Assumes you have run something like the following
setenforce 0 && rm -f /var/log/audit/audit.log && touch /var/log/audit/audit.log && service auditd stop && service auditd start
Then recreated the avc denials (i.e systemctl restart haproxy if haproxy listens on an unusual port, curl http://localhost/example.php if your SQL database is a remote target etc)
cat /var/log/audit/audit.log | audit2allow -M local && semodule -i local.pp && setenforce 1
Then you should be able to repeat process 2 without avc denials. Edge cases might occur beyond simply restarting the daemon though so its worth simulating a workload for a few seconds in case some arbritrary subroutine causes a denial: example HAProxy logging to a NFS target = avc denial about 5 seconds after the restart.
Certainly less clumsy ways of doing it but this works well for my use case of short lived, usually single function VMs used for elastic scaling different worker pools on a large video sharing site. Very decent audit2allow tutorial here.
gpresult /H c:\target
attach to container
docker exec -it 402 /usr/bin/bash
Copy this into Chrome and enable it;
Happy new year, and to celebrate, here’s a link to a brand new High Sierra 0day that can be used to pwn all versions of MacOS as an unprivileged user.
Hacker News thread
This is an amazing hour of techno.
When you spin up a cloud VM at Google Compute or Digital Ocean there’s an option to specify user data, this is my goto script to update Debian and setup a 2G swapfile.
dd if=/dev/zero of=/swap bs=1M count=2048
chmod 600 /swap
echo "/swap swap swap defaults 0 0" >> /etc/fstab
apt -y upgrade
shutdown -r now
East Bay Times: It was bad enough that Federal Communications Commission Chairman Ajit Pai, a former Verizon lawyer, engineered the repeal of President Obama’s landmark rules prohibiting Internet Service Providers from blocking or slowing down the internet or giving preference for certain online …
If you’ve heard of Federal Communications Commission chair Ajit Pai, chances are it’s because he led the charge to gut the agency’s net neutrality protections. For more than a decade, FCC chairs from both parties sought to ban broadband providers from blocking or otherwise discriminating against …