Ctrl blog discussions

I developed a very good method of fixing selinux problems.

When something is denied, clear the audit log file, try the same thing again, then run audit2why.

If you do it quick in that order you will only get the denied relevant to that problem and you can add them to policy with audit2allow.

I've create some shortcuts where I can run cAuditLog to clear the log, a2y to run audit2why on the audit log, and a2a to create a module with the output of a2y.

With time I've learned to modify the policies by hand, so when something else pops up, I can edit the policy and recompile it.

It becomes easy to understand with time. Virt-manager can't open an iso in your downloads folder? Try runing chcon -t virt_image_t <isoname>.

Virt manager wants to relable that image? Add it to the policy module by addin 'allow virtd_t xdg_downloads:file { relableto relabelfrom open read write }

do a setenforce 0 before anlizing the problem, clear the log, run the blocked action, fix your labels/policies, setenforce 1, try again.

Also create a folder called 'selinux-policies' and create a folder for each program you want to make a custom policy, for example libvirt folder, and then name your policies 'local_<program>' for example local_libvirt.te and local_libvirt.pp

When you want to check what local policies you have installed, you just need to run 'semodule -lfull | grep local'

This helped me make the file association work for Kate in Windows 11. Thanks

You saved me a lot of headache! On the newest RouterOS 7.19.6 importing existing config from Linux is still broken. I'm not 100% sure if this is exactly the same case as yours but deleting the peer created by importer and adding it back from console with just the "allowed-address" and "publick-key" instantly fixed the issue with which I have been fighting for six hours.

Ten years on and this is still a problem! I found this post trying to google around for a solution. The only games in my entire Steam library that use the Saved Games subdirectory are the "Enhanced edition" re-releases of the original S.T.A.L.K.E.R. trilogy. It's absurd.

Amazing! This article helped me to fully resolve this issue, unlike any other did, and, trust me, I looked at a lot. Thank you so much!

Thank you very much! It worked perfectly for Ubuntu 24.

Cloudflare is sooner or later a monopolist in terms of accessing websites. This was foreseeable for years. It just has too much power.

Because it is CDN for many websites or DDOS-Shield it presumably know what websites you visited.

Cite from the privacy policy:

> Our mission to help build a better Internet is rooted in the importance we place on establishing trust with our Customers, users, and the Internet community globally. To earn and maintain that trust, we commit to communicating transparently, providing security, and protecting the privacy of data on our systems.

>We keep your personal information personal and private. We will not sell or rent your personal information. We will only share or otherwise disclose your personal information as necessary to provide our Services or as otherwise described in this Policy, except in cases where we first provide you with notice and the opportunity to consent.

Of course trust with the internet community. The trust means, we have to hope that we can trust Cloudflare with our data and its algorithms.

Another thing is the sharing of our data. It is (currently) not limited to the in the policy named partners. So who knows who gets the data?

A last excerpt:

> Cloudflare processes End Users’ interactions with Customer’s Internet Properties and the Services. This information is processed when End Users access or use our Customers’ domains, websites, APIs, applications, devices, end points, and networks that use one or more of our Services, and when End Users access or use Services, such as Cloudflare Zero Trust. The information processed may include but is not limited to IP addresses, traffic routing data, system configuration information, and other information about traffic to and from Customers’ websites, devices, applications, and/or networks.

"Not limited to" when accessing a "customer website".

To conclude my trust with the name of a Cloudflare product:

> Cloudflare Zero Trust

Some scumbag is using your site (not assuming. they actually linked to this article) to block access to Brave browser users. Zero option to say "yeah I know they did this, now let me see the site already." Just purely malicious. Just wanted to say I appreciate that you put that comment at the end saying not to block access but only use it to display warnings and stuff... Even if someone else with thousands of GitHub stars wants to be a little whiny bitch about it and hurt users for no reason.

Today is 2025-08-08 and the sync issue is still there. After trying multiple approaches and spending days and weeks to find a solution, I am giving up.

The final solution for me is do not use Joplin for Android, which does not synchronize completely (OneDrive) and super slow (GoogleDrive as local file system + addition DriveSync)

It is pity because I really like Joplin, but the sync is a showstopper.

Extremely helpful guide! Helped me get Windows 11 running successfully inside gnome-boxes on my Fedora 41 system. Thank you!