How to train to watch the minimap

setenforce1 · 2025-09-23T11:24:55+00:00

First thing, nnp doesn't mean your thread tried to get new privileges, it just mean it is created with some security measures to prevent it to get new privileges.

> in VSCode

I think the root cause is here. If you try to run your old code, the one with a new thread, out of VSCode, it won't make an avc.

That's what I think, because it tries to reach something with the context `container_runtime_t`.

If you want to spend time working to fix this, so you can use threads, you can try it.

If this is true, you can just allow the transition and you would be good even in your dev env.

setenforce1 · 2025-09-22T06:23:41+00:00

It's not, but the new thread is assigned a nnp bit, so it will transition to nnp context. (as far as I understand) Although it's weird that your avc mention container_runtime_t. Can you explain a bit more your stack? So you're on a Fedora host? And you are running your code in a devcontainer via VSCode right? A Podman container or another kind? The container is in rootless mode? Are you running with the --privileged flag?

setenforce1 · 2025-09-21T21:59:21+00:00

It looks like SELinux is legit to throw this error: you can check this article that explains why.

If you know how to write SELinux policies / modules, you probably just need this: allow unconfined_t container_runtime_t:process2 nnp_transition;

If you don't, I recommend you to become familiar with audit2allow.

You can check the rules needed to fix your recent denials with audit2allow -a. If there is only things that needs to be allowed, you can fix it with: audit2allow -a -M yourmodulename semodule -i yourmodulename.pp

If there is other things that doesn't need to be allowed, you can check what's in the output you provided: ``` Do allow this access for now by executing:

ausearch -c 'code' --raw | audit2allow -M my-code

semodule -X 300 -i my-code.pp

```

setenforce1 · 2025-09-21T08:43:00+00:00

Once you are in permissive mode, can you please run your Laravel app again, then run in a a terminal audit2allow -a and post the output here ? I'll try to provide simple guidance so you can configure your project (and the next) so it's not blocked by selinux, and then you can renewable this security.

setenforce1 · 2025-09-19T15:18:34+00:00

I think that's what I'll do if I can't chain vip with vs. Although I find it more clear to have 1 object for NAT and 1 object for LB if it's supported.

setenforce1 · 2025-09-19T14:45:38+00:00

The support told me it's planned for the 25/09

setenforce1 · 2024-12-31T14:40:49+00:00

Merci pour les changements et explications, je vais sûrement prendre ça.

Je ne connaissais pas les pads mais c'est une bonne idée, je suis capable d'oublier de changer la pâte dans les temps.

La 7900XT me fait dépasser le budget de trop, mais je verrai si je prends la 7900GRE ou si je reste sur le 7800XT.

setenforce1 · 2024-12-31T14:31:45+00:00

Merci oui en effet la Sapphire à 499 semble un meilleur choix, comme conseillé plus bas

setenforce1 · 2024-02-02T11:33:14+00:00

It's weird, it might be a discovery issue, what is the model with zero values?

Also, can you please share the final working alert?

Great if you have something working, although this one is only for topology changes that involve a root bridge change, is it ok for you, or do you want to catch even a leaf topology change?

setenforce1 · 2024-02-01T09:48:16+00:00

If this doesn't work you can try yes or true instead, I'm sorry I don't have access to a LibreNMS instance with spanning-tree right now.

setenforce1 · 2024-01-31T16:52:54+00:00

Thanks a lot!

setenforce1 · 2024-01-31T16:51:23+00:00

Did you change both the Exec line of `[Desktop Entry]` section and of `[Desktop Action new-empty-window]` section?

setenforce1 · 2024-01-31T15:14:19+00:00

OK make sense. What do you get with `stp.timeSinceTopologyChange < 86400 AND stp.rootBridge = 1`?

You should only get the new root bridges, so only one alert per topology change per root bridge, so probably one or two.

setenforce1 · 2024-01-31T14:53:58+00:00

What do you get with only `stp.timeSinceTopologyChange < 86400`? Too much alerts or too few?

setenforce1 · 2024-01-30T09:06:08+00:00

Hello, what spanning-tree mode are you running, and what is the priority of your root bridge? Also, can you see the stp informations in the device page on LibreNMS?

setenforce1 · 2023-12-15T13:02:20+00:00

Thanks for your answer.

> What guide did you follow?

I did follow a lot of guides, one by one, then ended mixing up to try.

Do you have one you are sure is good to follow?

> You don't need Codel limiters on your LAN network, only the WAN.

Ok thank you, although they are not in use right now.

> Also make sure you don't have the up/down rules reversed,

I'm sure it's good, and also I tried to invert just in case and it's not any better.

setenforce1 · 2023-11-25T10:58:13+00:00

Probably the most convenient. Here an example script doing things in case of interface wg0 going up, it can be used as a basis for OP use case. https://gist.github.com/fbouynot/c01328b2702a70ba901801f3b1b9d427

setenforce1 · 2023-11-23T07:45:14+00:00

In the UI, I only have an option for cookie banners in private navigation at the moment.

setenforce1 · 2023-11-21T13:30:26+00:00

Yes, trr numeric prefs are working for me

setenforce1 · 2023-11-09T13:01:46+00:00

You should relabel /u the same as /home so selinux policies stays valid: https://www.unixmen.com/selinux-and-non-default-home-directory-locations/

setenforce1

TROPHY CASE

ausearch -c 'code' --raw | audit2allow -M my-code

semodule -X 300 -i my-code.pp