how to troubleshoot SELinux when auditd won't start?
I'm running into an issue where SELinux is preventing auditd from starting. But I can't figure out exactly what SELinux is not happy about since without auditd, I can't look for AVC messages. I think SELinux is blocking auditd from starting up because auditd starts up once I do 'setenforce 0'. Any advice? Bond ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: how to troubleshoot SELinux when auditd won't start?
On Sun, Oct 18, 2015 at 01:19:00AM -0700, Bond Masuda wrote: > I'm running into an issue where SELinux is preventing auditd from > starting. But I can't figure out exactly what SELinux is not happy about > since without auditd, I can't look for AVC messages. I think SELinux is > blocking auditd from starting up because auditd starts up once I do > 'setenforce 0'. If auditd is not running the avc's go into dmesg. dmesg | grep avc will show any. -- Jason ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
I added openssl to libselinux to support the new selabel_digest(3) function. I'm not aware of any issues between openssl and gnutls, however as selabel_digest was only added last week I guess not much testing. Well apart from myself as I'm currently adding the selinux_restorecon feature that makes use of it. > On Saturday, 17 October 2015, 11:55, Dominick Grift> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > if so, would gnutls be affected in some way? > > - -- > 02DFF788 > 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 > https://sks-keyservers.net/pks/lookup?op=get=0x314883A202DFF788 > Dominick Grift > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQGcBAEBCgAGBQJWIiiTAAoJENAR6kfG5xmcDecL/3X2VRp3dR0UXDQSXAayD9P+ > BEz+hJ9rhZTMoBdiDWvYVpsCVUL6ASIkKocGSvdV5cDfFPOs+wu3t8Xwo+KgNJqy > rMoPGm4QwkZyw9T3lzSMU6oE7l99FiQMDO3I41iDx52GQr+dvSoTHs5eRlU6ldyk > M9dSBIa/p9noQu3xCCWh8wVZSCLTC5b4PiCPwenyAecVZ3tJf7EOZssM4j7FPxnB > ropmU7MGauYUImBbVHFLcBWULIRo8Awwqadcnne4sxugPeFH332HeRcgUKCHGiQU > wovjWgGAKn/oC3tTTW9Tmo8F9rRC33BzP9P7p25MvMFiXPchid/iJiQG7k++qk/g > 9+p3vkhqvavff1eDG5pDKOh8hA+pcIzng91/NDGh5+8D+o1uvNxPPyQFHOhnn24p > DhxRk2uD5oiiB7o85Yh3ZubmWLR6UiI/SiNsm9POSEr0QH+ePdg/fSuKGKHxoeF0 > DfZuIh4ZorjIQU4oGG+zg+kKB3XNwZph2UtshjUPEQ== > =mhIs > -END PGP SIGNATURE- > ___ > Selinux mailing list > Selinux@tycho.nsa.gov > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > To get help, send an email containing "help" to > selinux-requ...