Hello all, I was recently trying to dig into a selinux denial issue in stage koji and noticed that the setroubleshoot-server package was not installed. This provides some things that make troubleshooting selinux pretty easy as outlined in dwalsh's blog post[0] and it doesn't appear to pull in much in the way of dependencies.
$ sudo yum install setroubleshoot-server Password+Token: builder-infrastructure | 2.9 kB 00:00:00 epel | 4.4 kB 00:00:00 infrastructure | 2.9 kB 00:00:00 rhel7-base | 2.9 kB 00:00:00 rhel7-dvd | 4.1 kB 00:00:00 rhel7-extras | 2.9 kB 00:00:00 rhel7-ha | 2.9 kB 00:00:00 rhel7-optional | 2.9 kB 00:00:00 infrastructure/7Server/x86_64/primary_db | 151 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package setroubleshoot-server.x86_64 0:3.2.17-4.1.el7_1 will be installed --> Processing Dependency: systemd-python >= 206-1 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: setroubleshoot-plugins >= 3.0.14 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: pygobject2 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Running transaction check ---> Package pygobject2.x86_64 0:2.28.6-11.el7 will be installed ---> Package setroubleshoot-plugins.noarch 0:3.0.59-1.el7 will be installed ---> Package systemd-python.x86_64 0:208-20.el7_1.2 will be installed --> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================== Package Arch Version Repository Size ===================================================================================================================== Installing: setroubleshoot-server x86_64 3.2.17-4.1.el7_1 rhel7-base 342 k Installing for dependencies: pygobject2 x86_64 2.28.6-11.el7 rhel7-base 226 k setroubleshoot-plugins noarch 3.0.59-1.el7 rhel7-base 586 k systemd-python x86_64 208-20.el7_1.2 rhel7-base 90 k
Transaction Summary ===================================================================================================================== Install 1 Package (+3 Dependent packages)
Total download size: 1.2 M Installed size: 7.4 M
Just thought I'd throw it out there and see what others thought of it.
Thank you, -AdamM
Not sure it's a good idea to add more always running daemons. But could be the right move to install it by default on staging boxes.
-Toshio
On Tue, Apr 28, 2015 at 8:17 AM, Adam Miller maxamillion@fedoraproject.org wrote:
Hello all, I was recently trying to dig into a selinux denial issue in stage koji and noticed that the setroubleshoot-server package was not installed. This provides some things that make troubleshooting selinux pretty easy as outlined in dwalsh's blog post[0] and it doesn't appear to pull in much in the way of dependencies.
$ sudo yum install setroubleshoot-server Password+Token: builder-infrastructure | 2.9 kB 00:00:00 epel | 4.4 kB 00:00:00 infrastructure | 2.9 kB 00:00:00 rhel7-base | 2.9 kB 00:00:00 rhel7-dvd | 4.1 kB 00:00:00 rhel7-extras | 2.9 kB 00:00:00 rhel7-ha | 2.9 kB 00:00:00 rhel7-optional | 2.9 kB 00:00:00 infrastructure/7Server/x86_64/primary_db | 151 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package setroubleshoot-server.x86_64 0:3.2.17-4.1.el7_1 will be installed --> Processing Dependency: systemd-python >= 206-1 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: setroubleshoot-plugins >= 3.0.14 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: pygobject2 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Running transaction check ---> Package pygobject2.x86_64 0:2.28.6-11.el7 will be installed ---> Package setroubleshoot-plugins.noarch 0:3.0.59-1.el7 will be installed ---> Package systemd-python.x86_64 0:208-20.el7_1.2 will be installed --> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================== Package Arch Version Repository Size ===================================================================================================================== Installing: setroubleshoot-server x86_64 3.2.17-4.1.el7_1 rhel7-base 342 k Installing for dependencies: pygobject2 x86_64 2.28.6-11.el7 rhel7-base 226 k setroubleshoot-plugins noarch 3.0.59-1.el7 rhel7-base 586 k systemd-python x86_64 208-20.el7_1.2 rhel7-base 90 k
Transaction Summary
Install 1 Package (+3 Dependent packages)
Total download size: 1.2 M Installed size: 7.4 M
Just thought I'd throw it out there and see what others thought of it.
Thank you, -AdamM
[0] - http://danwalsh.livejournal.com/65777.html _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Tue, Apr 28, 2015 at 10:29 AM, Toshio Kuratomi a.badger@gmail.com wrote:
Not sure it's a good idea to add more always running daemons. But could be the right move to install it by default on staging boxes.
I was under the impression that it was refactored a while back to not always run as it did in the RHEL5-ish time frame, but instead be spawned as needed via dbus messages. I could be mistaken but thought I'd mention that both 'systemctl list-units' and 'systemctl list-unit-files' do not list an entry for setroubleshoot and there doesn't appear to be an init script listed in /etc/init.d/ either.
I'd be perfectly happy if it was just in the staging environment but wanted to point that out.
Thanks, -AdamM
-Toshio
On Tue, Apr 28, 2015 at 8:17 AM, Adam Miller maxamillion@fedoraproject.org wrote:
Hello all, I was recently trying to dig into a selinux denial issue in stage koji and noticed that the setroubleshoot-server package was not installed. This provides some things that make troubleshooting selinux pretty easy as outlined in dwalsh's blog post[0] and it doesn't appear to pull in much in the way of dependencies.
$ sudo yum install setroubleshoot-server Password+Token: builder-infrastructure | 2.9 kB 00:00:00 epel | 4.4 kB 00:00:00 infrastructure | 2.9 kB 00:00:00 rhel7-base | 2.9 kB 00:00:00 rhel7-dvd | 4.1 kB 00:00:00 rhel7-extras | 2.9 kB 00:00:00 rhel7-ha | 2.9 kB 00:00:00 rhel7-optional | 2.9 kB 00:00:00 infrastructure/7Server/x86_64/primary_db | 151 kB 00:00:00 Resolving Dependencies --> Running transaction check ---> Package setroubleshoot-server.x86_64 0:3.2.17-4.1.el7_1 will be installed --> Processing Dependency: systemd-python >= 206-1 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: setroubleshoot-plugins >= 3.0.14 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Processing Dependency: pygobject2 for package: setroubleshoot-server-3.2.17-4.1.el7_1.x86_64 --> Running transaction check ---> Package pygobject2.x86_64 0:2.28.6-11.el7 will be installed ---> Package setroubleshoot-plugins.noarch 0:3.0.59-1.el7 will be installed ---> Package systemd-python.x86_64 0:208-20.el7_1.2 will be installed --> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================== Package Arch Version Repository Size ===================================================================================================================== Installing: setroubleshoot-server x86_64 3.2.17-4.1.el7_1 rhel7-base 342 k Installing for dependencies: pygobject2 x86_64 2.28.6-11.el7 rhel7-base 226 k setroubleshoot-plugins noarch 3.0.59-1.el7 rhel7-base 586 k systemd-python x86_64 208-20.el7_1.2 rhel7-base 90 k
Transaction Summary
Install 1 Package (+3 Dependent packages)
Total download size: 1.2 M Installed size: 7.4 M
Just thought I'd throw it out there and see what others thought of it.
Thank you, -AdamM
[0] - http://danwalsh.livejournal.com/65777.html _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
On Tue, 28 Apr 2015 10:38:37 -0500 Adam Miller maxamillion@fedoraproject.org wrote:
On Tue, Apr 28, 2015 at 10:29 AM, Toshio Kuratomi a.badger@gmail.com wrote:
Not sure it's a good idea to add more always running daemons. But could be the right move to install it by default on staging boxes.
I was under the impression that it was refactored a while back to not always run as it did in the RHEL5-ish time frame, but instead be spawned as needed via dbus messages. I could be mistaken but thought I'd mention that both 'systemctl list-units' and 'systemctl list-unit-files' do not list an entry for setroubleshoot and there doesn't appear to be an init script listed in /etc/init.d/ either.
I'd be perfectly happy if it was just in the staging environment but wanted to point that out.
Yeah, seems like it might be nice to install in stg always... since thats where we should be working out any selinux issues.
kevin
On Tue, Apr 28, 2015 at 4:38 PM, Adam Miller maxamillion@fedoraproject.org wrote:
On Tue, Apr 28, 2015 at 10:29 AM, Toshio Kuratomi a.badger@gmail.com wrote:
Not sure it's a good idea to add more always running daemons. But could be the right move to install it by default on staging boxes.
I was under the impression that it was refactored a while back to not always run as it did in the RHEL5-ish time frame, but instead be spawned as needed via dbus messages. I could be mistaken but thought I'd mention that both 'systemctl list-units' and 'systemctl list-unit-files' do not list an entry for setroubleshoot and there doesn't appear to be an init script listed in /etc/init.d/ either.
Well being a systemd world now it would be in /usr/lib/systemd/system and if it was an enabled service linked from somewhere in the /etc/systemd/system directory structure depending on the target.
But as you correctly say it's dbus controlled with appropriate service files in /usr/share/dbus-1/system-services
Peter
infrastructure@lists.fedoraproject.org
-
Adam Miller -
Kevin Fenzi -
Peter Robinson -
Toshio Kuratomi