[CentOS] SOLVED (was Re: Unable to mount Centos 5.6 Server via nfs4 - Operation Not Permitted - MADNESS!
Okay, it took a few minutes, but I figure it out. Seems that Scientific Linux eems to regress a bit in this area. With Centos, you need to bind like so: /home/share /exports/share nonebind0 0 /home/vhosts/exports/vhosts nonebind0 0 And then specify the options (including fsid0): in /etc/exports /exports*(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/vhosts *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) /exports/share *(rw,fsid=0,insecure,no_subtree_check,sync,no_root_squash) [root@centos home]# In order for clients to mount via NFS4 (with all the usual stuff about specifying in the ports in /etc/sysconfig/nfs) in thisfmat : mount -t nfs4 192.168.15.200:/ /mnt Which is apparently the correct way of mount via NFS HOWEVER, in Scientific Linux, you can get way with a) not binding the directories and b) go back to this format: /home/exports *(ro,sync) /opt*(ro,sync) And still be able to mount: mount -t nfs4 192.168.15.100:/opt /mnt I have to double check the mounts to confirm that I am mount via NFS4. Centos box (mounting SL box via NFS4): 192.168.15.100:/opt /mnt nfs4 rw,addr=192.168.15.100 0 SL Box (mounting Centos box via NFS4): 192.168.15.200:/ /mnt nfs4 rw,addr=192.168.15.200,clientaddr=192.168.15.100 0 0 Huh. Thanks a lot for the pointers, guys. It has been interesting. :) On Jun 2, 2011, at 8:50 PM, RILINDO FOSTER wrote: > Here you go. Nothing too fancy: > > [root@centos ~]# cat /etc/exports > /home *(ro,sync) > /opt/company_data *(rw,sync) > > > > On Jun 2, 2011, at 2:07 PM, Louis Lagendijk wrote: > >> On Thu, 2011-06-02 at 14:01 -0400, RILINDO FOSTER wrote: >>> It is actually commented out in SL6. >>> >>> >>> On Jun 2, 2011, at 11:56 AM, Tom H wrote: >>> On Mon, May 30, 2011 at 10:53 PM, RILINDO FOSTER wrote: > On May 30, 2011, at 10:29 PM, Tom H wrote: >> >> Are the values of "Domain" in "/etc/idmapd.conf" the same on the >> client and the server? >> >> FYI: For nfsv4, there's no need to have any ports other than 111 and >> 2049. >> >> (Are you using "fsid=0" as an option?) > >> Can you please show your /etc/exports? I remember that in Fedora some >> changes were made which probably included in RHEL6 as well that made >> fsid superfluous. Here is mine in case it helps you: >> /export gss/krb5(fsid=0,sync,insecure,no_subtree_check,no_root_squash) >> /export/home1 >> gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash) >> /export/home2 >> gss/krb5(rw,nohide,sync,insecure,no_subtree_check,no_root_squash) >> >> Louis >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> http://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/2011 10:12 PM, Ron Blizzard wrote: > On Fri, Jun 3, 2011 at 2:06 PM, Les Mikesell wrote: > >> That's not what I said. I said Red Hat's redistribution restriction >> created the need for Ubunutu. And that the community that is now >> dependent on RH-rebuilds might be better served by a distribution that >> does not restrict redistribution in the first place. These aren't >> cause/effect but you could put them together if you want. > > Everyone is free to use what they want -- that's the cool thing about > Linux -- choice. But, for me, Ubuntu is too "bleeding edge" to be a > viable replacement for Red Hat/CentOS. > There's only about half a dozen distros that I consider good enough for server work. The advantage of using distros from the RHEL family line is that Red Hat's primary focus is business, which means I can count on them being a lot more conservative about changing / breaking things then the bleeding edge distros. If I didn't have access to RHEL / CentOS / SL, then I'd probably run either Debian or Ubuntu LTS on servers. Because once you get past a certain point, Linux is Linux. The major differences tend to lie in package management, start-up scripts, systems administration and the GUI administration tools. Applications like PostgreSQL, Apache, etc. generally don't care which version of Linux they run on. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Fri, Jun 3, 2011 at 2:15 PM, wrote: > I'm having some problems with the way the conversation is going. RedHat > *was* a company; to me, the RHEL was aimed as a wedge, to get into > corporate America. For that matter, who started offering their distro of > RHEL around then? Why, the same company that offered this new o/s on their > brand new product, the IBM PC in 1980: IBM. I see it this way. Red Hat tried to get into the retail desktop market, with some limited success. They were basically selling the media, CD and books. That market dried up when high speed Internet became more common -- everyone could download and burn their own CDs. So they reinvented themselves. Whether that was a good or bad decision for the community, their focus on the corporate market seems to have paid off for them. And, honestly, it appears to have worked out pretty well for others who use SL or CentOS, or one of the many products based on CentOS (like most of the open VOIP switches and ClearBox, Blue Onyx, etc.). -- RonB -- Using CentOS 5.6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Fri, Jun 3, 2011 at 2:06 PM, Les Mikesell wrote: > That's not what I said. I said Red Hat's redistribution restriction > created the need for Ubunutu. And that the community that is now > dependent on RH-rebuilds might be better served by a distribution that > does not restrict redistribution in the first place. These aren't > cause/effect but you could put them together if you want. Everyone is free to use what they want -- that's the cool thing about Linux -- choice. But, for me, Ubuntu is too "bleeding edge" to be a viable replacement for Red Hat/CentOS. -- RonB -- Using CentOS 5.6 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] On Community
On 6/3/2011 3:53 PM, Lamar Owen wrote: > On Friday, June 03, 2011 03:49:00 PM Les Mikesell wrote: >> On 6/3/2011 1:28 PM, Lamar Owen wrote: >>> Go back and look at the changelogs of the PostgreSQL packages. > >> Give me a hint about what to look for. As I recall I always installed >> postgresql from source in those days because the disto packages were so >> far behind or broken. > > So, did you provide community-based feedback to the then PostgreSQL RPM > packager? Any bugzilla entries? Any e-mails? Anything? > > Sounds like the packager at the time could have used some good feedback, > instead of you bailing out, installing from source. Don't really recall, but my best guess is that I used whatever support or community email/forum/newsgroup I could find for postgresql and followed their advice. And back then the advice from the upstream projects was often to install their latest version instead of what the distro included. Not sure exactly when the concept of 'updates' came around so that there would have been a reasonable possibility for timely fixes either. I remember using freshrpms with an apt-for-rpm somewhere along the line but that sort of blurred the distinction between official update rpms and 3rd party versions. > And this is the Community in CentOS; as you have defined it here in this > thread, Les. The users, not the developers; the ones who provide good > feedback, but don't necessarily build (develop) the system. Your definition > was: > "[The community is] not the development community that pushes wild and crazy > changes into fedora that I'm talking about." (antecedent of your 'it's' in > the original is in brackets). > > This same community is here, and it's vibrant. I see many of the same names > I've seen for over ten years. Doing essentially the same thing, and giving > feedback if they're not actively developing or packaging. Some are a tad > more crotchety than before, but it's a