Re: [CentOS] Docker container isolation not working in CentOS 7

On 8/10/20 11:33, Nicolas Kovacs wrote: > Le 10/08/2020 à 17:03, Roberto Ragusa a écrit : >> Where is your docker coming from? > From the CentOS repository on Docker.com: > > $ head -n 7 /etc/yum.repos.d/docker-ce.repo > [docker-ce-stable] > name=Docker CE Stable - $basearch >

Re: [CentOS] Running CentOS 6 in a Docker container on a non-CentOS host

On 3/10/20 04:31, Peter Kjellström wrote: > On Mon, 9 Mar 2020 16:16:01 -0400 > Alfred von Campe wrote: > >>> On Mar 5, 2020, at 6:05, Peter Kjellström wrote: >>> >>> You can use singularity. The following example makes an image by >>> pulling from centos on dockerhub: >> Interesting! However,

Re: [CentOS] Docker on Centos 7

On 1/4/19 9:50 PM, H wrote: > On 01/04/2019 09:16 PM, H wrote: >> On 01/04/2019 08:27 AM, Daniel Walsh wrote: >>> On 1/4/19 8:22 AM, Daniel Walsh wrote: >>>> On 1/3/19 10:19 PM, H wrote: >>>>> I recently updated docker to version 18.09 and I seem to hav

Re: [CentOS] Docker on Centos 7

On 1/4/19 8:22 AM, Daniel Walsh wrote: > On 1/3/19 10:19 PM, H wrote: >> I recently updated docker to version 18.09 and I seem to have lost the >> container id in the command prompt when I exec into a running container, a >> very useful feature in the previous version

Re: [CentOS] Docker on Centos 7

On 1/3/19 10:19 PM, H wrote: > I recently updated docker to version 18.09 and I seem to have lost the > container id in the command prompt when I exec into a running container, a > very useful feature in the previous version I was running. I have not found > any information in the Docker

Re: [CentOS] centos docker which repo (centos or docker)

On 12/27/18 6:48 AM, Yamaban wrote: > On Thu, 27 Dec 2018 11:56 CET, ralf.prengel@... wrote: > >> My question: >> >> Should I use docker from the standard repo or the version from the >> docker-repo? > > Main diff between std-repo and docker-repo: > > std-repo: >    works. stable. not the newest,

Re: [CentOS] Centos7 & Selinux & Tor

On 10/23/18 2:49 PM, Robin Lee wrote: > On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: >> I've just encountered a problem starting tor. When I do 'systemctl >> start tor' it fails and I get selinux errors in the log. There was >> suggestion to do full auditing with 'auditctl -w /etc/shadow -p

Re: [CentOS] Type enforcement / mechanism not clear

On 09/10/2018 09:41 AM, Leon Fauster via CentOS wrote: Am 09.09.2018 um 16:19 schrieb Daniel Walsh : On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: Am 09.09.2018 um 14:49 schrieb Daniel Walsh : On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: Any SElinux expert here - briefly

Re: [CentOS] Type enforcement / mechanism not clear

On 09/09/2018 09:43 AM, Leon Fauster via CentOS wrote: Am 09.09.2018 um 14:49 schrieb Daniel Walsh : On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t # sesearch

Re: [CentOS] Type enforcement / mechanism not clear

On 09/08/2018 09:50 PM, Leon Fauster via CentOS wrote: Any SElinux expert here - briefly: # getenforce Enforcing # sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t # sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t # ls -laZ /etc/sysctl.conf /etc/rsyslog.conf

Re: [CentOS] selinux question

On 08/21/2018 12:27 PM, Nataraj wrote: I have a web application which uses sudo to invoke python scripts as the user under which the application runs (NO root access).  Is there any reason why sudo would would require sys_ptrace access for this?  I only get this violation intermittenly, and not

Re: [CentOS] Unable to access network from docker container

On 04/06/2018 03:50 PM, H wrote: On April 5, 2018 4:49:57 PM EDT, H wrote: I have recently installed docker and playing around with it. On a CentOS 7 machine, however, I am unable to get access to the outside internet, thus yum ... fails. The host machine runs fine. I

Re: [CentOS] more selinux problems ...

On 09/23/2017 08:37 AM, hw wrote: Hi, how do I allow lighttpd access to a directory like this: dr-xrwxr-x. lighttpd example unconfined_u:object_r:samba_share_t:s0 files_articles I tried to create and install a selinux module, and it didn´t work. The non-working module can not be removed,

Re: [CentOS] selinux prevents lighttpd from printing

On 09/22/2017 08:24 AM, hw wrote: Daniel Walsh wrote: On 09/22/2017 06:58 AM, hw wrote: PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64

Re: [CentOS] selinux prevents lighttpd from printing

On 09/22/2017 06:58 AM, hw wrote: PS: Now I found this: type=PROCTITLE msg=audit(09/22/2017 12:08:29.911:1023) : proctitle=/usr/lib/sendmail -t -oi -oem -fwawi-genimp type=SYSCALL msg=audit(09/22/2017 12:08:29.911:1023) : arch=x86_64 syscall=setgroups success=no exit=EPERM(Operation not

Re: [CentOS] weird SELinux denial

On 06/06/2017 01:19 PM, Vanhorn, Mike wrote: On 6/6/17, 12:38 PM, "Daniel Walsh" <dwa...@redhat.com> wrote: I am asking if you run it again, does it change. If the boolean is set the audit2why should say that the AVC is allowed. Well, if I just run audit2why again, it

Re: [CentOS] weird SELinux denial

access by executing: # setsebool -P allow_ypbind 1 --- Mike VanHorn Senior Computer Systems Administrator College of Engineering and Computer Science Wright State University 265 Russ Engineering Center 937-775-5157 michael.vanh...@wright.edu On 6/6/17, 9:29 AM, "Daniel Walsh&

Re: [CentOS] weird SELinux denial

On 06/06/2017 09:17 AM, Vanhorn, Mike wrote: I keep seeing this in my audit.logs: type=AVC msg=audit(1496336600.230:6): avc: denied { name_connect } for pid=2411 comm="dbus-daemon" dest=111 scontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023