Ben Beasley writes:
> sestatus
This is based on upstream commit d464187c37529c [1]:
policycoreutils: sestatus belongs to bin not sbin
It is quite useful even to non-privileged users and doesn't require any
privileges to work, except for maybe -v.
Some tools hard code the
Ondrej Pohorelsky writes:
> I've removed cron.allow from my PR[0] and reverted to cron.deny approach.
> As this was the only disputed change in these PRs so far, I plan on merging
> both of them into rawhide at the end of this week.
> However, if you see any issue with merging this "middle ground
Steve Grubb writes:
> On Monday, June 26, 2023 2:47:01 PM EDT Peter Robinson wrote:
>> On Thu, Jun 22, 2023 at 5:15 PM Aoife Moloney wrote:
>> >
>> >
>> > https://fedoraproject.org/wiki/Changes/LibuserDeprecation
>> >
>> >
>> >
>> >
>> > This document represents a proposed Change. As part of the
Gary Buhrmaster writes:
> On Mon, Jul 18, 2022 at 6:44 AM Petr Lautrbach wrote:
>>
>> Dan Čermák writes:
>> >
>> > Just out of curiosity, how large is the speedup typically?
>> >
>
>>
>> It depends on the number of threads your machine
r runs `fixfiles onboot`, SELinux autorelabel
>>will be run in parallel by default.
>>
>>== Owner ==
>>* Name: [[User:plautrba| Petr Lautrbach]]
>>* Email: plaut...@redhat.com
>>
>>
>>== Detailed Description ==
>>SELinux tools `restorecon` and `fix
Petr Lautrbach writes:
> Kevin Fenzi writes:
>
>> Greetings everyone.
>>
>> We finally have everything in place and hopefully tested to make the
>> switch tomorrow from master to rawhide/main branches for
>> src.fedoraproject.org.
>>
>> At 13
Kevin Fenzi writes:
> Greetings everyone.
>
> We finally have everything in place and hopefully tested to make the
> switch tomorrow from master to rawhide/main branches for
> src.fedoraproject.org.
>
> At 13:30UTC we will adjust pagure to reject pushes to 'master' and then
> will be moving all
On Wed, Nov 04, 2020 at 09:47:50AM +0100, Petr Lautrbach wrote:
> Hi,
>
> in order to prevent backward compatibility libsepol and libsemanage used had
> few
> symbols defined twice and used symbol versioning for them. But when LTO was
> enabled these symbols were complet
On Wed, Nov 04, 2020 at 03:48:28PM +0100, Miro Hrončok wrote:
> On 11/4/20 3:41 PM, Gary Buhrmaster wrote:
> > On Wed, Nov 4, 2020 at 8:48 AM Petr Lautrbach wrote:
> >
> > > As none of packages which require either libsepol or libsemanage use
> > > dropped
Hi,
in order to prevent backward compatibility libsepol and libsemanage used had few
symbols defined twice and used symbol versioning for them. But when LTO was
enabled these symbols were completely dropped during compilation, see
https://github.com/SELinuxProject/selinux/issues/245
In order to f
On Wed, Sep 16, 2020 at 04:07:11PM +0200, Ondrej Mosnacek wrote:
> On Thu, Sep 10, 2020 at 6:05 PM Robbie Harwood wrote:
> >
> > Ondrej Mosnacek writes:
> >
> > > James Cassell wrote:
> > >> Ben Cotton wrote:
> > >>
> > >>> https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime
On Thu, Sep 10, 2020 at 03:46:38PM +0200, Michal Schorm wrote:
> Does this mean, the "setenforce 0" won't work anymore?
No, setenforce will not be affected by this change.
> I use it quite a lot to examine the denials and audit2allow to
> generate updated rules which fixes my issues.
>
> I would
ed via read-only-after-initialization protections.
> >
> > Migrate users to using ''selinux=0'' if they want to disable SELinux.
> >
> > == Owner ==
> > * Name: [[User:plautrba| Petr Lautrbach]]
> > * Email: plaut...@redhat.com
> > * Name:
On Fri, Jun 26, 2020 at 08:39:19PM +0200, Robert-André Mauchin wrote:
> Hello,
>
>
> I know next to nothing about SELinux so I'd like some help about the Bitcoin
> Package Review by negativo17:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1834731
>
> Notably: are the bitcoin.{te,fc,if} fil
It's already reported - https://bugzilla.redhat.com/show_bug.cgi?id=1832327
It's `fixfiles` issue related to the following file context change:
+ /s?bin/arping -- system_u:object_r:netutils_exec_t:s0
- /sbin/arping -- system_u:object_r:netutils_exec_t:s0
`fixfiles` script tr
-
plaut...@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1814223 - Assignee Petr Lautrbach
but
https://src.stg.fedoraproject.org/rpms/setroubleshoot -
Bugzilla Assignee:
Fedora:
dwalsh
EPEL:
dwalsh
signature.asc
Description: PGP signature
__
Hi,
I orphaned vim-vimoutliner.