familiar community. > > Oh, I almost forgot to mention: I *was* the community packager at the time. > And I could have used more useful, constructive, non-trollish feedback at the > time. Like I got from Sander Steffann, Kaj Niemi, Alvaro Herrera and the > tireless developer to whom I handed the packager role, Devrim Gunduz, who is > doing outstanding work in that role even today. A vibrant developer > community, one I miss, to tell you the truth. Sorry, I didn't think of packaging as a creative process back then and was more concerned with the mod_perl problems where I thought the issues were well known but not addressed across many RH releases (and then broken again after they finally got it right in 7.3). Now that things are more stable and mostly work I do understand your point about fixing the distro instead of bypassing it. There's still the issue with postgresql about major-rev upgrades needing a dump/load that you probably can't address sensibly with rpm's non-interactive restriction, though. > The rh.com contact/packager changed a few times, but I was the community > packager from 6.1 or so through a good part of FC2's development. Log in to > a CentOS 4 machine that has postgresql installed from CentOS-Base repo, and > issue a 'rpm -q --changelog postgresql' and scroll up a couple of dozen lines > or so from the end (date tagged Fri Nov 21 2003). The PostgreSQL core > developer Tom Lane took the Red Hat internal reins, and is still there > (employed by Red Hat and in the PostgreSQL Core Team). Tom does outstanding > work. PostgreSQL, just to name one project, is very much helped by Red Hat, > in upstream Core roles. I suspect I bailed on the packaged version in the 4.x or 5.x days and didn't track it's progress closely. Probably did use it on CentOS 4 for a while running RT, but the related perl packages were something of a nightmare to maintain. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] On Community (was:Re: ClearOS rebuild)
On Friday, June 03, 2011 03:49:00 PM Les Mikesell wrote: > On 6/3/2011 1:28 PM, Lamar Owen wrote: > > Go back and look at the changelogs of the PostgreSQL packages. > Give me a hint about what to look for. As I recall I always installed > postgresql from source in those days because the disto packages were so > far behind or broken. So, did you provide community-based feedback to the then PostgreSQL RPM packager? Any bugzilla entries? Any e-mails? Anything? Sounds like the packager at the time could have used some good feedback, instead of you bailing out, installing from source. And this is the Community in CentOS; as you have defined it here in this thread, Les. The users, not the developers; the ones who provide good feedback, but don't necessarily build (develop) the system. Your definition was: "[The community is] not the development community that pushes wild and crazy changes into fedora that I'm talking about." (antecedent of your 'it's' in the original is in brackets). This same community is here, and it's vibrant. I see many of the same names I've seen for over ten years. Doing essentially the same thing, and giving feedback if they're not actively developing or packaging. Some are a tad more crotchety than before, but it's a familiar community. Oh, I almost forgot to mention: I *was* the community packager at the time. And I could have used more useful, constructive, non-trollish feedback at the time. Like I got from Sander Steffann, Kaj Niemi, Alvaro Herrera and the tireless developer to whom I handed the packager role, Devrim Gunduz, who is doing outstanding work in that role even today. A vibrant developer community, one I miss, to tell you the truth. The rh.com contact/packager changed a few times, but I was the community packager from 6.1 or so through a good part of FC2's development. Log in to a CentOS 4 machine that has postgresql installed from CentOS-Base repo, and issue a 'rpm -q --changelog postgresql' and scroll up a couple of dozen lines or so from the end (date tagged Fri Nov 21 2003). The PostgreSQL core developer Tom Lane took the Red Hat internal reins, and is still there (employed by Red Hat and in the PostgreSQL Core Team). Tom does outstanding work. PostgreSQL, just to name one project, is very much helped by Red Hat, in upstream Core roles. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] ClearOS rebuild
On Fri, 3 Jun 2011, Les Mikesell wrote: >> Got back and look at the changelogs of the PostgreSQL packages. > > Give me a hint about what to look for. $ rpm -q --changelog postgresql-libs | grep -i owen Lamar was, during the time of RHL, postgresql's maintainer as to RPM based packaging, and as I recall part of the 'testers-list' cadre, that group took the early arrows in the back, stabilizing the then distribution on behalf of the FOSS 'community' -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/2011 2:15 PM, m.r...@5-cent.us wrote: > >> So what? Red Hat created a community by beeing free in both senses, and > then decided to go commercial at some point. And that hurt the feelings > of some minor number of hard-nosed community members. Is that what you > are talking about? >> >> I was around at the time of Red Hat going commercial. I heard about that, > > I'm having some problems with the way the conversation is going. RedHat > *was* a company; to me, the RHEL was aimed as a wedge, to get into > corporate America. For that matter, who started offering their distro of > RHEL around then? Why, the same company that offered this new o/s on their > brand new product, the IBM PC in 1980: IBM. Red Hat started with the concept of selling support services, and while they also sold boxed sets of software (a good thing back when most people didn't have the bandwidth to download it or CD burners), they did not restrict redistribution of the software or installing it on multiple machines. > RedHat, at least, has not taken the path to the Dark Side, as the Other > Company did That's a matter of opinion, but not so much the point as our dependency on rebuild projects if we don't switch to something else. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/03/2011 03:05 PM, Patrick Lists wrote:
>
> Hi Aleksey,
>
>
> On 06/03/2011 01:47 AM, Aleksey Tsalolikhin wrote:
>> Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
>> and audit.log / audit2allow tell me I need to add the local policy:
>>
>>
>> #= httpd_t ==
>> allow httpd_t unconfined_t:shm { unix_read unix_write };
>>
>> which I think will allow the httpd access to read and write from shared
>> memory?
>> Is that right? What are the risks involved in opening this? I notice it is
>> denied by the default policy.
>>
>> To simplify configuration management, I would prefer to make this setting
>> using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
>>
>> How do I request one? (And whom do I ask?)
>
> Since nobody has come up with a policy for eons I guess there is little
> incentive to provide one. When you go through the OTRS website it
> basically only says "turn off selinux" (which imho is pretty silly).
>
> There was one person that tried to create a policy:
> http://lists.otrs.org/pipermail/dev/2005-September/001109.html
>
> The #selinux channel on irc.freenode.net has always been helpful and
> patient even with my n00b questions. If you have all the info from the
> audit log then I would venture in there, put the audit log on a pastebin
> and ask how to proceed next.
>
> If you create a proper policy I would appreciate it if you could keep
> this list updated. From what I have read OTRS seems a nice solution but
> not when I have to turn off selinux.
>
> Regards,
> Patrick
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
Well not likely since this is not something we use with RHEL or Fedora.
