Skip to content

VMWare Fusion port forwarding

I needed to forward port 2020 on my laptop to a VM for test

 sudo vi "/Library/Application Support/VMware Fusion/vmnet8/nat.conf"

Edit the [incomingtcp] stanza and add the port forward. 192.168.243.138 is the VM IP address.

[incomingtcp]
2020 = 192.168.243.138:2020

Restart VMware Fusion networking.

 sudo "/Library/Application Support/VMware Fusion/boot.sh" --restart
2010 06 14 admin Mac
VMWare Comments (0) Permalink

MacBook Pro VMWare xorg.conf for Fedora 10 Enforcing

2010 06 11 admin Uncategorized Comments (0) Permalink

Turning on MLS in Fedora 13 (v2)

Download Fedora 13 from http://fedoraproject.org/get-fedora
Boot and install a gnome desktop (I haven’t tested KDE).
Login and do the following:

 su -
 yum update
 yum install selinux-policy-mls policycoreutils-gui
 yum erase setroubleshoot-server
 sed -i -e "s/targeted/mls/" /etc/selinux/config
 touch /.autorelabel
 chkconfig mcstrans on
 reboot

Per Dan Walsh, setroubleshoot needs to be removed because sedispatch, a component of setroubleshoot-server runs at SystemHigh and can’t talk to the SystemLow system DBus, generating an endless stream of AVCs. After the reboot, login as root on a VT and

 semanage user -a -r SystemLow-SystemHigh -L SystemLow -R staff_r staff_u
 semanage login -a -s staff_u joe
 setsebool allow_execmem on
 newrole -r secadm_r
 rm -f /var/log/audit/audit.log
 reboot

Replace joe with your user name.

You can login as yourself through gdm at this point. The allow_execmem boolean allows firefox to work when run as staff_t.

2010 06 10 admin SELinux Comments (0) Permalink

Turning on MLS in Fedora 13

Download Fedora 13 from http://fedoraproject.org/get-fedora
Boot and install a gnome desktop (I haven’t tested KDE).
Login and do the following:

 su -
 yum update
 yum install selinux-policy-mls
 yum erase setroubleshoot-server
 sed -i -e "s/targeted/mls/" /etc/selinux/config
 touch /.autorelabel
 chkconfig mcstrans on
 reboot

sedispatch, a component of setroubleshoot-server generates an endless stream of AVCs (Bug 602502) that resemble

sedispatch avc


so I chose to remove it. After the reboot, login as root on a VT and

 semanage user -a -r SystemLow-SystemHigh -L SystemLow -R staff_r staff_u
 semanage login -a -s staff_u joe
 newrole -r secadm_r -l SystemHigh
 rm -f /var/log/audit/audit.log
 reboot

Replace joe with your user name.

You can login as yourself through gdm at this point. I tried to start firefox, but it died with a segmentation violation (Bug 602518).

Firefox dies

I’m pretty impressed that something so out of the mainstream works so well on a first try.

Tagged , ,
2010 06 10 admin SELinux Comments (0) Permalink