[CentOS-announce] CEBA-2011-1375 CentOS 5 x86_64 evince FASTTRACK Update

2011-10-17 Thread Johnny Hughes

CentOS Errata and Bugfix Advisory 2011-1375 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1375.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
86e080bb248662e878810a6923a53ec1  evince-0.6.0-17.el5.x86_64.rpm

Source:
504d8af60587451cf83b8d907a6d3574  evince-0.6.0-17.el5.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net

___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


[CentOS-announce] CEBA-2011-1376 CentOS 5 x86_64 gpart FASTTRACK Update

2011-10-17 Thread Johnny Hughes

CentOS Errata and Bugfix Advisory 2011-1376 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1376.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
6ad564254aa2fb1bf177166f04594673  gpart-0.1h-6.el5.x86_64.rpm

Source:
ad20a9962e833a71125fd4546d5fcdfb  gpart-0.1h-6.el5.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net

___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


[CentOS-announce] CEBA-2011-1376 CentOS 5 i386 gpart FASTTRACK Update

2011-10-17 Thread Johnny Hughes

CentOS Errata and Bugfix Advisory 2011-1376 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1376.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
74f1721b2af503a98fd02affa508840b  gpart-0.1h-6.el5.i386.rpm

Source:
ad20a9962e833a71125fd4546d5fcdfb  gpart-0.1h-6.el5.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net

___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


[CentOS-announce] CEBA-2011:1374 CentOS 5 i386 autofs Update

2011-10-17 Thread Johnny Hughes

CentOS Errata and Bugfix Advisory 2011:1374 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1374.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
4c4ec40c855cbd388a321dabddf714b5  autofs-5.0.1-0.rc2.156.el5_7.3.i386.rpm

Source:
4462ed466dad8622f8a94f866c832c62  autofs-5.0.1-0.rc2.156.el5_7.3.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net

___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


[CentOS-announce] CEBA-2011:1374 CentOS 5 x86_64 autofs Update

2011-10-17 Thread Johnny Hughes

CentOS Errata and Bugfix Advisory 2011:1374 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2011-1374.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
2d9b6215db1782dd77d6585544d1c14d  autofs-5.0.1-0.rc2.156.el5_7.3.x86_64.rpm

Source:
4462ed466dad8622f8a94f866c832c62  autofs-5.0.1-0.rc2.156.el5_7.3.src.rpm


-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net

___
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


Re: [CentOS-es] Que me recomiendan usa Como Autenticador de usuario NIS o LDAP (OpenLDAP)

2011-10-17 Thread ISAAC GARCIA CAYOLA

señores centos.org
 
Soy isaac Garcia desde cali- colombia

requiero una ayuda urgente de parte de Uds.
Estoy tratando de instalar un servidor Centos para administrar un aplicativo 
para varios usuarios.
 
El problema es que he bajado varias compilaciones ISO de las paginas que he 
encontrado, pero ninguna es Bootable
Por lo que se ha vuelto muy complicado instalar el servidor.
Requiero saber cual es el metodo seguro para uno poder bajar una compilacion 
ISO que funcione o como poner a bootear una ya descargada.
 
Tambien un manualillo de Centos para instalar el servicio SAMBA y poder accesar 
desde Windows con Putty o con el Browser de Windows.
Quedo en espera de una respuesta Pronta de poder Uds.
Gracias de Antemano por cualquier ayuda.
 

  
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es


[CentOS-es] Problemas para compilar .

2011-10-17 Thread Luciano Andrés Chiarotto
Hola a todos.

Le hago una consulta.

Quiero compilar el paquete de Soft Gromacs-4.5.5.tar.gz

Lo que hice fue lo siguiente...

1ro) - Instale el ... # yum install gcc gcc-c++ autoconf automake, son las
herramientas para compilar.

2do) - Guarde el archivo gromacs-4.5.5.tar.gz en el directorio /usr/local,
alli los descomprimí con ...

tar -zxvf gromacs-4.5.5.tar.gz, luego...