But what I would suggest you do is put apache into permissive mode and
then see what avcs it creates. Load a custom policy module to allow the
access.
# semanage permissive -a httpd_t
Run OTRS at boot, And attempt to interact with it via apache.
I would figure there are a lot of rules to allow things like
# allow httpd_t initrc_t:shm { unix_read unix_write };
Once you have a bunch of avcs you can create a custom policy module
# grep initrc_t /var/log/audit/audit.log | audit2allow -M myotrs
# semodule -i myotrs.pp
Or ask someone on list to write a policy for this app.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3pO08ACgkQrlYvE4MpobPUGQCfWcVIkUcfBl9FvXKYJoZx8yKA
EkoAoNI2xKF02IZTYDwDLxtCqK8+0Rn0
=o/y6
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/2011 1:28 PM, Lamar Owen wrote: > On Friday, June 03, 2011 11:21:35 AM Les Mikesell wrote: >> I'm talking about what would be >> more in the best interest of the community that they attracted by >> permitting redistribution of the collated works - and then cut off. > > It's in the best interest of the community to have Red Hat in a financially > stable position to fund all this good stuff in the first place. If the only > way Red Hat can be financially viable is for me to give up the pre-EL ways, > then that's fine by me, especially since Red Hat is rather accommodating in > terms of the source code. > >> Go back and look at the changelogs of programs in the era between the >> RH 4.x and 9 releases if you don't remember how bad the stuff they initially >> shipped was or how it got fixed. > > Got back and look at the changelogs of the PostgreSQL packages. Give me a hint about what to look for. As I recall I always installed postgresql from source in those days because the disto packages were so far behind or broken. Sort of like apache/mod_perl which was only done right in the 7.3 release and then broken again in 8. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
Marko Vojinovic wrote: > On Friday 03 June 2011 16:21:35 Les Mikesell wrote: >> On 6/3/2011 8:57 AM, Lamar Owen wrote: > So what? Red Hat created a community by beeing free in both senses, and then decided to go commercial at some point. And that hurt the feelings of some minor number of hard-nosed community members. Is that what you are talking about? > > I was around at the time of Red Hat going commercial. I heard about that, I'm having some problems with the way the conversation is going. RedHat *was* a company; to me, the RHEL was aimed as a wedge, to get into corporate America. For that matter, who started offering their distro of RHEL around then? Why, the same company that offered this new o/s on their brand new product, the IBM PC in 1980: IBM. RedHat, at least, has not taken the path to the Dark Side, as the Other Company did mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
On 06/03/2011 08:41 PM, Daniel J Walsh wrote: [snip] > Not sure what OTRS is but it looks like you are running it as a user? > (unconfined_t), Does this usually run as a service started at boot time? It is Help Desk/Ticket software similar to Bugzilla. http://otrs.org/ It is started at boot through init. The RPMs currently available at otrs.org do not have any SELinux policies and seem to install everything under /opt/otrs. Hope this helps. Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/2011 1:17 PM, Marko Vojinovic wrote: > >> I'm not really talking about what Red Hat does - and I'm not against >> selling restricted software in general. I'm talking about what would be >> more in the best interest of the community that they attracted by >> permitting redistribution of the collated works - and then cut off. > > So what? Red Hat created a community by beeing free in both senses, and then > decided to go commercial at some point. And that hurt the feelings of some > minor number of hard-nosed community members. Is that what you are talking > about? I'm not talking about the hurt feelings, I'm talking about the ultimate best interests of the community members that are now relying on the rebuilds. > I was around at the time of Red Hat going commercial. I heard about that, and > immediately went to their website to see if that was true, since I was having > a hard time figuring out the alternative distro I could use. And when I opened > the website, there it was --- Fedora Core 1. It was publicly advertized by Red > Hat as a free (in both senses) continuation of old-style Red Hat releases, > only with the branding and name changed. It was right there, on redhat.com, > you can take a look: Fedora is not a 'usable' distribution unless you have nothing better to do with your life than install software and it is nothing like the old-style RH release that were maintained for years with updates. How many hours have you spent re-installing fedora versions? I quit when a mid-release kernel update refused to boot on a mainstream IBM box where it had happily installed. And running a box without current security updates is not an option so you can't just stick with an old copy. > I still remember a sentence somewhere that said something like "Think of > Fedora Core 1 as a release of Red Hat 10" (although I failed to find it now). > There was a clear pointer for every community member where to go if they > wanted to stay in the "old" community. The only difference was the absence of > the "shadow-man with a red hat" logo. No, the difference was every fedora was like the X.0 release for RH releases up to 7, where they were followed with X.1, X.2, etc., that actually worked. If you came in at 8 or 9 you might not understand the distinction because 8 and 9 never did reach the stability of 7.3. > So that can be considered as "cutting off" only for a couple of very > hard-nosed > community members who were emotionally attached more to the name "Red Hat" and > a nice picture of a hat, than to the product itself. Both the old product and > the old community continued to live, just under a different brand. And Red Hat > helped to create that new brand, and is still helping. No, what has been cut off is the product that evolves from user feedback and experience - that is, the thing that eventually works in spite of the broken new stuff that keeps getting pushed into new fedora versions. If they knew how to do that without community input, a fedora release or the old X.0 RH releases would be as good as X.2 or an EL. They aren't. >>> Red Hat is not the only Linux provider who has limited distribution of >>> binaries. And as the CentOS and other rebuild projects have proven time >>> and time again, having the source (and some time and significant effort) >>> is sufficient to build a fully binary compatible distribution. >> >> But the need for the rebuild projects shows that Red Hat has restricted >> access to what is mostly the result of community work. > > Red Hat didn't restrict access, it was only rebranded as another project. The > result and work of that same community is still here, is very much alive, and > is called Fedora. It's not the development community that pushes wild and crazy changes into fedora that I'm talking about. They seem to not like unix much and want to turn it into something else anyway. > Every RHEL release is based on Fedora, which is still > unrestricted and available. The process of creating RHEL from Fedora is closed > within Red Hat, and community does not contribute to that part. They don't participate in the packaging of the bits, but I'm not convinced that they don't contribute to the results. > I fail to see how did Red Hat restrict the access to the result of any > community work. That depends on what you consider community work. I say every change resulting from a bug report or contributed patch is community work, and work that would be better aimed in a direction that doesn't restrict redistribution or require a dependency on a rebuild effort. > I tend to disagree here as well. Ubuntu was created from Debian, and had a > completely different idea --- to become a favorite Linux distro for desktops. Their 'different idea' was to have an actual release schedule, unlike the Debian of the day with the 'when it's ready' mantra. Plus they relaxed the free-as-in-gnu policies to make it usable. > And they apparently succeded in
Re: [CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
Hi Aleksey,
On 06/03/2011 01:47 AM, Aleksey Tsalolikhin wrote:
> Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
> and audit.log / audit2allow tell me I need to add the local policy:
>
>
> #= httpd_t ==
> allow httpd_t unconfined_t:shm { unix_read unix_write };
>
> which I think will allow the httpd access to read and write from shared
> memory?