@tycho.nsa.gov. > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sun, Oct 18, 2015 at 12:48:12PM +, Richard Haines wrote: > I added openssl to libselinux to support the new selabel_digest(3) > function. > > I'm not aware of any issues between openssl and gnutls, however as > > selabel_digest was only added last week I guess not much testing. > Well apart from myself as I'm currently adding the selinux_restorecon > feature that makes use of it. > Thanks for clarifying, I am not hitting any issues with it just wondering if instead of openssl, gnutls could be used for this and if so, if this should be somehow supported or not. > > > > > > On Saturday, 17 October 2015, 11:55, Dominick Grift > >wrote: > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA512 > > > > if so, would gnutls be affected in some way? > > > > - -- > > 02DFF788 > > 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 > > https://sks-keyservers.net/pks/lookup?op=get=0x314883A202DFF788 > > Dominick Grift > > -BEGIN PGP SIGNATURE- > > Version: GnuPG v2 > > > > iQGcBAEBCgAGBQJWIiiTAAoJENAR6kfG5xmcDecL/3X2VRp3dR0UXDQSXAayD9P+ > > BEz+hJ9rhZTMoBdiDWvYVpsCVUL6ASIkKocGSvdV5cDfFPOs+wu3t8Xwo+KgNJqy > > rMoPGm4QwkZyw9T3lzSMU6oE7l99FiQMDO3I41iDx52GQr+dvSoTHs5eRlU6ldyk > > M9dSBIa/p9noQu3xCCWh8wVZSCLTC5b4PiCPwenyAecVZ3tJf7EOZssM4j7FPxnB > > ropmU7MGauYUImBbVHFLcBWULIRo8Awwqadcnne4sxugPeFH332HeRcgUKCHGiQU > > wovjWgGAKn/oC3tTTW9Tmo8F9rRC33BzP9P7p25MvMFiXPchid/iJiQG7k++qk/g > > 9+p3vkhqvavff1eDG5pDKOh8hA+pcIzng91/NDGh5+8D+o1uvNxPPyQFHOhnn24p > > DhxRk2uD5oiiB7o85Yh3ZubmWLR6UiI/SiNsm9POSEr0QH+ePdg/fSuKGKHxoeF0 > > DfZuIh4ZorjIQU4oGG+zg+kKB3XNwZph2UtshjUPEQ== > > =mhIs > > -END PGP SIGNATURE- > > ___ > > Selinux mailing list > > Selinux@tycho.nsa.gov > > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. > > To get help, send an email containing "help" to > > selinux-requ...@tycho.nsa.gov. > > - -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 https://sks-keyservers.net/pks/lookup?op=get=0x314883A202DFF788 Dominick Grift -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQGcBAEBCgAGBQJWI6edAAoJENAR6kfG5xmccrgL/i7kT1+kuuBjGBqGAVl3W+ri Zgx7NnPKslS+dcx9lAMR2nVwG9A7Suh58E/HaUQv4RkFkNiX3Xqv9gRsrw4baWqZ 7at3qy1F/daa9U4hC/SdPwuwpQZYbKhquyfN09YAOb06XR9OtVE1z0DgEqiS5y7f lWCiYyCUoqu6ifJYEpNVWDgxsdXykfLMsTSWPttEJAkFQHK0/E8/HA3DVxh81mhB h6vBcFzoAPAyUbWf8n7EfmEVP3JeCoxOyQi61/qVdNyDdYuisZPRM6rAppurR+30 AkGUj7U8YKbaBjhr4u0pOKcUx8/kYRYvkDenvcenuCALH+sGBdIK9ip/i9E5wjxJ k2HwiZb32t2wKfg3+MSkbfxgCgubErD7ZLMCC1x8TWDLbdonOISufZgal94GpCZf DyevvV30Ieo3yxwLQj4L8Z0PwfKPTedLhenw1ZjK1tQCgR8KNOaffpW53//Kpcwq 6qN87fA8cB+/fHDIUpaItm3b+vZeI9ElvG/06ruhAw== =+hHw -END PGP SIGNATURE- ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.
Re: did libselinux grow a new build dependency? (openssl-devel: openssl.h)
> On Sunday, 18 October 2015, 15:07, Dominick Grift> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On Sun, Oct 18, 2015 at 12:48:12PM +, Richard Haines wrote: >> I added openssl to libselinux to support the new selabel_digest(3) >> function. >> >> I'm not aware of any issues between openssl and gnutls, however as >> >> selabel_digest was only added last week I guess not much testing. >> Well apart from myself as I'm currently adding the selinux_restorecon >> feature that makes use of it. >> > > Thanks for clarifying, I am not hitting any issues with it just > wondering if instead of openssl, gnutls could be used for this and if > so, if this should be somehow supported or not. I tried using gnutls after I read your initial email, however I could not find a way to generate the same digest as openssl (I changed the SHA1 function to gnutls_hmac_fast(3) with various algorithms and used the selabel_digest util to compare digests). It could be that I should use some other function but I could not find any useful info on this (including web searches). If anyone knows how to resolve this please let me know. I guess what is supported (openssl or gnutls) would be down to the maintainers. >> >> >> >> >> > On Saturday, 17 October 2015, 11:55, Dominick Grift > wrote: >> > > -BEGIN PGP SIGNED MESSAGE- >> > Hash: SHA512 >> > >> > if so, would gnutls be affected in some way? >> > >> > - -- >> > 02DFF788 >> > 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 >> > > https://sks-keyservers.net/pks/lookup?op=get=0x314883A202DFF788 >> > Dominick Grift >> > -BEGIN PGP SIGNATURE- >> > Version: GnuPG v2 >> > >> > iQGcBAEBCgAGBQJWIiiTAAoJENAR6kfG5xmcDecL/3X2VRp3dR0UXDQSXAayD9P+ >> > BEz+hJ9rhZTMoBdiDWvYVpsCVUL6ASIkKocGSvdV5cDfFPOs+wu3t8Xwo+KgNJqy >> > rMoPGm4QwkZyw9T3lzSMU6oE7l99FiQMDO3I41iDx52GQr+dvSoTHs5eRlU6ldyk >> > M9dSBIa/p9noQu3xCCWh8wVZSCLTC5b4PiCPwenyAecVZ3tJf7EOZssM4j7FPxnB >> > ropmU7MGauYUImBbVHFLcBWULIRo8Awwqadcnne4sxugPeFH332HeRcgUKCHGiQU >> > wovjWgGAKn/oC3tTTW9Tmo8F9rRC33BzP9P7p25MvMFiXPchid/iJiQG7k++qk/g >> > 9+p3vkhqvavff1eDG5pDKOh8hA+pcIzng91/NDGh5+8D+o1uvNxPPyQFHOhnn24p >> > DhxRk2uD5oiiB7o85Yh3ZubmWLR6UiI/SiNsm9POSEr0QH+ePdg/fSuKGKHxoeF0 >> > DfZuIh4ZorjIQU4oGG+zg+kKB3XNwZph2UtshjUPEQ== >> > =mhIs >> > -END PGP SIGNATURE- >> > ___ >> > Selinux mailing list >> > Selinux@tycho.nsa.gov >> > To unsubscribe, send email to selinux-le...@tycho.nsa.gov. >> > To get help, send an email containing "help" to >> > selinux-requ...@tycho.nsa.gov. >> > > > - -- > 02DFF788 > 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 > https://sks-keyservers.net/pks/lookup?op=get=0x314883A202DFF788 > Dominick Grift > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iQGcBAEBCgAGBQJWI6edAAoJENAR6kfG5xmccrgL/i7kT1+kuuBjGBqGAVl3W+ri > Zgx7NnPKslS+dcx9lAMR2nVwG9A7Suh58E/HaUQv4RkFkNiX3Xqv9gRsrw4baWqZ > 7at3qy1F/daa9U4hC/SdPwuwpQZYbKhquyfN09YAOb06XR9OtVE1z0DgEqiS5y7f > lWCiYyCUoqu6ifJYEpNVWDgxsdXykfLMsTSWPttEJAkFQHK0/E8/HA3DVxh81mhB > h6vBcFzoAPAyUbWf8n7EfmEVP3JeCoxOyQi61/qVdNyDdYuisZPRM6rAppurR+30 > AkGUj7U8YKbaBjhr4u0pOKcUx8/kYRYvkDenvcenuCALH+sGBdIK9ip/i9E5wjxJ > k2HwiZb32t2wKfg3+MSkbfxgCgubErD7ZLMCC1x8TWDLbdonOISufZgal94GpCZf > DyevvV30Ieo3yxwLQj4L8Z0PwfKPTedLhenw1ZjK1tQCgR8KNOaffpW53//Kpcwq > 6qN87fA8cB+/fHDIUpaItm3b+vZeI9ElvG/06ruhAw== > =+hHw > > -END PGP SIGNATURE- > ___ Selinux mailing list Selinux@tycho.nsa.gov To unsubscribe, send email to selinux-le...@tycho.nsa.gov. To get help, send an email containing "help" to selinux-requ...@tycho.nsa.gov.