Viewing posts for the category Omarine User's Manual

An experience of automated emailing for multilingual site

I know among more than one thousand of our subscribers there are many webmasters, so I write this article to share an experience of sending emails automatically when a post is updated, using Python - Django for a multilingual site.
The key here is that with a large number of recipients, on the other hand the email content for each person is different, therefore it must be sent one by one and sending time lasts up to several minutes, so choosing a point of time to send the emails is important.
When you click the "Save" button in the admin page, a request chain starts with a POST request. We should not send emails during this time but need to wait for the entire request chain finishing and the response returns a successful save message.
But when the request finished, there is no information about the saved post. Therefore, have to retrieve the data in advance, in the operation phase "Save".
We need signals for activities. Usually Django provides the post_save signal, it is sent when a model is saved. But post_save is not suitable in this case because for multilingual model there will be multiple post_save signals sent.

We need to define a signal, for example:

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 10

This article is the last in 10 articles about security policy with detailed example programs. After reading these 10 articles, you have a basic knowledge to master your SELinux system. SELinux is still a tough topic in the open source community but now you find it not too complicated, right?

This article complements the previous article about the audit2allow utility, applying audit2allow to practice adding rules to the policy for a required operation.

When you create a virtual environment for Python, you can add and remove modules (Python) at your discretion without having to be root. Currently we need to add a rule to uninstall the modules. The uninstall script will create a temporary file, which by default has the type user_tmp_t and it needs to be changed to user_home_t for processing (similar to the myapp program to be transitioned its temporary file to type myapp_tmp_t).

For example, when we uninstall the dnspython module, the operation is denied with the following Python message:

PermissionError: [Errno 13] Permission denied: '/tmp/pip-uninstall-7ehq5lz7/home/tuyen/python-env/mysite/lib/python3.7/site-packages/dns/'

Assume the current user is staff_u with domain staff_t. audit2allow will detect rule:

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 9

Using audit2allow to generate rules

audit2allow is a utility that generates rules from logs of denied operations. It suggests rules for those operations  to succeed. To see the suggested rules, run the following command, as the root user:

SELinux with omarine policy: SELinux User Capabilities

Unlike Linux users where each user has a specific name like tho, emin, SELinux user is a group of users that have the same capabilities in terms of security context. For example, the standard SELinux user is user_u, the administration staff is staff_u. By convention, SELinux user names usually end with _u. The special case, the Linux root user corresponds to root in SELinux, still. The SELinux user name is the first part of the security context.

SELinux with omarine policy: An in-depth look at the security policy – secure program with its own domain: Part 8

Adding constraints to the rules - practice