> Is that right? What are the risks involved in opening this? I notice it is
> denied by the default policy.
>
> To simplify configuration management, I would prefer to make this setting
> using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
>
> How do I request one? (And whom do I ask?)
Since nobody has come up with a policy for eons I guess there is little
incentive to provide one. When you go through the OTRS website it
basically only says "turn off selinux" (which imho is pretty silly).
There was one person that tried to create a policy:
http://lists.otrs.org/pipermail/dev/2005-September/001109.html
The #selinux channel on irc.freenode.net has always been helpful and
patient even with my n00b questions. If you have all the info from the
audit log then I would venture in there, put the audit log on a pastebin
and ask how to proceed next.
If you create a proper policy I would appreciate it if you could keep
this list updated. From what I have read OTRS seems a nice solution but
not when I have to turn off selinux.
Regards,
Patrick
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to set selinux policy "allow httpd_t unconfined_t:shm { unix_read unix_write }; " using an seboolean? (How to get a new seboolean?)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 06/02/2011 07:47 PM, Aleksey Tsalolikhin wrote:
> Hi. I'm trying to get OTRS running on CentOS 5.5 with SELinux enabled,
> and audit.log / audit2allow tell me I need to add the local policy:
>
>
> #= httpd_t ==
> allow httpd_t unconfined_t:shm { unix_read unix_write };
>
> which I think will allow the httpd access to read and write from shared
> memory?
> Is that right? What are the risks involved in opening this? I notice it is
> denied by the default policy.
>
> To simplify configuration management, I would prefer to make this setting
> using /usr/sbin/setseebool, but I don't see an sebool that deals with shm...
>
> How do I request one? (And whom do I ask?)
>
> Thanks,
> -at
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
Not sure what OTRS is but it looks like you are running it as a user?
(unconfined_t), Does this usually run as a service started at boot time?
Allowing this would just mean apache is able to read/write logged in
users shared memory.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3pKtYACgkQrlYvE4MpobOOIwCgs9KG+PxXUg3UealcfO+C4kYZ
wMMAn2oLpKPBQUjQpvTam3J5M0jL+g2P
=+sPH
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Friday, June 03, 2011 11:21:35 AM Les Mikesell wrote: > I'm talking about what would be > more in the best interest of the community that they attracted by > permitting redistribution of the collated works - and then cut off. It's in the best interest of the community to have Red Hat in a financially stable position to fund all this good stuff in the first place. If the only way Red Hat can be financially viable is for me to give up the pre-EL ways, then that's fine by me, especially since Red Hat is rather accommodating in terms of the source code. > Go back and look at the changelogs of programs in the era between the > RH 4.x and 9 releases if you don't remember how bad the stuff they initially > shipped was or how it got fixed. Got back and look at the changelogs of the PostgreSQL packages. > More to the point, wasn't that the reason you started using Red Hat in > the first place? No. I bought Red Hat 4 because it was the only non-proprietary platform on which I could run RealAudio Server back in 1997 and expect to get support from Progressive Networks. Red Hat being a North Carolina company was a great bonus. And while I would like to be an idealist, at the same time I know without doubt that I, and many others, use CentOS precisely because the binary compatibility for running closed source software is so good. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] revisionist history: was: ClearOS rebuild
On Fri, 3 Jun 2011, Marko Vojinovic wrote: > [Upstream] didn't restrict access, it was only rebranded as > another project oh horse puckety The binaries (base and updates) formerly freely available in RHL disappeared behind a license paywall; a new brand that was 'enforceable' emerged [RHL was not]; the 'fedoraproject' (R, TM) is a wholly owned subsidiary of the upstream; and so forth -- Russ herrold ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Friday 03 June 2011 16:21:35 Les Mikesell wrote: > On 6/3/2011 8:57 AM, Lamar Owen wrote: > > > > Red Hat deserves credit for still provided the source RPM's in buildable > > form even for those parts of the distribution that are not GPL licensed. > > They are not required by license to do that; for instance, the > > PostgreSQL RPM's, since PostgreSQL is BSD-licensed. I mention that > > particular package only because I have first-hand knowledge of that > > package. > > I'm not really talking about what Red Hat does - and I'm not against > selling restricted software in general. I'm talking about what would be > more in the best interest of the community that they attracted by > permitting redistribution of the collated works - and then cut off. So what? Red Hat created a community by beeing free in both senses, and then decided to go commercial at some point. And that hurt the feelings of some minor number of hard-nosed community members. Is that what you are talking about? I was around at the time of Red Hat going commercial. I heard about that, and immediately went to their website to see if that was true, since I was having a hard time figuring out the alternative distro I could use. And when I opened the website, there it was --- Fedora Core 1. It was publicly advertized by Red Hat as a free (in both senses) continuation of old-style Red Hat releases, only with the branding and name changed. It was right there, on redhat.com, you can take a look: http://web.archive.org/web/20031118114916/http://redhat.com/ I still remember a sentence somewhere that said something like "Think of Fedora Core 1 as a release of Red Hat 10" (although I failed to find it now). There was a clear pointer for every community member where to go if they wanted to stay in the "old" community. The only difference was the absence of the "shadow-man with a red hat" logo. So that can be considered as "cutting off" only for a couple of very hard-nosed community members who were emotionally attached more to the name "Red Hat" and a nice picture of a hat, than to the product itself. Both the old product and the old community continued to live, just under a different brand. And Red Hat helped to create that new brand, and is still helping. > > Red Hat is not the only Linux provider who has limited distribution of > > binaries. And as the CentOS and other rebuild projects have proven time > > and time again, having the source (and some time and significant effort) > > is sufficient to build a fully binary compatible distribution. > > But the need for the rebuild projects shows that Red Hat has restricted > access to what is mostly the result of community work. Red Hat didn't restrict access, it was only rebranded as another project. The result and work of that same community is still here, is very much alive, and is called Fedora. Every RHEL release is based on Fedora, which is still unrestricted and available. The process of creating RHEL from Fedora is closed within Red Hat, and community does not contribute to that part. And Red Hat has every right not to release the binary distro (RHEL) that they created *without* community input from a community-based free distro (Fedora). Everything that community creates is still completely free (again, in both senses). The "difference" between Fedora and its derivative RHEL lies strictly in the closed-to-community input from a commercial company, and Red Hat has therefore every right not to publish the resulting distro. They publish just the source code, since they are required to do it by the GPL (and other licences). I fail to see how did Red Hat restrict the access to the result of any community work. > > To my eyes it was a win-win for Linux, since without the for-profit model > > that Red Hat adopted, Red Hat likely would not be around today, nor > > would Red Hat-funded developers likely have been able to continue to > > devote as much time and effort as they have done. Perhaps they could > > have handled the PR in a better way, but then again when someone is used > > to freeloading they're going to hate having to pay anything at all (and > > that's not an accusation of anyone in particular, just a simple > > observation of human behavior). > > At the time, RH was backporting fixes into most/all of their previous > major-number releases in a way that clearly wasn't sustainable. So they > had to do the split between fast-track new development and long-term > supported versions that get backports, but it is not at all clear that > they had to restrict redistribution in addition to selling support. > This just created the need for Ubuntu... I tend to disagree here as well. Ubuntu was created from Debian, and had a completely different idea --- to become a favorite Linux distro for desktops. And they apparently succeded in that. Red Hat, and later Fedora, never even aimed at such a goal. The need for a desktop-oriented Linux distro was th
