[CentOS-announce] CEBA-2011-1375 CentOS 5 x86_64 evince FASTTRACK Update
CentOS Errata and Bugfix Advisory 2011-1375
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1375.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
86e080bb248662e878810a6923a53ec1 evince-0.6.0-17.el5.x86_64.rpm
Source:
504d8af60587451cf83b8d907a6d3574 evince-0.6.0-17.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011-1376 CentOS 5 x86_64 gpart FASTTRACK Update
CentOS Errata and Bugfix Advisory 2011-1376
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1376.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
6ad564254aa2fb1bf177166f04594673 gpart-0.1h-6.el5.x86_64.rpm
Source:
ad20a9962e833a71125fd4546d5fcdfb gpart-0.1h-6.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011-1376 CentOS 5 i386 gpart FASTTRACK Update
CentOS Errata and Bugfix Advisory 2011-1376
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1376.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
74f1721b2af503a98fd02affa508840b gpart-0.1h-6.el5.i386.rpm
Source:
ad20a9962e833a71125fd4546d5fcdfb gpart-0.1h-6.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011:1374 CentOS 5 i386 autofs Update
CentOS Errata and Bugfix Advisory 2011:1374
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1374.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
4c4ec40c855cbd388a321dabddf714b5 autofs-5.0.1-0.rc2.156.el5_7.3.i386.rpm
Source:
4462ed466dad8622f8a94f866c832c62 autofs-5.0.1-0.rc2.156.el5_7.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
[CentOS-announce] CEBA-2011:1374 CentOS 5 x86_64 autofs Update
CentOS Errata and Bugfix Advisory 2011:1374
Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1374.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
2d9b6215db1782dd77d6585544d1c14d autofs-5.0.1-0.rc2.156.el5_7.3.x86_64.rpm
Source:
4462ed466dad8622f8a94f866c832c62 autofs-5.0.1-0.rc2.156.el5_7.3.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
Re: [CentOS-es] Que me recomiendan usa Como Autenticador de usuario NIS o LDAP (OpenLDAP)
señores centos.org Soy isaac Garcia desde cali- colombia requiero una ayuda urgente de parte de Uds. Estoy tratando de instalar un servidor Centos para administrar un aplicativo para varios usuarios. El problema es que he bajado varias compilaciones ISO de las paginas que he encontrado, pero ninguna es Bootable Por lo que se ha vuelto muy complicado instalar el servidor. Requiero saber cual es el metodo seguro para uno poder bajar una compilacion ISO que funcione o como poner a bootear una ya descargada. Tambien un manualillo de Centos para instalar el servicio SAMBA y poder accesar desde Windows con Putty o con el Browser de Windows. Quedo en espera de una respuesta Pronta de poder Uds. Gracias de Antemano por cualquier ayuda. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
[CentOS-es] Problemas para compilar .
Hola a todos. Le hago una consulta. Quiero compilar el paquete de Soft Gromacs-4.5.5.tar.gz Lo que hice fue lo siguiente... 1ro) - Instale el ... # yum install gcc gcc-c++ autoconf automake, son las herramientas para compilar. 2do) - Guarde el archivo gromacs-4.5.5.tar.gz en el directorio /usr/local, alli los descomprimí con ... tar -zxvf gromacs-4.5.5.tar.gz, luego... ./configure y aca viene la pregunta... cuando quiero ejecutar make me dice que ... -bash: make: no se ejecuto la orden. Alguno me puede decir que me esta ocurriendo, porque no me deja compilar el paquete.??? Desde ya muchas gracias. Saludos Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS-es] Problemas para compilar .
