1 |
--- El vie, 4/13/12, Alain Toussaint <alain.toussaint@××××××××.ca> escribió: |
2 |
|
3 |
De: Alain Toussaint <alain.toussaint@××××××××.ca> |
4 |
Asunto: RE: [gentoo-hardened] emerge via ssh doesn't work |
5 |
A: gentoo-hardened@l.g.o |
6 |
Fecha: viernes, 13 de abril de 2012, 06:04 am |
7 |
|
8 |
Thanks, |
9 |
That did the trick but I feel I'm gonna need the selinux 101 guide to |
10 |
really understand how to handle a selinux system. For the moment, I hooked |
11 |
up a monitor on the server and installed many software that way but I also |
12 |
tried your instructions on the ppp daemon (for an ipsec vpn) and it |
13 |
installed fine while in a ssh session. |
14 |
|
15 |
Another question I had is; would you (or someone else in Gentoo.org) have a |
16 |
use for a howto on how to build a selinux enabled active directory system |
17 |
where all the users and administrative users are located in a samba 4 |
18 |
installation? (only root would have an account in /etc/passwd) |
19 |
|
20 |
Alain |
21 |
|
22 |
-----Message d'origine----- |
23 |
De : Sven Vermeulen [mailto:swift@g.o] |
24 |
Envoyé : 12 avril 2012 15:57 |
25 |
À : gentoo-hardened@l.g.o |
26 |
Objet : Re: [gentoo-hardened] emerge via ssh doesn't work |
27 |
|
28 |
On Thu, Apr 12, 2012 at 03:41:50PM -0400, Alain Toussaint wrote: |
29 |
> I am building a headless server and for the most part, |
30 |
> now that I have labelled everything (selinux), I am not able to |
31 |
> continue emerging software via ssh. I know that it is a security |
32 |
> features but is there something I can change in my setup or else, I’ll |
33 |
> need to get a monitor for the machine? |
34 |
|
35 |
Without the failure you get, it is not easy to tell you what to do, but my |
36 |
guess would be that, once you are logged on to the server, you are in the |
37 |
staff role: |
38 |
|
39 |
~# id -Z |
40 |
root:staff_r:staff_t |
41 |
|
42 |
In order to use Portage, you need to be in the system administration role, |
43 |
so first switch roles: |
44 |
|
45 |
~# newrole -r sysadm_r |
46 |
Password: <your root password> |
47 |
|
48 |
~# id -Z |
49 |
root:sysadm_r:sysadm_t |
50 |
|
51 |
Now you should be able to run emerge (and other administrative tasks). |
52 |
|
53 |
Wkr, |
54 |
Sven Vermeulen |
55 |
|
56 |
|
57 |
--------------------------- |
58 |
|
59 |
I would find the guide to samba active directory interesting reading, so +1 for me ;) |
60 |
|
61 |
Phill |