Re: [CentOS] Good book on Linux Admin (Centos 5.5)
On 6/3/2011 12:32 PM, Paul Heinlein wrote: > On Fri, 3 Jun 2011, Les Mikesell wrote: > >> I'm not sure how someone starting today would find the core tool set >> (which is almost unchanged today except for the GNU options on some >> commands and the addition of perl) or where to start with >> man/google. Or if these even matter any more now that there are >> monolithic GUIs to do most common operations and computers are fast >> enough to run them. > > A low barrier to entry is great for development and testing but > horrible for production. > > A GUI or other framework that can assist getting a service up and > running quickly is a great help; the developer or admin and his > customer(s) can quickly understand its applicability to the task at > hand. > > Moving that service into production, however, requires a different > understanding: risk assessment, scalability, configuration boundaries, > etc. The rapid-development tool rarely provides such insight, with > predicatable consequences in production. That's true if you are inventing a new service or deploying it in a way that the program/GUI designer didn't anticipate. Everyone had to do a lot of that in the old days when there weren't standard approaches and hardware was so expensive you would do some odd things to work around its limitations. But these days it is pretty rare to do something new in a production environment, even more so in internal infrastructure, and the person doing it probably won't be looking for a beginner sysadmin book. I'm leaning more towards running things that come with good defaults and fill-in-the-form choices as much as possible these days. What are the odds that a new sysadmin will build something for a typical office that is easier to maintain than, say, ClearOS, with it's 'just add users' setup and web form administration that you can have working without ever wading though the man pages for bash, perl, or sort'? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] /etc/security/limits.conf : rss
Christophe Caron wrote: > Hello, > > I run CentOS 5.6 on a Dell PowerEdge R815 with 256 GB of RAM. > We use Sun Grid Engine to schedule jobs on this node. > > > I want to limit the memory usage about 150 GB per process. > But, at least one process (oases - a bioinformatics tool) bypass this > limitation and use always 240 GB of memory (the last run) !! Is there some way to limit the number of threads the job can have? We had a problem like that - a user on a 48-core system that proceded, as the final step of the job, to want half again as much memory as the system had (256G!!!). After discussions, he limited what he submitted, so that's why I wondered if you could control that administratively. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Good book on Linux Admin (Centos 5.5)
On Fri, 3 Jun 2011, Les Mikesell wrote: > I'm not sure how someone starting today would find the core tool set > (which is almost unchanged today except for the GNU options on some > commands and the addition of perl) or where to start with > man/google. Or if these even matter any more now that there are > monolithic GUIs to do most common operations and computers are fast > enough to run them. A low barrier to entry is great for development and testing but horrible for production. A GUI or other framework that can assist getting a service up and running quickly is a great help; the developer or admin and his customer(s) can quickly understand its applicability to the task at hand. Moving that service into production, however, requires a different understanding: risk assessment, scalability, configuration boundaries, etc. The rapid-development tool rarely provides such insight, with predicatable consequences in production. -- Paul Heinlein <> heinl...@madboa.com <> http://www.madboa.com/ ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Good book on Linux Admin (Centos 5.5)
On 6/3/2011 11:54 AM, Thomas Harold wrote: >> The things I always look for and almost never find are >> >> (a) A split between tutorial (step-by-step for common uses) and >> reference sections (that have all the options). Once you've followed the >> tutorial you won't want to wade through that again to find the option to >> make an obscure change. > > For pure reference, I've always liked my "Linux in a Nutshell" book > (O'Reilly publisher), which has a huge section with all of the commands > and options. It even has sections on "vi" and "emacs". > > Google and man pages take care of the rest. > > (Also, since CentOS is so similar to RHEL, anything taught in a RHEL > book tends to carry over.) Back in the old (pre-X) days of unix, the entire manual set was a few small books that you could easily flip through and understand how all of the tools might be used together under control of a shell command or script. And if you understood what the fork() system call did, all the rest would make sense. I'm not sure how someone starting today would find the core tool set (which is almost unchanged today except for the GNU options on some commands and the addition of perl) or where to start with man/google. Or if these even matter any more now that there are monolithic GUIs to do most common operations and computers are fast enough to run them. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] /etc/security/limits.conf : rss
Hello, I run CentOS 5.6 on a Dell PowerEdge R815 with 256 GB of RAM. We use Sun Grid Engine to schedule jobs on this node. I want to limit the memory usage about 150 GB per process. So i use the /etc/security/limits.conf configuration file. I test this configuration with some tools with a lower GB limit (about 2 or 4 GB), and it works ! But, at least one process (oases - a bioinformatics tool) bypass this limitation and use always 240 GB of memory (the last run) !! /etc/security/limits.conf ... # * hardrss 15000 * softrss 15000 # * hardas 15000 * softas 15000 # ... # uname -r 2.6.18-238.9.1.el5.centos.plus Any idea ? Thanks -- Christophe CaronStation Biologique - Service Informatique et Génomique christophe.ca...@sb-roscoff.fr Place Georges Teissier - 29680 Roscoff tél: +33 (0)2 98 29 25 43 / tél: +33 (0)6 07 83 54 77 fax: +33 (0)2 98 29 23 24 Analysis and Bioinformatics for Marine Sciences Platform http://abims.sb-roscoff.fr/ smime.p7s Description: S/MIME Cryptographic Signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Good book on Linux Admin (Centos 5.5)
On 6/2/2011 4:18 PM, Les Mikesell wrote: > > The things I always look for and almost never find are > > (a) A split between tutorial (step-by-step for common uses) and > reference sections (that have all the options). Once you've followed the > tutorial you won't want to wade through that again to find the option to > make an obscure change. For pure reference, I've always liked my "Linux in a Nutshell" book (O'Reilly publisher), which has a huge section with all of the commands and options. It even has sections on "vi" and "emacs". Google and man pages take care of the rest. (Also, since CentOS is so similar to RHEL, anything taught in a RHEL book tends to carry over.) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 76, Issue 2