Ernesto, gracias por tu respuesta y tu sugerencia. La voy a tener muy en cuenta. De nuevo, muchas gracias. El 17 de octubre de 2011 16:32, Ernesto Pérez Estévez cen...@nuestroserver.com escribió: El lun, 17-10-2011 a las 16:25 -0300, Luciano Andrés Chiarotto escribió: Hola a todos. Le hago una consulta. Quiero compilar el paquete de Soft Gromacs-4.5.5.tar.gz Lo que hice fue lo siguiente... 1ro) - Instale el ... # yum install gcc gcc-c++ autoconf automake, son las herramientas para compilar. 2do) - Guarde el archivo gromacs-4.5.5.tar.gz en el directorio /usr/local, alli los descomprimí con ... tar -zxvf gromacs-4.5.5.tar.gz, luego... ./configure y aca viene la pregunta... cuando quiero ejecutar make me dice que ... -bash: make: no se ejecuto la orden. aunque no soy partidario de compilar algo fuera del esquema de rpm porque después puede traer conflictos de bibliotecas y algunas cosas más te respondo yum install make saludos epe Alguno me puede decir que me esta ocurriendo, porque no me deja compilar el paquete.??? Desde ya muchas gracias. Saludos Luciano ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es -- _(@^@)__ Luciano Andres Chiarotto Celular:02652-15655153; San Luis (Capital). Técnico Universitario en Microprocesadores El saber es la parte principal de la felicidad. Sócrates (470-399 a. C.); filósofo griego. ___ CentOS-es mailing list CentOS-es@centos.org http://lists.centos.org/mailman/listinfo/centos-es
Re: [CentOS] What's up with the mailing list?
El 16/10/11 21:08, John R Pierce escribió: On 10/16/11 6:57 AM, Lorenzo Martínez Rodríguez wrote: Following your link I only see Compatible with Windows ME/2000/XP/Vista/7 Are you sure it will work with CentOS 6? I don't use it for print anything, but just to switch on my own home alarm as I wrote here: http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html Sorry, it is in spanish, that's my language :) Give it a try with some online translation service. that style of programming, poking bits at a physical IO device at an assumed port address will not work on anything but a legacy mainboard LPT1 port. any PCI or PCI-E port will be at a dynamic address which you'd have to find via the plug and play device registry, or groping your way through the output of lspci, which it appears you've been doing.. a USB port requires a complex sequence of commands to be sent to the USB controller to send data to the port. my guess is, the newer kernels have dropped support entirely for ieee1284 devices. Hi John, Trust me, with kernel 2.6.32-71.29.1.el6.x86_64 it works like a charm. It is true I had to detect by myself the IO port the BIOS assign to the card and that's all. As I don't have to change daily the card to a different slot, everything works if I load the driver parport_pc with parameter io=0x2018. I was able to do this because if I type lspci, the operating system detects the card. The problem comes when I start with kernel 2.6.32-131.17.1.el6. Then lspci does not not show the card in the right way. Instead a message with the text !!! Unknown header type 7f appears in the section of that card. :( -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] What's up with the mailing list?
Hi Patrick, It is detected and working now if I use kernel 2.6.32-71.29.1.el6.x86_64. The problem comes if Update to kernel 2.6.32-131.17.1.el6 from *cr* repository. I will try to send the bug to the link you sent. Thanks a lot, El 16/10/11 16:39, Patrick Lists escribió: On 10/16/2011 03:57 PM, Lorenzo Martínez Rodríguez wrote: [snip] If you need it for a printer then why not get a usb-parallel cable: http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html Maybe this is the difference Following your link I only see Compatible with Windows ME/2000/XP/Vista/7 Are you sure it will work with CentOS 6? I don't use it for print anything, but just to switch on my own home alarm as I wrote here: http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html Sorry, it is in spanish, that's my language :) Give it a try with some online translation service. Nope I don't know if it will work with CentOS 6. I looked at your page. I don't speak Spanish but got the idea. Pretty neat. [snip] If you don't expect anything from somebody, and you receive anything,... it would be very pleasant. Since I belong to this list, the only topic with 0 answers was my question. Is it so difficult? Well now at least you got 2 :) Have you tried getting the latest Fedora 15 live cd (or maybe even the latest Fedora 16 beta/TC live cd) and boot that on your server and see if your card is recognized? That should give you some more info. Then file a bug at the CentOS website or maybe directly on the Red Hat bugzilla: https://bugzilla.redhat.com If your card is not recognized in the latest CentOS CR kernel and in F15 (or F16) then you could file the bug twice (under RHEL6 and F15/F16). Hopefully that should get the kernel devs attention. If you can find such a usb-parallel cable at a local computer store perhaps you could try it and return it if it does not work? Regards, Patrick ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos -- Lorenzo Martinez Rodriguez Visit me: http://www.lorenzomartinez.es Mail me to: lore...@lorenzomartinez.es My blog: http://www.securitybydefault.com My twitter: @lawwait PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.0 i386 DVD
