Hello, I am having some difficulty getting NFS to work on my Core 7 (2.6.22.1-33.fc7) box, wondering if I have missed something obvious. I have edited the /etc/exports file, and when I attempt to restart the nfs demon I get the following: [root@scully etc]# vi exports [root@scully etc]# service nfs reload [root@scully etc]# service nfs status rpc.mountd is stopped nfsd is stopped rpc.rquotad is stopped [root@scully etc]# service nfs start Starting NFS services: [ OK ] Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp). [FAILED] Starting NFS daemon: at which point it hangs and I have to kill the command from a new shell. I have seen conflicting references online regarding this error, stating that portmap must be started first, and also that portmap is deprecated in fc7. What else should I look at?

Hello What is the way to find out if any are connected to a vnc session? w or who does not tell? Henning Larsen -- fedora-list mailing list fedora-list(a)redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list

Hi, I would check for established VNC connections this way: netstat -tape | grep ESTABLISHED | grep Xvnc As for warning connected users. If you see there is an established vnc session on port 5902, you could simply do: export DISPLAY=:2.0; xmessage -center -timeout 60 -file shutdown.txt > /dev/null 2>&1

You could create a list of established connections, translate it to active displays (5902 -> 2.0 | 5903 -> 3.0 ...) and send out a message. Hope it helps Olivier

Hi, 1. "How can I determine what the user responds, is there errorlevels or anything like that?" You can check for the exit status of the xmessage command 2. "What is the reason for doing ' > /dev/null 2>&1'" It redirects any standard out and standard error to oblivion Let's say you have a vnc session on port 5902. You want a script that checks if there's a session and display a message to the user. And you want to know if the user read the message. Here's what you could do. (you'll have to adapt and add a loop in there if you have several vnc sessions) Edit the linux user's ~/.vnc/xstartup and add an "xhost +" in it. Otherwise you will not be able to display the message. Use a script similar to this one: (of course, you will adapt and enhance) #!/usr/bin/env bash netstat -tape | grep ESTABLISHED | grep Xvnc | awk '{print $4}' | awk -F ":" '{print $2}' > log-ports for user in `cat log-ports` do case $user in 5902) export DISPLAY=:2.0; xmessage -buttons "I understand":10 -center -timeout 60 -file testmsg > /dev/null 2>&1 [ $? -eq 10 ] \ && echo "$user acknowledged!" \ || echo "No answer from $user!" ;; esac done The user connected to 5902 will get a windowed message with a "I understand" button. If he clicks on it, you'll know. If he doesn't, it'll time out after 60 seconds and return an exit status of 0 (zero): you'll know too . Hope it helps, Olivier

Hello I get an alert from selinux, telling me to do: 'setsebool -P samba_export_all_ro=1' I did, but still cannot connect to the share from a other pc's. Do I have to reboot? ps. all booleans for samba is selected in selinux administration. Henning Larsen

Hello On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote: > On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar(a)start.no&gt; wrote: > > Hello > > > > I get an alert from selinux, telling me to do: > > > > 'setsebool -P samba_export_all_ro=1' > > > > I did, but still cannot connect to the share from a other pc's. > > Do I have to reboot? > > > > ps. all booleans for samba is selected in selinux administration. > > > > Henning Larsen > > > Are you still getting alerts? > After doing that setsebool -P samba.... I still get alerts, but I found one solution via google, like this: # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp This removes the alert, but I think it not is the proper way. Maybe it is a bug?. If so, how do I remove the modification I have made, when the bug is fixed? Thanks for helping.

On Thu, 2008-01-31 at 11:32 -0600, Arthur Pemberton wrote: > On Jan 31, 2008 11:22 AM, Henning Larsen <hennlar(a)start.no&gt; wrote: > > Hello > > On Thu, 2008-01-31 at 11:14 -0600, Arthur Pemberton wrote: > > > On Jan 31, 2008 4:08 AM, Henning Larsen <hennlar(a)start.no&gt; wrote: > > > > Hello > > > > > > > > I get an alert from selinux, telling me to do: > > > > > > > > 'setsebool -P samba_export_all_ro=1' > > > > > > > > I did, but still cannot connect to the share from a other pc's. > > > > Do I have to reboot? > > > > > > > > ps. all booleans for samba is selected in selinux administration. > > > > > > > > Henning Larsen > > > > > > > > > Are you still getting alerts? > > > > > After doing that setsebool -P samba.... I still get alerts, but I found > > one solution via google, like this: > > > > # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba > > # semodule -i mysamba.pp > > > > This removes the alert, but I think it not is the proper way. > > Maybe it is a bug?. > > If so, how do I remove the modification I have made, when the bug is > > fixed? > > > > Thanks for helping. > > > Its definitely not the proper way for a program as popular as Samba. I > have it running on a machine with SELinux myself so I know it works. > > Do you have setroubleshoot installed? It helps troubleshoot these > issues, often suggesting exactly what to do. and describing what > happened as much as possible. > > If you still have the full description of the issue, paste it here. If > we can't understand it, try the selinux mailing list. I do not have the full report, since it is gone, because what I did to get rid of the alert. I have setroubleshoot installed an it told me to do: 'setsebool -P samba_export_all_ro=1' I did, but it kept telling me to do the same thing. The share is ntfs on usb. I should try to share an ordinary filesystem, but the alert has gone after doing: # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp I do not know how to reverse this. btw, I can live with it since the alert has gone and I use enforcing mode. Thanks

btw, I can live with it since the alert has gone and I use enforcing mode.

my problem now is that I don't know how to reverse what I did to stop the alerts.

I got the alert back, here it is: ................ Summary SELinux is preventing the samba daemon from serving r/o local files to remote clients. Detailed Description SELinux has preventing the samba daemon (smbd) from reading files on the local system. If you have not exported these file systems, this could signals an intrusion.

On Fri, 2008-02-01 at 09:36 +1030, Tim wrote: > On Thu, 2008-01-31 at 19:02 +0100, Henning Larsen wrote: > > btw, I can live with it since the alert has gone and I use enforcing > > mode. > > Though, going by what you posted earlier using audit2allow, you've > probably disabled SELinux from doing anything about Samba. Enforcing no > rules isn't really enforcing SELinux... > > This is the same sort of thing as some firewall telling a user that the > firewall has blocked trojan from using the internet, and the user clicks > on allow access. You have to diagnose the fault, not just get rid of > the warning. > > -- > (This computer runs FC7, my others run FC4, FC5 & FC6, in case that's > important to the thread.) > > Don't send private replies to my address, the mailbox is ignored. > I read messages from the public lists. I did belive that too, my problem now is that I don't know how to reverse what I did to stop the alerts. Do you have an answer to that?

btw. my router is firewalled against samba, so there is no big security issue. Henning Larsen

After doing that setsebool -P samba.... I still get alerts, but I found one solution via google, like this: # grep fusefs_t /var/log/audit/audit.log | audit2allow -M mysamba # semodule -i mysamba.pp This removes the alert, but I think it not is the proper way

Added samba_share_fusefs boolean to selinux-policy-3.2.7-4 in rawhide.