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CESA-2011:0833 Important CentOS 5 i386 kernel Update
(Karanbir Singh)
2. CESA-2011:0833 Important CentOS 5 x86_64 kernel Update
(Karanbir Singh)
--
Message: 1
Date: Tue, 31 May 2011 23:49:24 +
From: Karanbir Singh
Subject: [CentOS-announce] CESA-2011:0833 Important CentOS 5 i386
kernel Update
To: centos-annou...@centos.org
Message-ID: <20110531234924.ga28...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2011:0833 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
dd9aaf9970310600e859b46946b7f2a9 kernel-2.6.18-238.12.1.el5.i686.rpm
2ed708da836e1463cf46d45e775b592f kernel-debug-2.6.18-238.12.1.el5.i686.rpm
026860be5dfce20b21e2aba9f0ea59f7
kernel-debug-devel-2.6.18-238.12.1.el5.i686.rpm
408b0d828757b191e35750e4fd3621f3 kernel-devel-2.6.18-238.12.1.el5.i686.rpm
282d172ca2498e818c6b0570b4ce76b6 kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
e4acc41b003cf8763c3e277f019581e2 kernel-headers-2.6.18-238.12.1.el5.i386.rpm
862d7e1a4118811ae3713dc85ca6b464 kernel-PAE-2.6.18-238.12.1.el5.i686.rpm
983ae820419d6e29a0ebb60b77e1193c kernel-PAE-devel-2.6.18-238.12.1.el5.i686.rpm
259a7846a7325f6815dd91c97e844f8b kernel-xen-2.6.18-238.12.1.el5.i686.rpm
d5c9e8eb90ab59159cd215ce5e6ffe91 kernel-xen-devel-2.6.18-238.12.1.el5.i686.rpm
Source:
252810602106f6c4851bc3f1c0012a97 kernel-2.6.18-238.12.1.el5.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net
--
Message: 2
Date: Tue, 31 May 2011 23:49:25 +
From: Karanbir Singh
Subject: [CentOS-announce] CESA-2011:0833 Important CentOS 5 x86_64
kernel Update
To: centos-annou...@centos.org
Message-ID: <20110531234925.ga28...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2011:0833 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2011-0833.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
480a23019f26117cfa6b6bda82c52daa kernel-2.6.18-238.12.1.el5.x86_64.rpm
0e1756f4c61922ff525768041e93491d kernel-debug-2.6.18-238.12.1.el5.x86_64.rpm
cdddbc8cb4d0e968326966a84ed8a73c
kernel-debug-devel-2.6.18-238.12.1.el5.x86_64.rpm
99073c45aab701116866e699c03f0a6f kernel-devel-2.6.18-238.12.1.el5.x86_64.rpm
131f7868962dc062e16db305980fb97f kernel-doc-2.6.18-238.12.1.el5.noarch.rpm
43cf8bb7ece8d55fe6b1dfa08c5591ac kernel-headers-2.6.18-238.12.1.el5.x86_64.rpm
faee8065fe0158d2d35e55c03141f5b1 kernel-xen-2.6.18-238.12.1.el5.x86_64.rpm
c569a871fc3b2b84973c45f8d3d58cef
kernel-xen-devel-2.6.18-238.12.1.el5.x86_64.rpm
Source:
252810602106f6c4851bc3f1c0012a97 kernel-2.6.18-238.12.1.el5.src.rpm
--
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 76, Issue 2
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/2011 8:57 AM, Lamar Owen wrote: > On Friday, June 03, 2011 09:06:28 AM Les Mikesell wrote: >> Yes, RedHat deserves the credit for denying access to the binaries of open >> source work, even to the community responsible for it even existing. > [snip] >> But when you say that, keep in mind that the 'original packages' part is the >> packaging work, not the creation of the vast majority of the code. And that >> the >> Red Hat company made its name and developed its community of users by >> allowing >> free access in the first place up until the EL/Fedora split. Personally I >> think >> everyone who uses free versions would have been better off if they had >> switched >> to Debian the day that Red Hat put the restrictions on redistribution, but I >> was >> too lazy to learn the options to 'apt-get'. > > Red Hat deserves credit for still provided the source RPM's in buildable form > even for those parts of the distribution that are not GPL licensed. They are > not required by license to do that; for instance, the PostgreSQL RPM's, since > PostgreSQL is BSD-licensed. I mention that particular package only because I > have first-hand knowledge of that package. I'm not really talking about what Red Hat does - and I'm not against selling restricted software in general. I'm talking about what would be more in the best interest of the community that they attracted by permitting redistribution of the collated works - and then cut off. > Red Hat is not the only Linux provider who has limited distribution of > binaries. And as the CentOS and other rebuild projects have proven time and > time again, having the source (and some time and significant effort) is > sufficient to build a fully binary compatible distribution. But the need for the rebuild projects shows that Red Hat has restricted access to what is mostly the result of community work. Go back and look at the changelogs of programs in the era between the RH 4.x and 9 releases if you don't remember how bad the stuff they initially shipped was or how it got fixed. (I picked 4.x because as I recall it was the first CD that you could drop into a typical PC and have something come up working, and I'd consider that a turning point in the number of Linux users). Without the timing of that 4.0 release and its ease-of-install, we'd probably mostly be using a *bsd flavor now (which might not be such a bad thing either). > To my eyes it was a win-win for Linux, since without the for-profit model > that Red Hat adopted, Red Hat likely would not be around today, nor would Red > Hat-funded developers likely have been able to continue to devote as much > time and effort as they have done. Perhaps they could have handled the PR in > a better way, but then again when someone is used to freeloading they're > going to hate having to pay anything at all (and that's not an accusation of > anyone in particular, just a simple observation of human behavior). At the time, RH was backporting fixes into most/all of their previous major-number releases in a way that clearly wasn't sustainable. So they had to do the split between fast-track new development and long-term supported versions that get backports, but it is not at all clear that they had to restrict redistribution in addition to selling support. This just created the need for Ubuntu... > The CentOS developers/rebuilders are to be commended for taking on the > significantly difficult task of not just taking at rebuilding the system, but > taking on the much more difficult task of making the resulting rebuild 100% > ld-level and dependency-level binary compatible, as least as much as is > possible with the released source code to the distributed binaries. Not to > mention the far more difficult task of then releasing it publicly and dealing > with that Yes, this effort let the community be lazy and avoid learning a different administration style. But in the long run, I'm not convinced that being lazy and avoiding the jump to a project that does not restrict redistribution in the first place and relying on these work-arounds is a good choice for any of us. > But, I do understand and am sympathetic; I miss the old boxed sets as much as > anyone. More to the point, wasn't that the reason you started using Red Hat in the first place? Well, that and the fact that the large number of other users who chose it for the same reason meant that drivers for the devices you use were likely to be contributed and available for it first? Would you have given it a second look back then if it had the redistribution restrictions? -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Revisor
From: Deivison Moraes >I wonder if therevisoris how to pick, with the CentOS installed only in text >mode alsoworks, and also I'm having some problems >with package dependencies are missing some packages to install the revisorbut >still can not find ... >Error: Missing Dependency: python (abi)> = 2.4 is needed by package reviewer >Error: Missing Dependency: pykickstart is needed by package reviewer >Error: Missing Dependency: python (abi) = 2.4 is needed by package reviewer >Error: Missing Dependency: yum> = 3 is needed by package reviewer >Error: Missing Dependency: squashfs-tools package is needed by reviewer >Error: Missing Dependency: notify-python is needed by package reviewer Maybe try 'yum localinstall' instead of rpm... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Trying to understand USB HD configuration