From: William L. Maltby centos4b...@triad.rr.com Anyway, my life would've (will be) a bit simpler if someone can clue me in to how to get that image onto a DVD using either CentOS 6 or Windows. As stated in the release notes, you need a DVD-R. In my case, k3b failed to write it but regular gnome CD/DVD Creator worked... JD ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.0 i386 DVD
On Mon, 2011-10-17 at 02:48 -0700, John Doe wrote: From: William L. Maltby centos4b...@triad.rr.com Anyway, my life would've (will be) a bit simpler if someone can clue me in to how to get that image onto a DVD using either CentOS 6 or Windows. As stated in the release notes, you need a DVD-R. In my case, k3b failed to write it but regular gnome CD/DVD Creator worked... The DVD-R was the first one I tried, because of the notes. But I never tried the gnome creator. In fact, being old-school, command line is always my preference and I didn't try any GUI ones except on windows - where I claim (too proudly) complete ignorance. I'm a TDU (Typical Dumb User) there. Thanks - I'll give that a try and report back. And I'm not sure I tried the DVD-R with wodim either - by the time I got there I was on to trying the other formats and (I'm pretty sure) forgot to rotate back to that. Frustration does funny things to logic. JD snip sig stuff Thanks, Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.0 i386 DVD
On Mon, 2011-10-17 at 06:47 -0400, William L. Maltby wrote: On Mon, 2011-10-17 at 02:48 -0700, John Doe wrote: From: William L. Maltby centos4b...@triad.rr.com Anyway, my life would've (will be) a bit simpler if someone can clue me in to how to get that image onto a DVD using either CentOS 6 or Windows. As stated in the release notes, you need a DVD-R. In my case, k3b failed to write it but regular gnome CD/DVD Creator worked... The DVD-R was the first one I tried, because of the notes. But I never tried the gnome creator. In fact, being old-school, command line is always my preference and I didn't try any GUI ones except on windows - where I claim (too proudly) complete ignorance. I'm a TDU (Typical Dumb User) there. Thanks - I'll give that a try and report back. And I'm not sure I tried the DVD-R with wodim either - by the time I got there I was on to trying the other formats and (I'm pretty sure) forgot to rotate back to that. Worked like a champ on Windows using Power2Go! I wonder what I did wrong first time around! When I reboot that box to CentOS, I'll try wodim again - I bet it works and I never tried the DVD-R in there. Thanks for taking the time! Frustration does funny things to logic. JD snip sig stuff Bill ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] L9 - what is a value
This code:
var('i') = string;
boolean($i); 'br';
var('i') = array;
boolean($i); 'br';
gives:
false
true
So an empty array gives true but an empty string false.
This is different from L8. Is this intentional? If so, why?
- Jussi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux triggered during Libvirt snapshots
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that SELinux
is preventing /usr/libexec/qemu-kvm getattr access from the
directory I store all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount point,
and every file and folder under /vmstore currently has the correct
context that was set by doing the following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)? restorecon -R
/vmstore
So far I've noticed then when taking snapshots and also when using
virsh to make changes to a domain's XML file. I haven't had any
problems for the 3 or 4 months I've run this KVM server using
SELinux on Enforcing, and so I'm not really sure what information
is helpful to debug this. The server is CentOS 6 x86_64 updated to
CR. This is the raw audit entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied
{ getattr } for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107
fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname removed)
Any help is greatly appreciated, I've had to deal little with
SELinux fortunately, but at the moment am not really sure if my
snapshots are actually functional or if this is just some false
positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr access on
/vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not expected
that this
access is required by qemu-kvm and this access may signal an
intrusion attempt. It is also possible that the specific
version or configuration of the application is causing it to
require additional access.
Allowing Access
You can generate a local policy module to allow this access - see
FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
denied { getattr } for pid=1842 comm=qemu-kvm name=/
dev=dm-2 ino=2 scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 uid=107
gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107
tty=(none) ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS mailing
list CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening is qemu-kvm is noticing you have a
file system mounted, and doing a getattr on it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6cI/8ACgkQrlYvE4MpobM6/QCg1qs8iK+dVRsPNVB+QXgr0zEN
+EMAnAghOHYB4INQ/NH1D4i9k3uJD7Ob
=TfIB
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] SORRY - L9 - what is a value
Sorry, wrong list! This is Lasso code.
- Jussi
On 17.10.2011 15.04, Jussi Hirvi wrote:
This code:
var('i') = string;
boolean($i); 'br';
var('i') = array;
boolean($i); 'br';
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] L9 - what is a value
This code:
var('i') = string;
boolean($i); 'br';
var('i') = array;
boolean($i); 'br';
gives:
false
true
So an empty array gives true but an empty string false.
