Sunday February 28th 2021 - Update issue with packman inode mirror
There are issues with the inode mirror, please configure an alternative mirror. See http://packman.links2linux.org/mirrors
Saturday March 3rd 2021 - Missing Packman Tumbleweed Packages
There are issues with package signing since the move last week and these packages have disappeared from the mirrors, see https://lists.links2linux.de/pipermail/packman/2021-March/016623.html for more information... ETA for fix 3/10 or 3/11.
-
 Re: SELinux
AHA! Yes, 'sestatus' gave me the same thing.
-
 Re: SELinux
 Sorry but I simply LOVED the Aha thing......
-
Re: SELinux
rofl...thanks
-
 Re: SELinux
Looked at the whole log messages but see no hint to the start or fail of SE linux. Anybody knows if SElinux is compatible with the PAE kernel?
If yes, where can I see (log files) when SElinux should be loaded?
/bin/mount /root/proc
What am I telling in boot-sh exactly?
I am "moving a device node". But what does this actually mean in this context?
Thanks for sharing your knowledge.
and actually at the end I do
cd /root
umount /proc
So why do I first mount and then umount /root/proc???
-
Re: SELinux
idk if this helps at all, but through the power of Google I found an interesting tidbit from the changelog of the 2.6.29.5 kernel (http://www.kernel.org/pub/linux/kern...geLog-2.6.29.5):
" SELinux: BUG in SELinux compat_net code
This patch is not applicable to Linus's tree as the code in question has
been removed for 2.6.30. I'm sending in case any of the stable
maintainers would like to push to their branches (which I think anything
pre 2.6.30 would like to do).
Ubuntu users were experiencing a kernel panic when they enabled SELinux
due to an old bug in our handling of the compatibility mode network
controls, introduced Jan 1 2008 effad8df44261031a882e1a895415f7186a5098e
Most distros have not used the compat_net code since the new code was
introduced and so noone has hit this problem before. Ubuntu is the only
distro I know that enabled that legacy cruft by default. But, I was ask
to look at it and found that the above patch changed a call to
avc_has_perm from if(send_perm) to if(!send_perm) in
selinux_ip_postroute_iptables_compat(). The result is that users who
turn on SELinux and have compat_net set can (and oftern will) BUG() in
avc_has_perm_noaudit since they are requesting 0 permissions."
I'm using kernel 2.6.27, so this patch wouldn't affect (or would it?) openSUSE 11.1 (what I'm using).
-
Re: SELinux
Noop. As it says: "Ubuntu is the only
distro I know that enabled that legacy cruft by default."
I do not think this is the issue. Maybe the config step (when we just paste what should be the content) is the problem. Maybe config "should" be already ok and no copy and paste should be necessary?
In all cases, seen the low participation I would think that people openSUSE user have no big interest in security, or if they have, like us, only little preparation. I tried now for 6 month to make the howto for encrypted root work for my notebook (with /boot on usb-key). Not possible, not even a bit. And the participation to the thread was nil. 30000 very (in)active members.....I would say. 
-
Re: SELinux
SELinux is quite a difficult subsystem to configure, even on distros where it's native, like Fedora and RHEL. It's useful for increasing security for servers, but it does little for desktop users. Desktop users would spend their time better making sure their packages are up-to-date, particularly for Mozilla products, and acroread. And of course, not much can be done in software about PEBKAC.
-
Re: SELinux
 Originally Posted by ken_yap
SELinux is quite a difficult subsystem to configure, It's useful for increasing security for servers, but it does little for desktop users. Desktop users would spend their time better making sure their packages are up-to-date, particularly for Mozilla products, and acroread. .
You are correct, it IS difficult to configure. Guess what, that is why I am here. Surprised? I would rather write IMHO when you make such statements. And then, I am a desktopuser. So if we want our desktopuser to acquire the skills to get their sever one day (in safety) maybe we do better not think in this "classy" way, right? It's all about knowledge and the will of sharing IMHO. Am I wrong?
Originally Posted by ken_yap
And of course, not much can be done in software about PEBKAC.
I guess you do speak here about yourself?
-
Re: SELinux
I'm only pointing out that most of the users here are desktop users which is why there is little interest in SELinux or Apparmor for that matter. People here are more likely to ask questions about getting wireless or sound or media playing working.
If you want to learn to configure a server with SELinux, there are forums for that. Since SELinux is a feature of the kernel, it doesn't matter what distro you are using. So look further afield for the information you need, there is even a SELinux mailing list I'm sure. And of course nothing is stopping you from experimenting with your own machine.
Sorry, but if you are frustrated that you don't know how to find the information you need, no need to be rude, don't take it out on me. 
-
Re: SELinux
You will need to enable SELinux in kernel & recompile it since SUSE kernels, IIRC, have SELinux disabled
Tags for this Thread
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
| | 