From: Todd Cary > Now, when I turn on the USB drive (it is self-mounted in 5.5), > the USB drive has been assigned "disk-1" -- understood. What I > am missing is the "table" that contains the information pointing > to USB drive, disk-1. I would like to reset the table so that > "disk" is the USB drive and delete the data that is now on my > main drive. Did you "eject" (umount) your disk before you turned it off...? JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Thursday, June 02, 2011 08:03:34 PM Rob Kampen wrote: > My look at the website shows only i386 versions - this is a long way > away from a replacement or alternative to CentOS. Also, it likely would be a subset, and not the full distribution. This has already been done, and released, as FrameOS 6, back in February. But it is a relatively small subset. Not to trivialize the effort that was taken, however. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Friday, June 03, 2011 09:06:28 AM Les Mikesell wrote: > Yes, RedHat deserves the credit for denying access to the binaries of open > source work, even to the community responsible for it even existing. [snip] > But when you say that, keep in mind that the 'original packages' part is the > packaging work, not the creation of the vast majority of the code. And that > the > Red Hat company made its name and developed its community of users by > allowing > free access in the first place up until the EL/Fedora split. Personally I > think > everyone who uses free versions would have been better off if they had > switched > to Debian the day that Red Hat put the restrictions on redistribution, but I > was > too lazy to learn the options to 'apt-get'. Red Hat deserves credit for still provided the source RPM's in buildable form even for those parts of the distribution that are not GPL licensed. They are not required by license to do that; for instance, the PostgreSQL RPM's, since PostgreSQL is BSD-licensed. I mention that particular package only because I have first-hand knowledge of that package. Red Hat deserves credit for providing vast amounts of developer time to the upstream projects, including but not limited to the kernel, glibc, gcc, GNOME, PostgreSQL, and RPM itself. Red Hat is not the only Linux provider who has limited distribution of binaries. And as the CentOS and other rebuild projects have proven time and time again, having the source (and some time and significant effort) is sufficient to build a fully binary compatible distribution. To my eyes it was a win-win for Linux, since without the for-profit model that Red Hat adopted, Red Hat likely would not be around today, nor would Red Hat-funded developers likely have been able to continue to devote as much time and effort as they have done. Perhaps they could have handled the PR in a better way, but then again when someone is used to freeloading they're going to hate having to pay anything at all (and that's not an accusation of anyone in particular, just a simple observation of human behavior). The CentOS developers/rebuilders are to be commended for taking on the significantly difficult task of not just taking at rebuilding the system, but taking on the much more difficult task of making the resulting rebuild 100% ld-level and dependency-level binary compatible, as least as much as is possible with the released source code to the distributed binaries. Not to mention the far more difficult task of then releasing it publicly and dealing with that But, I do understand and am sympathetic; I miss the old boxed sets as much as anyone. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
> Yes, RedHat deserves the credit for denying access to the binaries of open > source work, even to the community responsible for it even existing. Since I just made a point about the upstream projects, let me respectfully disagree with your statement : free software is about freedom not free lunch. CentOS, ScientificLinux, ClearOS, etc. are living proof that Red Hat did not take away our freedom. Moreover, I doubt that the free software community is worse off with Red Hat having a profitable business model, but this is another question. (gosh, I got trapped again in one of these threads... Sorry, I love debating too much. Won't do it again. Won't do it again...) ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On 6/3/11 2:41 AM, Steven Crothers wrote: > > If you want to get into the nitty gritty of it, the ONLY group of > people who deserve ANY credit at all are the Redhat folks. So saying a > product that is released off Redhat's coattails is competing with > another product that is ALSO running off Redhat's coattails is absurd. Yes, RedHat deserves the credit for denying access to the binaries of open source work, even to the community responsible for it even existing. > A more definitive list would be anyone who has created original > packages. The Redhat folks, EPEL contributors, El'Repo/Rpmforge (Dag > W), and ect. Those are the people who deserve credit, anybody can > download a source rpm and use the Redhat ISO (which is available > easily enough) to rebuild RHEL6. The major deterrent is probably that > type of "competitive market share thinking" you're exhibiting. But when you say that, keep in mind that the 'original packages' part is the packaging work, not the creation of the vast majority of the code. And that the Red Hat company made its name and developed its community of users by allowing free access in the first place up until the EL/Fedora split. Personally I think everyone who uses free versions would have been better off if they had switched to Debian the day that Red Hat put the restrictions on redistribution, but I was too lazy to learn the options to 'apt-get'. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to format a USB drive?
On 6/3/11 5:56 AM, Stephen Harris wrote: > On Fri, Jun 03, 2011 at 06:52:30AM -0400, Steve Clark wrote: >> On 06/02/2011 04:20 PM, Les Mikesell wrote: > >>> And the first thing I do when I need to change something on a system set >>> up like that is 'sudo su -'... Too lazy to type it more than once. >>> >> I just learned about su -i, does the same and is shorter. > > % su -i > su: invalid option -- i > Try `su --help' for more information. > > You probably meant "sudo -i" :-) But that is a special case to remember. I like combining things I already knew better than remembering some new special case. -- Les Mikesell lesmikes...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to format a USB drive?
On 06/03/2011 06:56 AM, Stephen Harris wrote: On Fri, Jun 03, 2011 at 06:52:30AM -0400, Steve Clark wrote: On 06/02/2011 04:20 PM, Les Mikesell wrote: And the first thing I do when I need to change something on a system set up like that is 'sudo su -'... Too lazy to type it more than once. I just learned about su -i, does the same and is shorter. % su -i su: invalid option -- i Try `su --help' for more information. You probably meant "sudo -i" :-) oops - yep. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to format a USB drive?
Steve Clark wrote: > On 06/02/2011 04:20 PM, Les Mikesell wrote: >> On 6/2/2011 3:04 PM, Robert Heller wrote: I know. But you need to setup sudo for users, I never bothered so far. >>> It is one of the *first* things I do when I freshly install Linux (*ANY* >>> distro, both on my machines and anyone else's I set up). >> And the first thing I do when I need to change something on a system set >> up like that is 'sudo su -'... Too lazy to type it more than once. >> > I just learned about su -i, does the same and is shorter. I use "su -" to logon as root and have full support (ip address, etc...) and full root path. Then I do what is needed. Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to format a USB drive?