I switched to emacs and haven't touched it for some time.
Thanks,
Petr
signature.asc
Description: PGP signature
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists
On Wed, Nov 01, 2017 at 09:59:29AM +0100, Igor Gnatenko wrote:
> On Wed, 2017-11-01 at 09:46 +0100, Petr Lautrbach wrote:
> > Hi,
> >
> > we are going to drop file_contexts.bin from selinux-policy-targeted
> > package.
> >
> > file_contexts.bin file is re
Hi,
we are going to drop file_contexts.bin from selinux-policy-targeted package.
file_contexts.bin file is regenerated by sefcontext_compile utility every time
policy is rebuilt, e.g. during update, after semodule -B, ... and this file
contains pre compiled pcre regexes from file_contexts.
We ad
On Tue, Oct 24, 2017 at 12:25:14PM +0200, Petr Lautrbach wrote:
> On Tue, Oct 24, 2017 at 09:10:32AM +0200, Dominik 'Rathann' Mierzejewski
> wrote:
> > Hello, Lukas.
> > Thanks for this thread.
> >
> > On Monday, 23 October 2017 at 17:50, Lukas Vrabec wr
On Tue, Oct 24, 2017 at 09:10:32AM +0200, Dominik 'Rathann' Mierzejewski wrote:
> Hello, Lukas.
> Thanks for this thread.
>
> On Monday, 23 October 2017 at 17:50, Lukas Vrabec wrote:
> > On 10/21/2017 08:48 PM, Kevin Fenzi wrote:
> [...]
> > > Also, perhaps it would make sense to move to a more no
On Tue, Oct 10, 2017 at 05:06:02PM +0200, Zygmunt Krynicki wrote:
>
> As it's too early to tell which way we'll go with SELinux and golang I
> think it's okay to drop this. Once we start to make some progress into
> making any policy work in snapd we'll either revive this or use a
> maintained pac
Hi,
libselinux golang bindings [1] haven't been touched since 2014, have
never been upstreamed, nothing requires/uses them in Fedora and since
there's another SELinux golang bindings maintained by opencontainers [2]
I'm going to drop them from Fedora Rawhide.
[1] https://github.com/fedora-selinu
On 02/23/2017 12:27 AM, Adam Williamson wrote:
> On Thu, 2017-02-23 at 00:22 +0100, Petr Lautrbach wrote:
>>
>> I have a fix for it in setools-4.1.0-1.fc26.6 -
>> https://copr.fedorainfracloud.org/coprs/build/516358/
>>
>>
>> python3-networkx is only requ
On 02/22/2017 07:14 PM, Petr Lautrbach wrote:
> On Wed, Feb 22, 2017 at 09:05:14AM -0800, Adam Williamson wrote:
>> On Wed, 2017-02-22 at 17:30 +0100, Petr Lautrbach wrote:
>>>
>>>> Rawhide has been broken since the 15th, First due to nss, then rdma-
>>>
On Wed, Feb 22, 2017 at 09:05:14AM -0800, Adam Williamson wrote:
> On Wed, 2017-02-22 at 17:30 +0100, Petr Lautrbach wrote:
> >
> > > Rawhide has been broken since the 15th, First due to nss, then rdma-
> > > core, followed by policycoreutils and setools breakages.
pers quicker that a change they made, has broken things. Please
> do not assume that the reason why rawhide is currently a little stale
> is due to intentionally not pushing changes or holding anything back
> because it is not. It is entirely a matter of the type of breakage we
> want to avoid going forward,
>
&g
more information about this releases see [3],[4]
[1] https://copr.fedorainfracloud.org/coprs/plautrba/selinux-2.6/
[2] https://marc.info/?l=selinux&m=147646050027049&w=2
[3] https://marc.info/?l=selinux&m=146237109422331&w=2
[4] https://marc.info/?l=selinux&m=148521504308304&
On 06/30/2016 09:52 PM, Richard W.M. Jones wrote:
> On Thu, Jun 30, 2016 at 09:23:45PM +0200, Petr Lautrbach wrote:
>> On 06/30/2016 06:13 PM, Lennart Poettering wrote:
>>> On Thu, 30.06.16 10:45, Simo Sorce (s...@redhat.com) wrote:
>>>
>>>>>> Insert yo
emd
as systemd can't read fedora-relabel unit file now
Unless we want to loosen the policy to allow systemd read file with any
file context, it will be up to a administrator to set a permissive mode
via the kernel command line
(5) the relabeling service will still need to have StandardInput=tty
tlib/__init__.py", line 126, in
import_module
return _bootstrap._gcd_import(name[level:], package, level)
ImportError: No module named '_selinux'
# dnf update
...
# rpm -q libselinux
libselinux-2.5-8.fc25.x86_64
# python3 -c 'import selinux'
#
Petr
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/devel@lists.fedoraproject.org
Hi,
libselinux upstream plans to disallow to use getpidcon(0, ) in sense of
getpidcon(getpid(), )
This behavior has never been documented and it's implementation is
considered error prone.
There seems to be no such case in Fedora but if your project uses
getpidcon() with pid == 0 to get the cont
pm -qlp policycoreutils-2.4-13.fc24.x86_64.rpm \
> | grep sbin/restorecon
> ...
> /usr/sbin/restorecon
>
> # rpm -q --provides -p policycoreutils-2.4-13.fc24.x86_64.rpm \
> | grep sbin/restorecon
> ...
> /sbin/restorecon
>
> => Likely, something is broken with
fault
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1076441
Thanks,
Petr
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct:
are ready to help with other modules or issues with migration on
seli...@lists.fedoraproject.org mailing list.
[1] https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
Petr
--
Petr Lautrbach
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailm
Dne 15.6.2015 v 12:15 Lennart Poettering napsal(a):
> On Mon, 15.06.15 11:15, Petr Lautrbach (plaut...@redhat.com) wrote:
>
>> Dne 13.6.2015 v 19:07 Lennart Poettering napsal(a):
>>> On Fri, 12.06.15 19:00, Miroslav Grepl (mgr...@redhat.com) wrote:
>>>
>&g
s are shipped with RPM, SELinux tools (semanage, semodule)
work on this storage to make intended changes. When you enable or
disable modules, when you install modules, when you do changes in
SELinux users, logins and booleans, it's done in SELinux store.
Petr
--
Petr Lautrba
Dne 11.6.2015 v 14:42 Colin Walters napsal(a):
> On Thu, Jun 11, 2015, at 06:51 AM, Jan Kurik wrote:
>> = Proposed System Wide Change: SELinux policy store migration =
>> https://fedoraproject.org/wiki/Changes/SELinuxPolicyStoreMigration
>>
>> Change owner(s):
>>
gt;> are using is available.
>>
>>
>> Debian tcp_wrappers changelog:
>> http://archive.debian.net/changelogs/pool/main/t/tcp-wrappers/tcp-wrappers_7.6.q-16/changelog
>>
>> "New patch aclexec: adds the aclexec command and its documentation." was
>
f these enforced users will be 'user' or 'test'?
Petr
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Hello all,
awstats-7.2 upgraded license to GPLv3+.
awstats-7.2-1.fc21 is being built for Rawhide right now.
Regards,
Petr
--
Petr Lautrbach
signature.asc
Description: OpenPGP digital signature
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman
rective 'blbla' is not allowed within a Match
block
[14:46:55 root@malas ~ ]# ssh localhost
Fedora release 21 (Rawhide)
root@localhost's password:
Petr
--
Petr Lautrbach
Security Technologies
Red Hat
Better technology. Faster innovation. Powered by community collaboration.
> all Unix systems, so they built something like them in userspace. But
> that time is long long gone, and pretty much any Linux installation I
> know nowadays has a firewall compiled into the kernel...
>
> Lennart
>
>
>
> [1] well, sure tcpwrap resolves DNS dynami
permail/devel/2013-January/176599.html
Petr
--
Petr Lautrbach , Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On 01/23/2013 10:53 AM, Petr Pisar wrote:
On 2013-01-22, Petr Lautrbach wrote:
I'm going to push update cyrus-sasl-2.1.26 into Rawhide soon. Part of
this update is also SONAME bump to libsasl2.so.3.
The main issue with this update is that it would break buildroot since
there is the ope
On 01/22/2013 03:53 PM, Bruno Wolff III wrote:
On Tue, Jan 22, 2013 at 15:19:18 +0100,
Petr Lautrbach wrote:
It's my understanding that there will be mass rebuild soon so I wouldn't
rebuild all of them manually,
but I would wait for this rebuild.
