14 Mar
2025
14 Mar
'25
2:35 p.m.
Sometimes I'm just having one of those days.
But, I did get some good out of it :) Thanks for your comment.
I found out about Linux LSM's. Linux Security Modules for the Kernel. In addition to
SELinux, there are at least 4 others. I think I'll look into SMACK, Simplified
Manditory Access Control Kernel.
But it will take time. Or "when I get around to it."
I'm somewhat less motivated to get away from systemd. But I still may. I don't
see the motivation behind the changes. I had similar feeling years back in the code repo
world. I never did see the reason for svn and kind of ignored it. There was similar
pushback. And it had a few problems and didn't make it. rcs, cvs, svn, git. Git
seems to have some legs and will stick around. And it made changes that I valued and
could understand. Same for cvs.
Maybe something else will come along after systemd.
I am going to try to get the systemd unit I wrote to work and do what I want. Maybe
I'm doing something stupid.
On Thu, Mar 13, 2025 at 05:42:44PM -0700, bob r wrote:
Oh and
"Get off my lawn!"
😆😆😆
On March 13, 2025 12:53:45 PM Gary <saclug(a)garymcglinn.com> wrote:
Yes, that is systemd and more or less what I did.
It more or less
works, until SELinux crashes the party.
I'm OK with you "just add a ?.service file....." as being simple. But
then you just .. and you just ... after a certain number of steps, it's
not simple. In most cases, the .service file calls the executable and
they like a link from systemd/system directory to the .service file,
instead of putting it there.
So, you do what you suggest and your script dies because it needs the
firewall and the firewall hasn't started. So now you are adding another
just.... The documentation is not user friendly (by my standards, it
sucks), so you're off googling. And trying to figure out who has their
head in a place where the sun doesn't shine :) It's really bad, and I'm
mad as hell, and I'm not going to take it anymore LOL
Have you tried to write a systemd service/unit file?
It might not be hell on earth, but it is a lot more involved that just
adding a script in rc.local IMHO. And rc.local runs last, or ran last,
and everything else is already running, which is usually pretty nice.
On Thu, Mar 13, 2025 at 10:46:44AM -0700, bob r wrote:
> In Ubuntu, you just put a ?.service file in /usr/lib/systemd/system
> There are probably already some examples there that you can use to see how
> it's done. For example, when I run the tomcat 10 installation I get:
> /usr/lib/systemd/system/tomcat10.service
> which causes tomcat to start when I reboot.
>
> Then you have to run
> sudo systemctl daemon-reload
> Eventually you will see a copy of the file in
> /etc/systemd/system/multi-user.target.wants
> and your service will now run after you reboot ( or simply run sudo
> systemctl start <your_new_service_name>.service )
>
> Isn't this how it works on other flavors of linux?
>
>
>
>
>
>
>
> On Thu, Mar 13, 2025 at 9:31 AM Gary <saclug(a)garymcglinn.com> wrote:
>
> > Before, I could just add things to rc.local if I wanted them to run at
> > start up.According to the systemd docs, I should still be able to do that.
> >
> > According to the web, and my experience, it doesn't work.
> >
> > NP. I'll just make a systemd unit and do it right. There are 12
> > different kinds. Trying to read the docs and figure out what to do is
> > going to be fun. I just copy a template from the web that is suppose to do
> > what I want. There apparently aren't any tools to make this easier because,
> > "It's all really simple already." Conceptually, it does look
fairly
> > straightforward, if I had the info I needed. Which is probably there. I
> > just have to do a lot of reading and get a lot of religion.
> >
> > My executable runs and does what I want. Let's fire up the systemd
> > service and see what happens. Oh, SELinux happens.
> >
> > I haven't played with SELinux. Perhaps now is a good time to learn. I am
> > somewhat curious why the SELinux interface tells me a temporary workaround
> > and not a permanent fix. But, with what it does tell me, I figure I have
> > to learn about SELinux policies.
> >
> > Are you kidding me?
> >
> > I have to install an _devel package. I can follow the cookie cutter
> > script, which has 10 nontrivial steps. I start, but I don't get the
> > results that the script tells me I should. Since I don't know what I'm
> > doing, I have no idea if this will be a problem or not.
> >
> > There are only 10 or so man pages I need to read. I'm sure none of them
> > are short.
> >
> > How long has this stuff been around now?
> >
> > Am I missing something? Because it looks like something I stepped in once.
> >
> > We went from adding a line in a file, to all this. It is allegedly more
> > secure.But it looks to me that things could be a lot easier and someone
> > made a big mistake somewhere.
> >
> > I haven't decided how I'll proceed. I either turn off SELinux and
start
> > my stuff automatically. Or keep starting it manually, as I do now. It's
> > on a box I like to keep secure, so there is that.
> >
> > Is there a way out or around that I have missed?
> > _______________________________________________
> > Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
> > To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com
> >
_______________________________________________
Lug-nuts mailing list -- lug-nuts(a)bigbrie.com
To unsubscribe send an email to lug-nuts-leave(a)bigbrie.com