./configure y  aca viene la pregunta...

cuando quiero ejecutar  make  me dice que ... -bash: make: no se ejecuto
la orden.

Alguno me puede decir que me esta ocurriendo, porque no me deja compilar el
paquete.???

Desde ya muchas gracias.

Saludos Luciano
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es


Re: [CentOS-es] Problemas para compilar .

2011-10-17 Thread Luciano Andrés Chiarotto
Ernesto, gracias por tu respuesta y tu sugerencia. La voy a tener muy en
cuenta.

De nuevo, muchas gracias.

El 17 de octubre de 2011 16:32, Ernesto Pérez Estévez 
cen...@nuestroserver.com escribió:

 El lun, 17-10-2011 a las 16:25 -0300, Luciano Andrés Chiarotto escribió:
  Hola a todos.
 
  Le hago una consulta.
 
  Quiero compilar el paquete de Soft Gromacs-4.5.5.tar.gz
 
  Lo que hice fue lo siguiente...
 
  1ro) - Instale el ... # yum install gcc gcc-c++ autoconf automake, son
 las
  herramientas para compilar.
 
  2do) - Guarde el archivo gromacs-4.5.5.tar.gz en el directorio
 /usr/local,
  alli los descomprimí con ...
 
  tar -zxvf gromacs-4.5.5.tar.gz, luego...
 
  ./configure y  aca viene la pregunta...
 
  cuando quiero ejecutar  make  me dice que ... -bash: make: no se
 ejecuto
  la orden.

 aunque no soy partidario de compilar algo fuera del esquema de rpm
 porque después puede traer conflictos de bibliotecas y algunas cosas más
 te respondo

 yum install make

 saludos
 epe

 
  Alguno me puede decir que me esta ocurriendo, porque no me deja compilar
 el
  paquete.???
 
  Desde ya muchas gracias.
 
  Saludos Luciano
  ___
  CentOS-es mailing list
  CentOS-es@centos.org
  http://lists.centos.org/mailman/listinfo/centos-es
 


 ___
 CentOS-es mailing list
 CentOS-es@centos.org
 http://lists.centos.org/mailman/listinfo/centos-es




-- 

_(@^@)__
Luciano Andres Chiarotto
Celular:02652-15655153; San Luis (Capital).
Técnico Universitario en Microprocesadores
El saber es la parte principal de la felicidad.
Sócrates (470-399 a. C.); filósofo griego.
___
CentOS-es mailing list
CentOS-es@centos.org
http://lists.centos.org/mailman/listinfo/centos-es


Re: [CentOS] What's up with the mailing list?

2011-10-17 Thread Lorenzo Martínez Rodríguez
El 16/10/11 21:08, John R Pierce escribió:
 On 10/16/11 6:57 AM, Lorenzo Martínez Rodríguez wrote:
 Following your link I only see Compatible with Windows
 ME/2000/XP/Vista/7 Are you sure it will work with CentOS 6? I don't use
 it for print anything, but just to switch on my own home alarm as I
 wrote here:
 http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html
 Sorry, it is in spanish, that's my language :) Give it a try with some
 online translation service.
 that style of programming, poking bits at a physical IO device at an
 assumed port address will not work on anything but a legacy mainboard
 LPT1 port.   any PCI or PCI-E port will be at a dynamic address which
 you'd have to find via the plug and play device registry, or groping
 your way through the output of lspci, which it appears you've been
 doing.. a USB port requires a complex sequence of commands to be sent to
 the USB controller to send data to the port.

 my guess is, the newer kernels have dropped support entirely for
 ieee1284 devices.

Hi John,
Trust me, with kernel 2.6.32-71.29.1.el6.x86_64 it works like a charm. 
It is true I had to detect by myself the IO port the BIOS assign to the 
card and that's all. As I don't have to change daily the card to a 
different slot, everything works if I load the driver parport_pc with 
parameter io=0x2018.
I was able to do this because if I type lspci, the operating system 
detects the card. The problem comes when I start with kernel 
2.6.32-131.17.1.el6. Then lspci does not not show the card in the right 
way. Instead a message with the text !!! Unknown header type 7f 
appears in the section of that card.  :(


-- 


Lorenzo Martinez Rodriguez

Visit me:   http://www.lorenzomartinez.es
Mail me to: lore...@lorenzomartinez.es
My blog: http://www.securitybydefault.com
My twitter: @lawwait
PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] What's up with the mailing list?

2011-10-17 Thread Lorenzo Martínez Rodríguez

Hi Patrick,

It is detected and working now if I use kernel 
2.6.32-71.29.1.el6.x86_64. The problem comes if Update to kernel 
2.6.32-131.17.1.el6 from *cr* repository.
I will try to send the bug to the link you sent.

Thanks a lot,

El 16/10/11 16:39, Patrick Lists escribió:
 On 10/16/2011 03:57 PM, Lorenzo Martínez Rodríguez wrote:
 [snip]
 If you need it for a printer then why not get a usb-parallel cable:
 http://www.lindy.co.uk/usb-to-parallel-printer-port-adapter-cable-15m/42882.html

 Maybe this is the difference
 Following your link I only see Compatible with Windows
 ME/2000/XP/Vista/7 Are you sure it will work with CentOS 6? I don't use
 it for print anything, but just to switch on my own home alarm as I
 wrote here:
 http://www.securitybydefault.com/2011/04/trasteando-con-una-alarma-de-securitas.html
 Sorry, it is in spanish, that's my language :) Give it a try with some
 online translation service.
 Nope I don't know if it will work with CentOS 6. I looked at your page.
 I don't speak Spanish but got the idea. Pretty neat.

 [snip]
 If you don't expect anything from somebody, and you receive anything,...
 it would be very pleasant. Since I belong to this list, the only topic
 with 0 answers was my question. Is it so difficult?
 Well now at least you got 2 :)

 Have you tried getting the latest Fedora 15 live cd (or maybe even the
 latest Fedora 16 beta/TC live cd) and boot that on your server and see
 if your card is recognized? That should give you some more info. Then
 file a bug at the CentOS website or maybe directly on the Red Hat
 bugzilla: https://bugzilla.redhat.com

 If your card is not recognized in the latest CentOS CR kernel and in F15
 (or F16) then you could file the bug twice (under RHEL6 and F15/F16).
 Hopefully that should get the kernel devs attention.

 If you can find such a usb-parallel cable at a local computer store
 perhaps you could try it and return it if it does not work?

 Regards,
 Patrick
 ___
 CentOS mailing list
 CentOS@centos.org
 http://lists.centos.org/mailman/listinfo/centos




-- 


Lorenzo Martinez Rodriguez

Visit me:   http://www.lorenzomartinez.es
Mail me to: lore...@lorenzomartinez.es
My blog: http://www.securitybydefault.com
My twitter: @lawwait
PGP Fingerprint: 97CC 2584 7A04 B2BA 00F1 76C9 0D76 83A2 9BBC BDE2

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 6.0 i386 DVD

2011-10-17 Thread John Doe
From: William L. Maltby centos4b...@triad.rr.com

 Anyway, my life would've (will be) a bit simpler if someone can clue me
 in to how to get that image onto a DVD using either CentOS 6 or Windows.

As stated in the release notes, you need a DVD-R.
In my case, k3b failed to write it but regular gnome CD/DVD Creator worked...

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 6.0 i386 DVD

2011-10-17 Thread William L. Maltby

On Mon, 2011-10-17 at 02:48 -0700, John Doe wrote:
 From: William L. Maltby centos4b...@triad.rr.com
 
  Anyway, my life would've (will be) a bit simpler if someone can clue me
  in to how to get that image onto a DVD using either CentOS 6 or Windows.
 
 As stated in the release notes, you need a DVD-R.
 In my case, k3b failed to write it but regular gnome CD/DVD Creator 
 worked...

The DVD-R was the first one I tried, because of the notes. But I never
tried the gnome creator. In fact, being old-school, command line is
always my preference and I didn't try any GUI ones except on windows -
where I claim (too proudly) complete ignorance. I'm a TDU (Typical Dumb
User) there.