Comments? Suggestions?
The re
Hi all,
I'm going to push update cyrus-sasl-2.1.26 into Rawhide soon. Part of this
update
is also SONAME bump to libsasl2.so.3.
The main issue with this update is that it would break buildroot since there is
the openldap
package requiring libsasl2.so.2 which is part of buildroot. So I'll do ne
On 11/12/2012 06:44 PM, Seth Vidal wrote:
On Mon, 12 Nov 2012, Petr Lautrbach wrote:
scp is a ssh client. It connects to other host using a ssh connection and runs
'scp -t' or 'scp -f'
commands on the remote side. From my point of view, it's same as any other
pr
27;scp -t' or 'scp -f'
commands on the remote side. From my point of view, it's same as any other
program you can use via
ssh and I believe that openssh-clients is the right place for it.
sftp subsystem is configured by default so you can use it if you need transfer
files to minim
, the bug was accidentally closed by F18 update and since it's
closed it
went out of my sight. Also I missed you comment. I'm sorry. Feel free to reopen
a bug if you think that an issue is not fixed.
Here's an update https://admin.fedoraproject.org/updates/openssh-5.9p1-27.fc17
pet
On 05/26/2011 12:44 PM, Rahul Sundaram wrote:
> On 05/26/2011 03:45 PM, Petr Lautrbach wrote:
>> Ok, I admit that I should have sent announcement to allow wider awareness.
>>
>> upstart-1.0 branch is in fact minor update of upstart-0.6.5, it was just
>> declared stabl
On 05/25/2011 09:33 PM, Rahul Sundaram wrote:
> On 05/25/2011 04:34 PM, Petr Lautrbach wrote:
>> upstart-1.2-2 hasn't changed upstart behavior. It fixes upstream bugs and
>> also adds new
>> features like new stanzas (manual,debug) and also .override files
>> fea
On 05/25/2011 08:24 PM, Lennart Poettering wrote:
> On Wed, 25.05.11 13:04, Petr Lautrbach (plaut...@redhat.com) wrote:
>
>>
>> On Wed, May 25, 2011 at 11:33:50AM +0200, Kevin Kofler wrote:
>>> Hi,
>>>
>>> today this update:
>>> https://admi
On Wed, May 25, 2011 at 11:33:50AM +0200, Kevin Kofler wrote:
> Hi,
>
> today this update:
> https://admin.fedoraproject.org/updates/upstart-1.2-2.fc14
> got pushed to F14. (FWIW, I don't see how this is consistent with the update
> policies, but that's not the matter here.)
Hi,
upstart-1.x bra
On Tue, Nov 30, 2010 at 08:21:32AM +0100, Aurelien Bompard wrote:
> Hi all,
>
> I'm orphaning awstats, a web log file analyzer.
> If anyone's interested...
>
I will take it.
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@list
e=755
0 0
tmpfs /var/lock tmpfs rw,noexec,nosuid,nodev,mode=775,gid=54
0 0
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
package.
This would have minimal impact to changes in .spec files (no new scriplets
needed) and also to configurations
without tmpfs on /var/{run,lock}
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
s
> are moved to native systemd services.
>
> Bill
Since initscripts-legacy is complement to initscripts
initscripts-legacy should have
Requires: %{name} = %{version}-%{release}
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On 10/15/2010 01:13 AM, Kevin Kofler wrote:
> Petr Lautrbach wrote:
>> systemd will be default init system in Fedora 15 and scripts
>> infrastructure will be adapted to it. There is a plan to leave upstart in
>> Fedora as non-official alternative.
>
> I don't thin
rror: systemd conflicts with upstart-sysvinit
> You could try running: rpm -Va --nofiles --nodigest
>
Hi,
this is fixed with upstart-0.6.5-12.fc15 [1] which drops upstart-sysvinit and
should
hit rawhide soon.
[1] http://lists.fedoraproject.org/pipermail/devel/2010-October/144375.html
appreciated.
Regards,
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
On 07/07/2010 10:29 PM, Tom "spot" Callaway wrote:
> [plautrba] finger: finger-server-0.17-39.fc12.x86_64
Fixed and built for Rawhide.
Petr
--
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
> And a bonus question, as I work now for the upstream developer of
> syslog-ng: what was the reason for dropping syslog-ng from the distribution?
It's still there, see https://admin.fedoraproject.org/pkgdb/acls/name/syslog-ng
Regards,
Petr
--
Petr Lautrbach, Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
63 matches
Mail list logo