This is different from L8. Is this intentional? If so, why?
This has consequences which I think are counterintuitive:
var('i') = array(1);
if($i - find('whatever'));
i 'true'; 'br';
$i - find('whatever'); 'br';
/if;
The if clause evaluates as true and gives as output:
true
array()
- Jussi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots
Forwarding back to list.
-- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com
Date: Oct 17, 2011 10:06 AM
Subject: Re: [CentOS] SELinux triggered during Libvirt snapshots
To: Daniel J Walsh dwa...@redhat.com
On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that SELinux
is preventing /usr/libexec/qemu-kvm getattr access from the
directory I store all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount point,
and every file and folder under /vmstore currently has the correct
context that was set by doing the following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)? restorecon -R
/vmstore
So far I've noticed then when taking snapshots and also when using
virsh to make changes to a domain's XML file. I haven't had any
problems for the 3 or 4 months I've run this KVM server using
SELinux on Enforcing, and so I'm not really sure what information
is helpful to debug this. The server is CentOS 6 x86_64 updated to
CR. This is the raw audit entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied
{ getattr } for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107
fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname removed)
Any help is greatly appreciated, I've had to deal little with
SELinux fortunately, but at the moment am not really sure if my
snapshots are actually functional or if this is just some false
positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr access on
/vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not expected
that this
access is required by qemu-kvm and this access may signal an
intrusion attempt. It is also possible that the specific
version or configuration of the application is causing it to
require additional access.
Allowing Access
You can generate a local policy module to allow this access - see
FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1 SMP
Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
denied { getattr } for pid=1842 comm=qemu-kvm name=/
dev=dm-2 ino=2 scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 uid=107
gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107
tty=(none) ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS mailing
list CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening is qemu-kvm is noticing you have a
file system mounted, and doing a getattr on it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6cI/8ACgkQrlYvE4MpobM6/QCg1qs8iK+dVRsPNVB+QXgr0zEN
+EMAnAghOHYB4INQ/NH1D4i9k3uJD7Ob
=TfIB
-END PGP SIGNATURE-
Thanks for the help Dan. Is there something that
Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
Forwarding back to list. -- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com Date: Oct 17, 2011
10:06 AM Subject: Re: [CentOS] SELinux triggered during Libvirt
snapshots To: Daniel J Walsh dwa...@redhat.com
On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com
wrote:
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that
SELinux is preventing /usr/libexec/qemu-kvm getattr access
from the directory I store all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount
point, and every file and folder under /vmstore currently has
the correct context that was set by doing the following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)?
restorecon -R /vmstore
So far I've noticed then when taking snapshots and also when
using virsh to make changes to a domain's XML file. I
haven't had any problems for the 3 or 4 months I've run this
KVM server using SELinux on Enforcing, and so I'm not really
sure what information is helpful to debug this. The server
is CentOS 6 x86_64 updated to CR. This is the raw audit
entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
denied { getattr } for pid=1842 comm=qemu-kvm name=/
dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e syscall=138 success=no exit=-13 a0=9
a1=7fff1cf153f0 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
comm=qemu-kvm exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname
removed)
Any help is greatly appreciated, I've had to deal little
with SELinux fortunately, but at the moment am not really
sure if my snapshots are actually functional or if this is
just some false positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr
access on /vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not
expected that this
access is required by qemu-kvm and this access may signal
an intrusion attempt. It is also possible that the
specific version or configuration of the application is
causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access
- see FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1
SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
avc: denied { getattr } for pid=1842 comm=qemu-kvm
name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS
mailing list CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening is qemu-kvm is noticing you have a
file system mounted, and doing a getattr on it.
Thanks for the help Dan. Is there something that could have
triggered this between 6.0 and 6.1? This server was updated to 6.0
CR around the same time this began happening, so I want to make
sure if it's an issue in CR that I can file a useful bug report.
When updating selinux-policy, do I have to update all the RPMs
[CentOS] CentOS-6 install on 1 Tb drive fails
I am attempting to load CentOS-6 onto a ST31000524AS 1Tb SATA drive in a Supermicro 5015A-EHF-D525 system. The BIOS sees the drive and the CentOS install process sees and initializes it as well. However, even when I accept the default partitioning, I get an error during the drive formatting prior to installing the OS. The error message is: Could not commit to disk /dev/sda. I get this error whether the drive is configured as IDE or AHCI in BIOS. The advanced BIOS configuration section makes reference to LBA addressing and a maximum value of 137 Gb. However, I had previously equipped this very system with a 500 GB SATA drive and had not experienced any problems. Does anyone have any idea as to what might be happening here? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots
On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
Forwarding back to list. -- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com Date: Oct 17, 2011
10:06 AM Subject: Re: [CentOS] SELinux triggered during Libvirt
snapshots To: Daniel J Walsh dwa...@redhat.com
On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com
wrote:
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that
SELinux is preventing /usr/libexec/qemu-kvm getattr access
from the directory I store all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount
point, and every file and folder under /vmstore currently has
the correct context that was set by doing the following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)?
restorecon -R /vmstore
So far I've noticed then when taking snapshots and also when
using virsh to make changes to a domain's XML file. I
haven't had any problems for the 3 or 4 months I've run this
KVM server using SELinux on Enforcing, and so I'm not really
sure what information is helpful to debug this. The server
is CentOS 6 x86_64 updated to CR. This is the raw audit
entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
denied { getattr } for pid=1842 comm=qemu-kvm name=/
dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
arch=c03e syscall=138 success=no exit=-13 a0=9
a1=7fff1cf153f0 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107
egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
comm=qemu-kvm exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname
removed)
Any help is greatly appreciated, I've had to deal little
with SELinux fortunately, but at the moment am not really
sure if my snapshots are actually functional or if this is
just some false positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr
access on /vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not
expected that this
access is required by qemu-kvm and this access may signal
an intrusion attempt. It is also possible that the
specific version or configuration of the application is
causing it to require additional access.
Allowing Access
You can generate a local policy module to allow this access
- see FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1
SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
avc: denied { getattr } for pid=1842 comm=qemu-kvm
name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS
mailing list CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening is qemu-kvm is noticing you have a
file system mounted, and doing a getattr on it.
Thanks for the help Dan. Is there something that could have
triggered this between 6.0 and 6.1? This server was updated to 6.0
CR around the same time this
Re: [CentOS] CentOS-6 install on 1 Tb drive fails
James B. Byrne wrote: I am attempting to load CentOS-6 onto a ST31000524AS 1Tb SATA drive in a Supermicro 5015A-EHF-D525 system. The BIOS sees the drive and the CentOS install process sees and initializes it as well. However, even when I accept the default partitioning, I get an error during the drive formatting prior to installing the OS. The error message is: Could not commit to disk /dev/sda. I get this error whether the drive is configured as IDE or AHCI in BIOS. snip Does anyone have any idea as to what might be happening here? Have you tried putting the drive in another system and see if it's recognized correctly? Also, if you put the old drive back, does it work? What I'm looking for is whether you have a hardware problem, either m/b or drive... or controller card. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/17/2011 02:09 PM, Trey Dockendorf wrote:
On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com
mailto:dwa...@redhat.com wrote:
On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
Forwarding back to list. -- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com
mailto:treyd...@gmail.com Date: Oct 17, 2011 10:06 AM Subject:
Re: [CentOS] SELinux triggered during Libvirt snapshots To:
Daniel J Walsh dwa...@redhat.com mailto:dwa...@redhat.com
On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh
dwa...@redhat.com mailto:dwa...@redhat.com wrote:
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that
SELinux is preventing /usr/libexec/qemu-kvm getattr
access from the directory I store all my virtual machines
for KVM.
All VMs are stored under /vmstore , which is it's own
mount point, and every file and folder under /vmstore
currently has the correct context that was set by doing the
following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)?
restorecon -R /vmstore
So far I've noticed then when taking snapshots and also
when using virsh to make changes to a domain's XML file.
I haven't had any problems for the 3 or 4 months I've run
this KVM server using SELinux on Enforcing, and so I'm not
really sure what information is helpful to debug this. The
server is CentOS 6 x86_64 updated to CR. This is the raw
audit entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
avc: denied { getattr } for pid=1842 comm=qemu-kvm
name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e syscall=138
success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107
sgid=107 fsgid=107 tty=(none) ses=4294967295
comm=qemu-kvm exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname
removed)
Any help is greatly appreciated, I've had to deal little
with SELinux fortunately, but at the moment am not really
sure if my snapshots are actually functional or if this is
just some false positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr
access on /vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not
expected that this
access is required by qemu-kvm and this access may
signal an intrusion attempt. It is also possible that
the specific version or configuration of the
application is causing it to require additional
access.
