LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

June 2016

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS June 2016

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
From:	David Sommerseth <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Thu, 30 Jun 2016 10:21:20 +0200
Content-Type:	text/plain
Parts/Attachments:	text/plain (180 lines)

On 29/06/16 17:21, jdow wrote:
> Nonsense.
> 
> Haven't met a distro yet that has SELinux correctly setup from the
> gitgo. It still doesn't completely like samba on my 6.6 install, for
> example. I had to make some "fake" changes to get something else rather
> pedestrian to work. (It's in the archives some time back with projected
> fix pushed all the way out to 6.7.)

Have you filed any bugzillas for these issues?

I'm really curious what you do which causes this.  I've been running
both Samba and NFS without issues - well, yes, I sometimes had to flip a
SELinux boolean or two, or perhaps adding a new file path so files got
labelled correctly as the paths were not standard paths.  But that's
usually a 3 minute fix.  This is even on SL6.x.


--
kind regards,

David Sommerseth




> On 2016-06-29 03:12, David Sommerseth wrote:
>> On 29/06/16 10:00, Bill Maidment wrote:
>>> My final attempt was successful, sort of.
>>> I switched SElinux to enabled and rebooted, then the install worked OK.
>>> Then I had to use a live CD to be able to boot, changed SElinux to
>>> disabled, and reboot again.
>>> Then I had to us lpoptions to set the default parameters as the CUPS
>>> gui tool refused to change anything.
>>> Phew. What a tortuous route.
>>> Back to sleep now.........
>>
>> <rant>
>>
>> Let this be an example why NOT to disable SELinux.  SELinux has been (if
>> my memory serves me right) available since Fedora 6 (released in 2006)
>> and RHEL *4*!  I believe it was turned on by default in Fedora 8 and
>> RHEL 5.  And in RHEL 6 you could no longer disable SELinux at install
>> time.
>>
>> SELinux is not the obstacle it once was over a decade ago.  So if you
>> have issues when it is enabled, learn to use the proper tools to debug
>> and fix it correctly.  (audit2why, audit2allow, semanage, restorecon,
>> etc, etc)
>>
>> Disabling SELinux is in 2016 *not* a solution and can barely be
>> considered a workaround.
>>
>> Refusing to to use, accept and learn SELinux will serve you no good in
>> the long run.
>>
>> Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS
>> installations and versions over the last 8-9 years.  In SL7 SELinux have
>> not bitten me much at all (only one issue with logrotate on servers
>> running Zimbra Collaboration Suite, that's all).   I have the last 6-7
>> years never needed to disable SELinux to accomplish my tasks.  Yes, I've
>> put systems into permissive modes to see if SELinux was to blame, but
>> mostly that was not the issue.
>>
>> So if you are badly hit by SELinux troubles, you need to look into if
>> you or the software you use are doing the right things.
>>
>> </rant>
>>
>>
>> -- 
>> kind regards,
>>
>> David Sommerseth
>>
>>
>>>
>>> -----Original message-----
>>>> From:Bill Maidment <[log in to unmask]>
>>>> Sent: Wednesday 29th June 2016 16:34
>>>> To: Akemi Yagi <[log in to unmask]>; SL Users
>>>> <[log in to unmask]>
>>>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother
>>>> HL-3150CDN printer driver
>>>>
>>>> Well I've heard back from Brother and they suggest that my SElinux
>>>> set up has a problem. They recommended that I do
>>>> semodule -vR
>>>> This gave me exactly the same error messages. Then I did semodule
>>>> -vB which worked OK, but repeating semodule -vR still gives
>>>>
>>>> [root@ferguson src]# semodule -vB
>>>> Committing changes:
>>>> Ok: transaction number 0.
>>>> [root@ferguson src]# semodule -vR
>>>> SELinux:  Could not downgrade policy file
>>>> /etc/selinux/targeted/policy/policy.29, searching for an older version.
>>>> SELinux:  Could not open policy file <=
>>>> /etc/selinux/targeted/policy/policy.29:  No such file or directory
>>>> /sbin/load_policy:  Can't load policy:  No such file or directory
>>>> libsemanage.semanage_reload_policy: load_policy returned error code
>>>> 2. (No such file or directory).
>>>> [root@ferguson src]#
>>>>
>>>> This is happening on two different SL 7.2 machines with SElinux
>>>> installed but disabled.
>>>>
>>>> I even tried uninstalling selinux* but that got me into deeper trouble.
>>>>
>>>> [root@ferguson src]# rpm -qv selinux-policy
>>>> selinux-policy-3.13.1-60.el7_2.7.noarch
>>>>
>>>> Is there an issue with this version of selinux???
>>>>
>>>> Cheers
>>>> Bill
>>>>
>>>> -----Original message-----
>>>>> From:Bill Maidment <[log in to unmask]>
>>>>> Sent: Saturday 25th June 2016 17:26
>>>>> To: Akemi Yagi <[log in to unmask]>; SL Users
>>>>> <[log in to unmask]>
>>>>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother
>>>>> HL-3150CDN printer driver
>>>>>
>>>>> Thanks for the suggestion Akemi.
>>>>> Unfortunately, it made no difference.
>>>>> I'm awaiting comment from Brother, but I suspect they will say
>>>>> change to Ubuntu :-(
>>>>> Cheers
>>>>> Bill
>>>>>
>>>>> -----Original message-----
>>>>>> From:Akemi Yagi <[log in to unmask]>
>>>>>> Sent: Saturday 25th June 2016 1:10
>>>>>> To: SL Users <[log in to unmask]>
>>>>>> Subject: Re: SL7 CUPS/SELinux problem trying to install Brother
>>>>>> HL-3150CDN printer driver
>>>>>>
>>>>>> On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment <[log in to unmask]>
>>>>>> wrote:
>>>>>>> Has anyone any suggestions how to get a Brother HL-3150CDN
>>>>>>> printer driver installed on SL7.
>>>>>>> I have been trying to install using the Brother supplied
>>>>>>> installation script, which worked OK on SL6.
>>>>>>>
>>>>>>> With SL7 I get error messages such as:
>>>>>>> SELinux:  Could not downgrade policy file
>>>>>>> /etc/selinux/targeted/policy/policy.29, searching for an older
>>>>>>> version.
>>>>>>> SELinux:  Could not open policy file <=
>>>>>>> /etc/selinux/targeted/policy/policy.29:  No such file or
>>>>>>> directory /sbin/load_policy:  Can't load policy:  No such file or
>>>>>>> directory
>>>>>>>
>>>>>>> The file in question does exist, but I have selinux disabled anyway.
>>>>>>>
>>>>>>> SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4.
>>>>>>> Is that an issue?
>>>>>>> I guess the Brother script is a bit out of date as it was created
>>>>>>> in 2012.
>>>>>>>
>>>>>>> Any help would be appreciated.
>>>>>>>
>>>>>>> Cheers
>>>>>>> Bill Maidment
>>>>>>
>>>>>> Can you try reinstalling selinux-policy packages and see if that
>>>>>> fixes
>>>>>> the issue?
>>>>>>
>>>>>> yum reinstall selinux-policy\*
>>>>>>
>>>>>> Akemi
>>>>>>
>>>>>>
>>>>
>>>>
>>

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV