.
   Did the Wayland compositor die?
   Jan 04 05:39:45 amito unknown[79959]: Lost connection to Wayland
   compositor.
   Jan 04 05:39:45 amito xdg-desktop-portal-kde[80214]: The Wayland
   connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito konsole[80928]: The Wayland connection broke. Did
   the Wayland compositor die?
   Jan 04 05:39:45 amito unknown[87054]: Lost connection to Wayland
   compositor.
   Jan 04 05:39:45 amito baloorunner[88772]: The Wayland connection broke.
   Did the Wayland compositor die?
   Jan 04 05:39:45 amito kwalletd5[99930]: The Wayland connection broke.
   Did the Wayland compositor die?
   Jan 04 05:39:45 amito akonadi_kalarm_resource[80438]: The Wayland
   connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito akonadi_kalarm_resource[80427]: The Wayland
   connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito akonadi_kalarm_resource[80439]: The Wayland
   connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito akonadi_archivemail_agent[80419]: The Wayland
   connection broke. Did the Wayland compositor die?
   Jan 04 05:39:45 amito kgpg[80023]: The Wayland connection broke. Did
   the Wayland compositor die?
   ...

-- 
Many Thanks - Jonathan Ryshpan 

 We are sorry, but the number you have dialed is
 imaginary. Please rotate your phone 90 degrees
 and try again.
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Artifacts running konsole under Fedora-35

[Samuel Sieb]

On 1/5/22 01:00, Jonathan Ryshpan wrote:
Wayland is very flaky, crashes of various kinds, sometimes killing 
individual apps, sometimes an entire session.  I can't reproduce the 
crashes reliably; they happen when they happen. The only thing that may 
be relevant is that I am running Firefox with many (probably too many) 
windows and tabs.


It's probably not Wayland.  When it happens, check the journal.  It's 
likely the OOM killer.

___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Re: Artifacts running konsole under Fedora-35

[Jonathan Ryshpan]

On Wed, 2022-01-05 at 01:00 -0800, Jonathan Ryshpan wrote:
> X11 messes up konsole, the KDE terminal emulator.  When typing onto
> the screen, not displaying text generated by an application, the test
> appears slowly and with many strange artifacts. It looks like the
> text appears on one interlace and then gradually gets better; the
> text takes about 500 msec to recover; the same thing happens with
> window decorations when I mouse over them. I have attempted to record
> screen behavior using simplescreenrecorder, but when I start it, the
> problem goes away.

The highlighted text is actually not true.  The problem occurs with
many KDE applications, e.g. kpat and simplescreenrecorder.  Starting
simplescreenrecorder does make the artifacts stop.

-- 
Many Thanks - Jonathan Ryshpan 

 Anyone can do any amount of work, provided 
 it isn't the work he is supposed to be doing.
 --Robert Benchley
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Artifacts running konsole under Fedora-35

[Jonathan Ryshpan]

I've just upgraded from F34 to F35 and have troubles with KDE vs
Wayland and X11.  

Wayland is very flaky, crashes of various kinds, sometimes killing
individual apps, sometimes an entire session.  I can't reproduce the
crashes reliably; they happen when they happen. The only thing that may
be relevant is that I am running Firefox with many (probably too many)
windows and tabs.

X11 messes up konsole, the KDE terminal emulator.  When typing onto the
screen, not displaying text generated by an application, the test
appears slowly and with many strange artifacts. It looks like the text
appears on one interlace and then gradually gets better; the text takes
about 500 msec to recover; the same thing happens with window
decorations when I mouse over them. I have attempted to record screen
behavior using simplescreenrecorder, but when I start it, the problem
goes away.

Right now I'm using X11 with gnome-terminal, which doesn't show the
problem.

System is:
   Operating System: Fedora Linux 35
   KDE Plasma Version: 5.23.4
   KDE Frameworks Version: 5.89.0
   Qt Version: 5.15.2
   Kernel Version: 5.15.12-200.fc35.x86_64 (64-bit)
   Graphics Platform: X11
   Processors: 8 × Intel® Core™ i7-4790K CPU @ 4.00GHz
   Memory: 15.5 GiB of RAM
   Graphics Processor: Mesa Intel® HD Graphics 4600

-- 
All Suggestions Welcome - Jonathan Ryshpan 

 What is love? 'tis not hereafter; 
 Present mirth hath present laughter. 
 What's to come is still unsure: 
 In delay there lies no plenty,
 Then come kiss me, sweet and twenty. 
 Youth's a stuff will not endure." 
 -- Shakespeare's Twelfth Night
___
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure