Point taken, David.
I'm just getting a bit lazy in my old age, and now it's a case of "Lazy folks take the most pains".
Adding to my bucket list:
92. Enable SElinux on all my servers.
-----Original message-----
> From:David Sommerseth <[log in to unmask]>
> Sent: Wednesday 29th June 2016 20:12
> To: Bill Maidment <[log in to unmask]>; Akemi Yagi <[log in to unmask]>; SL Users <[log in to unmask]>
> Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
>
> On 29/06/16 10:00, Bill Maidment wrote:
> > My final attempt was successful, sort of.
> > I switched SElinux to enabled and rebooted, then the install worked OK.
> > Then I had to use a live CD to be able to boot, changed SElinux to disabled, and reboot again.
> > Then I had to us lpoptions to set the default parameters as the CUPS gui tool refused to change anything.
> > Phew. What a tortuous route.
> > Back to sleep now.........
>
> <rant>
>
> Let this be an example why NOT to disable SELinux. SELinux has been (if
> my memory serves me right) available since Fedora 6 (released in 2006)
> and RHEL *4*! I believe it was turned on by default in Fedora 8 and
> RHEL 5. And in RHEL 6 you could no longer disable SELinux at install time.
>
> SELinux is not the obstacle it once was over a decade ago. So if you
> have issues when it is enabled, learn to use the proper tools to debug
> and fix it correctly. (audit2why, audit2allow, semanage, restorecon,
> etc, etc)
>
> Disabling SELinux is in 2016 *not* a solution and can barely be
> considered a workaround.
>
> Refusing to to use, accept and learn SELinux will serve you no good in
> the long run.
>
> Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS
> installations and versions over the last 8-9 years. In SL7 SELinux have
> not bitten me much at all (only one issue with logrotate on servers
> running Zimbra Collaboration Suite, that's all). I have the last 6-7
> years never needed to disable SELinux to accomplish my tasks. Yes, I've
> put systems into permissive modes to see if SELinux was to blame, but
> mostly that was not the issue.
>
> So if you are badly hit by SELinux troubles, you need to look into if
> you or the software you use are doing the right things.
>
> </rant>
>
>
> --
> kind regards,
>
> David Sommerseth
>
>
> >
> > -----Original message-----
> >> From:Bill Maidment <[log in to unmask]>
> >> Sent: Wednesday 29th June 2016 16:34
> >> To: Akemi Yagi <[log in to unmask]>; SL Users <[log in to unmask]>
> >> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
> >>
> >> Well I've heard back from Brother and they suggest that my SElinux set up has a problem. They recommended that I do
> >> semodule -vR
> >> This gave me exactly the same error messages. Then I did semodule -vB which worked OK, but repeating semodule -vR still gives
> >>
> >> [root@ferguson src]# semodule -vB
> >> Committing changes:
> >> Ok: transaction number 0.
> >> [root@ferguson src]# semodule -vR
> >> SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version.
> >> SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory
> >> /sbin/load_policy: Can't load policy: No such file or directory
> >> libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory).
> >> [root@ferguson src]#
> >>
> >> This is happening on two different SL 7.2 machines with SElinux installed but disabled.
> >>
> >> I even tried uninstalling selinux* but that got me into deeper trouble.
> >>
> >> [root@ferguson src]# rpm -qv selinux-policy
> >> selinux-policy-3.13.1-60.el7_2.7.noarch
> >>
> >> Is there an issue with this version of selinux???
> >>
> >> Cheers
> >> Bill
> >>
> >> -----Original message-----
> >>> From:Bill Maidment <[log in to unmask]>
> >>> Sent: Saturday 25th June 2016 17:26
> >>> To: Akemi Yagi <[log in to unmask]>; SL Users <[log in to unmask]>
> >>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
> >>>
> >>> Thanks for the suggestion Akemi.
> >>> Unfortunately, it made no difference.
> >>> I'm awaiting comment from Brother, but I suspect they will say change to Ubuntu :-(
> >>> Cheers
> >>> Bill
> >>>
> >>> -----Original message-----
> >>>> From:Akemi Yagi <[log in to unmask]>
> >>>> Sent: Saturday 25th June 2016 1:10
> >>>> To: SL Users <[log in to unmask]>
> >>>> Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
> >>>>
> >>>> On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment <[log in to unmask]> wrote:
> >>>>> Has anyone any suggestions how to get a Brother HL-3150CDN printer driver installed on SL7.
> >>>>> I have been trying to install using the Brother supplied installation script, which worked OK on SL6.
> >>>>>
> >>>>> With SL7 I get error messages such as:
> >>>>> SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version.
> >>>>> SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory
> >>>>>
> >>>>> The file in question does exist, but I have selinux disabled anyway.
> >>>>>
> >>>>> SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that an issue?
> >>>>> I guess the Brother script is a bit out of date as it was created in 2012.
> >>>>>
> >>>>> Any help would be appreciated.
> >>>>>
> >>>>> Cheers
> >>>>> Bill Maidment
> >>>>
> >>>> Can you try reinstalling selinux-policy packages and see if that fixes
> >>>> the issue?
> >>>>
> >>>> yum reinstall selinux-policy\*
> >>>>
> >>>> Akemi
> >>>>
> >>>>
> >>
> >>
>
>
|