Allowing Access
You can generate a local policy module to allow this
access - see FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64
#1 SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC
msg=audit(1318634450.285:28): avc: denied { getattr }
for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS
mailing list CentOS@centos.org mailto:CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening is qemu-kvm is noticing you have
a file system mounted, and doing a getattr on it.
Thanks for the help Dan. Is there something that could have
Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots
On Oct 17, 2011 2:06 PM, Daniel J Walsh dwa...@redhat.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 10/17/2011 02:09 PM, Trey Dockendorf wrote:
On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com
mailto:dwa...@redhat.com wrote:
On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
Forwarding back to list. -- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com
mailto:treyd...@gmail.com Date: Oct 17, 2011 10:06 AM Subject:
Re: [CentOS] SELinux triggered during Libvirt snapshots To:
Daniel J Walsh dwa...@redhat.com mailto:dwa...@redhat.com
On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh
dwa...@redhat.com mailto:dwa...@redhat.com wrote:
On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
I recently began getting periodic emails from SEalert that
SELinux is preventing /usr/libexec/qemu-kvm getattr
access from the directory I store all my virtual machines
for KVM.
All VMs are stored under /vmstore , which is it's own
mount point, and every file and folder under /vmstore
currently has the correct context that was set by doing the
following:
semanage fcontext -a -t virt_image_t /vmstore(/.*)?
restorecon -R /vmstore
So far I've noticed then when taking snapshots and also
when using virsh to make changes to a domain's XML file.
I haven't had any problems for the 3 or 4 months I've run
this KVM server using SELinux on Enforcing, and so I'm not
really sure what information is helpful to debug this. The
server is CentOS 6 x86_64 updated to CR. This is the raw
audit entry, (hostname removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
avc: denied { getattr } for pid=1842 comm=qemu-kvm
name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e syscall=138
success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107
sgid=107 fsgid=107 tty=(none) ses=4294967295
comm=qemu-kvm exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname
removed)
Any help is greatly appreciated, I've had to deal little
with SELinux fortunately, but at the moment am not really
sure if my snapshots are actually functional or if this is
just some false positive.
Thanks - Trey
Summary
SELinux is preventing /usr/libexec/qemu-kvm getattr
access on /vmstore.
Detailed Description
SELinux denied access requested by qemu-kvm. It is not
expected that this
access is required by qemu-kvm and this access may
signal an intrusion attempt. It is also possible that
the specific version or configuration of the
application is causing it to require additional
access.
Allowing Access
You can generate a local policy module to allow this
access - see FAQ
Please file a bug report.
Additional Information
Source Context: system_u:system_r:svirt_t:s0:c772,c779
Target Context: system_u:object_r:fs_t:s0
Target Objects: /vmstore [ filesystem ]
Source: qemu-kvm
Source Path: /usr/libexec/qemu-kvm
Port: Unknown
Host: kvmhost.tld
Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
Target RPM Packages:
Policy RPM: selinux-policy-3.7.19-93.el6_1.7
Selinux Enabled: True
Policy Type: targeted
Enforcing Mode: Enforcing
Plugin Name: catchall
Host Name: kvmhost.tld
Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64
#1 SMP Mon Jun 27
19:49:27 BST 2011 x86_64 x86_64
Alert Count: 1
First Seen: Fri Oct 14 18:20:50 2011
Last Seen: Fri Oct 14 18:20:50 2011
Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
Line Numbers:
Raw Audit Messages :
node=kvmhost.tld type=AVC
msg=audit(1318634450.285:28): avc: denied { getattr }
for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL
msg=audit(1318634450.285:28): arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
ses=4294967295 comm=qemu-kvm
exe=/usr/libexec/qemu-kvm
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
___ CentOS
mailing list CentOS@centos.org mailto:CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
THis is a bug in policy. It can be allowed for now.