On Fri, Jun 03, 2011 at 06:52:30AM -0400, Steve Clark wrote: > On 06/02/2011 04:20 PM, Les Mikesell wrote: > >And the first thing I do when I need to change something on a system set > >up like that is 'sudo su -'... Too lazy to type it more than once. > > > I just learned about su -i, does the same and is shorter. % su -i su: invalid option -- i Try `su --help' for more information. You probably meant "sudo -i" :-) -- rgds Stephen ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] How to format a USB drive?
On 06/02/2011 04:20 PM, Les Mikesell wrote: On 6/2/2011 3:04 PM, Robert Heller wrote: I know. But you need to setup sudo for users, I never bothered so far. It is one of the *first* things I do when I freshly install Linux (*ANY* distro, both on my machines and anyone else's I set up). And the first thing I do when I need to change something on a system set up like that is 'sudo su -'... Too lazy to type it more than once. I just learned about su -i, does the same and is shorter. -- Stephen Clark *NetWolves* Sr. Software Engineer III Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Revisor
Hello,some of youare familiar withtherevisor,andcanhelp me withit? I wonderif therevisorishowtopick,withtheCentOSinstalledonlyintext modealsoworks, andalsoI'm having someproblems withpackagedependenciesare missing somepackagesto installtherevisorbut stillcan not find... Error:MissingDependency: python(abi)>=2.4isneededbypackagereviewer Error:MissingDependency:pykickstartis needed bypackagereviewer Error:MissingDependency: python(abi)=2.4isneededbypackagereviewer Error:MissingDependency:yum>=3isneededbypackagereviewer Error:MissingDependency:squashfs-toolspackageisneededbyreviewer Error:MissingDependency:notify-pythonis needed bypackagereviewer Grateful -- Deivison Moraes ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
> If you want to get into the nitty gritty of it, the ONLY group of > people who deserve ANY credit at all are the Redhat folks. So saying a > product that is released off Redhat's coattails is competing with > another product that is ALSO running off Redhat's coattails is absurd. Maybe a little thought as well for the few hundreds/thousands of FLOSS upstream projects? (starting with the kernel and all GNU software...) Red Hat is great and what they do (and Debian, Ubuntu, etc. do) is critical, but I find it sometimes weird how people talk about it as if they were developing ALL the software they distribute. The "product" is the collective work of all the contributors to free software (individuals and organizations) over three decades, as well as of those who make it available to others (volunteers like CentOS, companies like Red Hat). ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Unable to mount Centos 5.6 Server via nfs4 - Operation Not Permitted - MADNESS!
RILINDO FOSTER wrote: > I did that. It didn't help. :( > > > On Jun 2, 2011, at 6:07 PM, Tom H wrote: > >> On Thu, Jun 2, 2011 at 2:01 PM, RILINDO FOSTER wrote: >>> On Jun 2, 2011, at 11:56 AM, Tom H wrote: I was asking about "Domain" in "idmapd.conf" because there might be a difference between CentOS 5 and SL 6. >>> It is actually commented out in SL6. >> There you go. Comment it out on CentOS and restart idmapd - and cross >> your fingers. As far as I know, that needs to be there. And hostname must be recognizable via DNS by NFS server. If NFS server can not verify your fqdn (hostname + domain from /etc/idmapd.conf) server will deny your requests. NFS via ssh is one of the options. Here are my notes on NFS4 for CentOS: NFS4 on CentOS 5.x: SERVER SIDE: • Create /nfs4exports with subfolders: extra and home. • In /etc/fstab put : /extra /nfs4exports/extra bindbind0 0 /home /nfs4exports/home bindbind0 0 • A u /etc/exports staviti: /nfs4exports A.B.C.D/255.255.255.W(rw,fsid=0,sync,no_root_squash,no_subtree_check) /nfs4exports/extra A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash) /nfs4exports/home A.B.C.D/255.255.255.W(rw,no_subtree_check,nohide,sync,no_root_squash) • In /etc/sysconfig/nfs put: LOCKD_TCPPORT=32803 # UDP port rpc.lockd should listen on. LOCKD_UDPPORT=32769 RPCNFSDARGS="-N 2 -N 3" MOUNTD_PORT=892 STATD_PORT=662 # Outgoing port statd should used. The default is port # is random STATD_OUTGOING_PORT=2020 # Specify callout program Never remove root squashing, it lowers root to nfsnobody level. There is also an all_squash option. /etc/idmapd.conf: [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = [Mapping] Nobody-User = drlove73 Nobody-Group = drlove73 [Translation] Method = nsswitch idmapd.conf must be the same on the client CLIENT SIDE - autofs: /etc/auto.: /autofsmounts/ /etc/auto. --timeout=10 /etc/auto.: extra -fstype=nfs4,rw,proto=tcp :/extra home-fstype=nfs4,rw,proto=tcp :/home /etc/idmapd.conf: [General] Verbosity = 0 Pipefs-Directory = /var/lib/nfs/rpc_pipefs Domain = [Mapping] Nobody-User = drlove73 Nobody-Group = drlove73 [Translation] Method = nsswitch Create /autofsmounts/vmaster test : showmount -e Create /vmaster and, once they show, create inside symlinks from : /autofsmounts/vmaster/extra /autofsmounts/vmaster/home Ljubomir ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] ClearOS rebuild
On Thu, Jun 2, 2011 at 7:57 PM, Ian Murray wrote: > Thanks for the link. It makes interesting listening because there are claims > that they tried to engage with the CentOS devs to offer support and > resourcing, > but that relationship was not forthcoming... so they intend to build (as I see > it) a direct competitor distribution (i.e. "binary compatible"). Also > interestingly, apparently they have recruited help from the SME/Contribs > people, > so I don't know if that means SME will die because it had precious little > resources to start with (and now those resources work for the competition) or > SME will still carry on and be rebased on Clear Core. Also stated in the audio > is that this was all a direct response to the uncertainties around CentOS. There is no such thing as a competitor in open source. Thinking like that has led to the closed "anti-competitor" and Microsoft style of "market-share" thinking that takes place on this list. Open source projects share information (well, most do). If you want to get into the nitty gritty of it, the ONLY group of people who deserve ANY credit at all are the Redhat folks. So saying a product that is released off Redhat's coattails is competing with another product that is ALSO running off Redhat's coattails is absurd. A more definitive list would be anyone who has created original packages. The Redhat folks, EPEL contributors, El'Repo/Rpmforge (Dag W), and ect. Those are the people who deserve credit, anybody can download a source rpm and use the Redhat ISO (which is available easily enough) to rebuild RHEL6. The major deterrent is probably that type of "competitive market share thinking" you're exhibiting. -- Steven Crothers steven.croth...@gmail.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
