Add additional context to SELinux

In this post we quickly look into how we add context for SELinux on our Orthanc binary storage.
$ sudo semanage fcontext -a -t etc_t -s system_u /opt/localdrive/orthancstorage

$ sudo restorecon -R -v /opt/localdrive/orthancstorage

Now we confirm it by the below command:
$ cat /etc/selinux/targeted/contexts/files/file_contexts.local
# This file is auto-generated by libsemanage
# Do not edit directly.

/opt/localdrive/postgres(/.*)?    system_u:object_r:postgresql_db_t:s0
/opt/localdrive/orthancstorage    system_u:object_r:etc_t:s0

Confirm the updates
$ ls -laZ /opt/localdrive/orthancstorage

Fixing SELinux Warnings for Postgres after changing the data directory

We moved the postgres data directory from its default location /var/lib/pgsql/data to /opt/localdrive/postgres.

This started to give lots of warnings in the SELinux audit logs. Postgres service was running fine as SELinux was in permissive mode, albeit giving verbose warnings as below.

$ sudo tail -f /var/log/audit/audit.log
type=AVC msg=audit(1543413248.637:5277): avc:  denied  { getattr } for  pid=5285 comm="postgres" path="/opt/localdrive/postgres/base/16386/PG_VERSION" dev="sdb1" ino=1725 scontext=system_u:system_r:postgresql_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file
type=SYSCALL msg=audit(1543413248.637:5277): arch=c000003e syscall=5 success=yes exit=0 a0=5 a1=7ffef5d9e1f0 a2=7ffef5d9e1f0 a3=1 items=0 ppid=1314 pid=5285 auid=4294967295 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=4294967295 comm="postgres" exe="/usr/bin/postgres" subj=system_u:system_r:postgresql_t:s0 key=(null)
type=PROCTITLE msg=audit(1543413248.637:5277): proctitle=706F7374677265733A206175746F76616375756D20776F726B65722070726F63657373202020
type=AVC msg=audit(1543413248.638:5278): avc:  denied  { write } for  pid=5285 comm="postgres" name="12730" dev="sdb1" ino=1263 scontext=system_u:system_r:postgresql_t:s0 tcontext=unconfined_u:object_r:unlabeled_t:s0 tclass=file
type=SYSCALL msg=audit(1543413248.638:5278): arch=c000003e syscall=2 success=yes exit=5 a0=2947210 a1=2 a2=180 a3=50 items=0 ppid=1314 pid=5285 auid=4294967295 uid=26 gid=26 euid=26 suid=26 fsuid=26 egid=26 sgid=26 fsgid=26 tty=(none) ses=4294967295 comm="postgres" exe="/usr/bin/postgres" subj=system_u:system_r:postgresql_t:s0 key=(null)

To fix this, we had to perform a number of steps:

Edit SELinux to point to the current postgres data directory
$ sudo semanage fcontext -a -t postgresql_db_t "/opt/localdrive/postgres(/.*)?"

$ sudo restorecon -R -v /opt/localdrive/postgres

Restart Postgres service
$ sudo service postgresql restart


Now the audit "denied" logs are gone!

Time zone stories of a nomadic student

Back to cooking in Atlanta

I have this love-hate relationship between the daylight savings observed in many countries. It lets me sleep longer and avoid going to work when it is too dark in the autumn and winter. The sunlight starts to shrink with time as we progress into autumn, and the winter time (which is the actual/natural time) kicks in and gives us one more hour to sleep. But as days progress into winter, the sunlight continues to shrink, still making you wake up and go to work in the dark. On the other hand, as spring comes, the days start to lighten up, with more sunlight. Then the summer time starts, to make you wake up earlier, and to give you more light in the nights.

Time zone change is another factor that you often have to deal with when you migrate from east to west or vice versa. It sometimes helps, and sometimes does not. I found that moving towards west usually helped. It helped me when I moved to Portugal from Sri Lanka in 2012, and then again this year when I moved to Atlanta from Portugal. I have been a night person since 2009. This is a habit I initially picked up with my first GSoC, as my mentors and other developers were from EU and US while I was in Sri Lanka. Later in Portugal, my deadlines often kept me up until mornings (conference submission deadlines are often given as 23:59 EDT or 23:59 AoE/anywhere on earth, which is the next day morning until noon in Portugal). This time although I moved to Atlanta in June, I maintained my biological clock synced with Portugal. Therefore, I go to bed at 10.30 pm (3.30 am in Portugal) and wake up at 6 am every day (11 am in Portugal). I leave home around 7.10 am and arrive at the lab at 7.25 am (if the bus is on time) to 7.33 am (if the bus is delayed). I hope to maintain this habit.

Time capsule - Portugal version

Taxi bill found in my pocket

There were many times I left Lisboa to live in other cities. But I knew that we would return, and usually stored our things securely in safe storage before leaving the city. But this was the first time packing everything, throwing away our 6 years of stuff. The city has loads of memories, and it is overwhelming. I have a feeling that the best part of my life so far, was in Lisboa. Not in Colombo, where I grew up.

Migrations consume lots of energy - especially if the migration is permanent. Portugal was my home for the past 6 years. Although I was moving back and forth between countries, I always returned to Portugal within a year. This year leaving Lisboa was first time as in a permanent move. I will of course go back for my Ph.D. defense soon. But not to live there again. At least no plans in the future that I foresee. We were dropping our clothes that are still relatively new into the donation box since we just can take 1 checked-in bag each in the flight. Later I realized, I dropped my metro card inside mistakenly with one of the shirts. Several months later in Atlanta, I found the taxi receipt from Lisboa in the pocket of my jacket, which I luckily still did not wash. On the taxi to the airport, I had mistakenly dropped a new umbrella and a water bottle from the side pockets of my bag. Leaving a country, throwing away almost everything we accumulated over several years is in fact somewhat a painful experience that we got used to. In fact, that explains our minimalist lifestyle during the past few years in EU.

Memories of Porto, still strong after 6 years

Sometimes we want to go back to visit a few of the places that left strong and pleasant memories in the past. However, it is not always easy to recreate and relive those memories. I wanted to spend some time in Porto before leaving Portugal this year. It was always in my list since we last visited in 2013. However, due to time limitations, we could not make it this year. It will remain forever as a memory of 2013 summer, until I manage to visit it in the future. This takes me back to the memories of Kista and Farsta in Stockholm. I stayed in Kista for my 2013 falls semester in KTH for my EMDC masters program. I used to visit Farsta frequently those days for a walk and for the shopping mall. Farsta also had a Hindu temple. After I left Stockholm and returned to Portugal, I visited Stockholm twice. Once for my masters graduation at KTH and once when I returned from ACRO summer school from Karlstad. I managed to visit Farsta during my first visit. But I missed Kista during both of my visits. Kista is not much of a fun except the shopping mall which also hosted our student accommodation as well as our Kista campus (far from the main KTH campus).

Memories are the best part of a travel. I sometimes like to travel to new places. Often I just want to go back to a place that I previously enjoyed and loved. Even if I go back, the same places do not always give the same memories. Things change. Places also change. Thus our experiences.