We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6
I believe all that is happening
Re: [CentOS] CentOS-6 install on 1 Tb drive fails
On Mon, October 17, 2011 14:01, James B. Byrne wrote: I am attempting to load CentOS-6 onto a ST31000524AS 1Tb SATA drive in a Supermicro 5015A-EHF-D525 system. The BIOS sees the drive and the CentOS install process sees and initializes it as well. However, even when I accept the default partitioning, I get an error during the drive formatting prior to installing the OS. The error message is: Could not commit to disk /dev/sda. I get this error whether the drive is configured as IDE or AHCI in BIOS. On Mon Oct 17 14:12:26 EDT 2011, m.roth at 5-cent.us m.roth at 5-cent.us wrote: Have you tried putting the drive in another system and see if it's recognized correctly? I have and the drive in question is formatted and CentOS-6 is successfully installed using the same media if I employ a different system to do the work. Also, if you put the old drive back, does it work? Yes, I can boot the Supermicro system from a previously formatted 500Gb disc that already has CentOS-6 installed on it. Further, if I install the 1Tb disk, now formatted and with CentOS installed courtesy of the other host, then the Supermicro system also boots from it. What I'm looking for is whether you have a hardware problem, either m/b or drive... or controller card. It does not appear to me to be hardware related, at least not directly. I suspect a bug in Anaconda. There are reports of a similar issue in Fedora last year and the bug was supposed to have been fixed in June of 2010, if indeed my problem is the same thing or something related. -- *** E-Mail is NOT a SECURE channel *** James B. Byrnemailto:byrn...@harte-lyne.ca Harte Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS-6 install on 1 Tb drive fails
James B. Byrne wrote: On Mon, October 17, 2011 14:01, James B. Byrne wrote: I am attempting to load CentOS-6 onto a ST31000524AS 1Tb SATA drive in a Supermicro 5015A-EHF-D525 system. The BIOS sees the drive and the CentOS install process sees and initializes it as well. However, even when I accept the default partitioning, I get an error during the drive formatting prior to installing the OS. The error message is: Could not commit to disk /dev/sda. I get this error whether the drive is configured as IDE or AHCI in BIOS. On Mon Oct 17 14:12:26 EDT 2011, m.roth at 5-cent.us m.roth at 5-cent.us wrote: Have you tried putting the drive in another system and see if it's recognized correctly? yep, he says Also, if you put the old drive back, does it work? Yes, I can boot the Supermicro system from a previously snip What I'm looking for is whether you have a hardware problem, either m/b or drive... or controller card. It does not appear to me to be hardware related, at least not directly. I suspect a bug in Anaconda. There are reports of a similar issue in Fedora last year and the bug was supposed to have been fixed in June of 2010, if indeed my problem is the same thing or something related. Huh. Dunno - I've done installs on 1TB, 1.5TB, 2TB and 3TB drives with no problem. mark ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] CentOS 6.0 i386 DVD
On Mon, Oct 17, 2011 at 11:47 PM, William L. Maltby centos4b...@triad.rr.com wrote: Frustration does funny things to logic. Ha! Nice one. Cheers, Cliff ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] haproxy ssl
hello list, I am attempting to load balance SSL web servers using haproxy on centos 5.7. I am using HA-Proxy version 1.4.18 Here is the stanza in the config regarding SSL: listen https 192.168.1.200:443 mode tcp balance roundrobin option forwardfor except 192.168.1.200 option redispatch maxconn 1 reqadd X-Forwarded-Proto:\ https server web1 web1.summitnjhome.com:443 maxconn 5000 server web2 web2.summitnjhome.com:443 maxconn 5000 I can connect to https on each web server and have it serve content. the IP 192.168.1.200 is a virtual IP created with keepalived and floating between two load balancers. I can connect to the virtual ip via openssl s_connect and GET / where i see the source code for the home page openssl s_client -connect 192.168.1.200:443 CONNECTED(0003) --- Certificate chain 0 s:/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com i:/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com --- Server certificate -BEGIN CERTIFICATE- MIIFejCCA2ICCQCjGRFk9cQ13zANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJV UzELMAkGA1UECBMCTkoxDzANBgNVBAcTBlN1bW1pdDENMAsGA1UEChMEU05KSDEb MBkGA1UEAwwSKi5zdW1taXRuamhvbWUuY29tMSYwJAYJKoZIhvcNAQkBFhdibHVl dGh1bmRyQGpva2VmaXJlLmNvbTAeFw0xMTA5MjUwMjU4NTRaFw0xMjA5MjQwMjU4 NTRaMH8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOSjEPMA0GA1UEBxMGU3VtbWl0 MQ0wCwFAKEFDATA4Yj2LgSBwxezlE CMmqfE0Sg0lgKe3jmyzNHCAHGrzMKVdIUW7UBI+V4wZyE08Mw3HUh13To6DzBnmp ET+zvFk5uUnbpzk3FWYFPPxiESuIEQKmi+MzrPnM6hjKc+Caq7rBxdWvg0d8eNsN t2+UJxTJpnucgnAtIbAktNlsbYhb4Yw9iFs1YecPqvtaS22ZsChmlDAwpQYhn88p OK+K9qOg8bMYThe6xPaAK1sMk+YfmhSPIaT974FYSIeFeY8fFa8zIZbiUcSxOnyM fI/xh2uMwJkpxzHBXJWQxP3LZlgghSyuzL9j/g16xLZ3BotYwTGqHzMuoDVXQijq 92YTmeSl5bPaNro1stExh4ug+zk2IqrowciZ1Ehk1vQKCl31GjLKFX1P3fhwjt0o /lQBnIgRtBFSI9RVP41+PTPjXXVzhqlgf3h1oFJ36sOQeg8342Hu0UWFg6gpy+q/ 7iyuVV0CAwEAATANBgkqhkiG9w0BAQUFAAOCAgEABdQxDHPkpQV+A1RnwGP9nGNC 1uR+MTnuuowiUIEsTkSTipSlviVHlJx8CYDkQ3kcBiPJk6SjuOT8WrFu9D7+nAr8 7SNGknoe7flxhxI0fIqeLaQIncEAliv5mzw/agj2htn7GTmhP3At+JD3e3FYCrLI kUoom53wLzJvoSu2ixBdY9yLQePC5AYBIlI6RVyCLMPQVen0fvgI7Ecyx+vvpjvD Cu+rnGKxplPwROlFe2NPrLrV7pnGYGNcLSkO5fF32b3XvKob+xRG+rCUvmYtHA6y 6lEOBz8prwfc6ZTum+9vpb5ONmWtSaYn7mjPR/jw55kLSZ+NggW5YH6lqL8jb8b0 kNHZKgInSFSmoMY2W7pEq4ZQ5S8m5VrruBzqXNnCJ5NmQqF8bM97k81ATZoZ+r6z oo51BfFGJSQdnGJNDJnBnl7bf9ynSbkYV3VidRNGHm+Gr/YYP32ITihlZLTioCmk Wt+2x0xRk5jUS+MjCn5ozYTph3PxU/wW913+HCjDzx0g4fDLYW+YbWmV4zdls/Z7 pxdYaFDR594Ov1H7E2wPZeWBmR+7kT2ZFwOXVQb0qF2Dx5Q0dbZ9TEu8rTJ7jdjD he/odOx11Qmiau/UYd5c0Pop6dJu3NhnlromNSAKR5QlTWE4UerOOyxwV+OklsDt 8qijXOiRdqk4efqL4cs= -END CERTIFICATE- subject=/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com issuer=/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com --- No client certificate CA names sent --- SSL handshake has read 2361 bytes and written 319 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher: DHE-RSA-AES256-SHA Session-ID: 74AE373F9F177593D9CF8FFDFE2EDEB6C11958BF03E5315FC49C0641A17A6277 Session-ID-ctx: Master-Key: E4C07C8D40B045FB30F612966F587AC30E3859913795B22D586D598F9EB3FE5BD97F6511920793E29EA363FE9A3961DD Key-Arg : None Krb5 Principal: None Start Time: 1318902076 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) --- html head img src='Illustration.jpg'/img /head /html closed For now it's just a demo page with more complex content living deeper in the directory structure. A port scan with nmap shows that port 443 is open... [root@VIRTCENT02:~] #nmap -p 443 192.168.1.200 Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-10-17 21:59 EDT Interesting ports on 192.168.1.200: PORTSTATE SERVICE 443/tcp open https And the port 443 is being listened to.. [root@VIRTCENT02:~] #lsof -i :443 COMMAND PIDUSER FD TYPE DEVICE SIZE NODE NAME haproxy 1763 haproxy6u IPv4 7586 TCP VIRTUAL.example.com:https (LISTEN) [root@VIRTCENT01:~] #netstat -tulpn | grep 443 tcp0 0 192.168.1.200:443 0.0.0.0:* LISTEN 1752/haproxy But a page will not render in a web page. Unable to connect Firefox can't establish a connection to the server at virtual.example.com. And there is no activity in the haproxy debug logs when I hit the web page at this address which should map to that ip. [root@VIRTCENT01:~] #host virtual.example.com virtual.example.com has address 192.168.1.200 Thanks in advance! tim ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