Thanks - I'll give that a try and report back. And I'm not sure I tried
the DVD-R with wodim either - by the time I got there I was on to trying
the other formats and (I'm pretty sure) forgot to rotate back to that.

Frustration does funny things to logic.

 
 JD
 snip sig stuff

Thanks,
Bill

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 6.0 i386 DVD

2011-10-17 Thread William L. Maltby

On Mon, 2011-10-17 at 06:47 -0400, William L. Maltby wrote:
 On Mon, 2011-10-17 at 02:48 -0700, John Doe wrote:
  From: William L. Maltby centos4b...@triad.rr.com
  
   Anyway, my life would've (will be) a bit simpler if someone can clue me
   in to how to get that image onto a DVD using either CentOS 6 or Windows.
  
  As stated in the release notes, you need a DVD-R.
  In my case, k3b failed to write it but regular gnome CD/DVD Creator 
  worked...
 
 The DVD-R was the first one I tried, because of the notes. But I never
 tried the gnome creator. In fact, being old-school, command line is
 always my preference and I didn't try any GUI ones except on windows -
 where I claim (too proudly) complete ignorance. I'm a TDU (Typical Dumb
 User) there.
 
 Thanks - I'll give that a try and report back. And I'm not sure I tried
 the DVD-R with wodim either - by the time I got there I was on to trying
 the other formats and (I'm pretty sure) forgot to rotate back to that.

Worked like a champ on Windows using Power2Go! I wonder what I did wrong
first time around! When I reboot that box to CentOS, I'll try wodim
again - I bet it works and I never tried the DVD-R in there.

Thanks for taking the time!

 
 Frustration does funny things to logic.
 
  
  JD
  snip sig stuff

Bill


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] L9 - what is a value

2011-10-17 Thread Jussi Hirvi
This code:

var('i') = string;
boolean($i); 'br';
var('i') = array;
boolean($i); 'br';

gives:

  false
  true

So an empty array gives true but an empty string false.
This is different from L8. Is this intentional? If so, why?

- Jussi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] SELinux triggered during Libvirt snapshots

2011-10-17 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
 I recently began getting periodic emails from SEalert that SELinux
 is preventing /usr/libexec/qemu-kvm getattr access from the
 directory I store all my virtual machines for KVM.
 
 All VMs are stored under /vmstore , which is it's own mount point,
 and every file and folder under /vmstore currently has the correct
 context that was set by doing the following:
 
 semanage fcontext -a -t virt_image_t /vmstore(/.*)? restorecon -R
 /vmstore
 
 So far I've noticed then when taking snapshots and also when using
 virsh to make changes to a domain's XML file.  I haven't had any
 problems for the 3 or 4 months I've run this KVM server using
 SELinux on Enforcing, and so I'm not really sure what information
 is helpful to debug this.  The server is CentOS 6 x86_64 updated to
 CR.  This is the raw audit entry, (hostname removed)
 
 node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied
 { getattr } for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2 
 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem 
 node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
 arch=c03e syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107
 fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm
 exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 I've attached the alert email as a quote below, (hostname removed)
 
 Any help is greatly appreciated, I've had to deal little with
 SELinux fortunately, but at the moment am not really sure if my
 snapshots are actually functional or if this is just some false
 positive.
 
 Thanks - Trey
 
 Summary
 
 SELinux is preventing /usr/libexec/qemu-kvm getattr access on
 /vmstore.
 
 Detailed Description
 
 SELinux denied access requested by qemu-kvm. It is not expected
 that this
 access is required by qemu-kvm and this access may signal an
 intrusion attempt. It is also possible that the specific
 version or configuration of the application is causing it to
 require additional access.
 
 Allowing Access
 
 You can generate a local policy module to allow this access - see
 FAQ
 Please file a bug report.
 
 Additional Information
 
 Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
 Target Context:   system_u:object_r:fs_t:s0
 
 Target Objects:   /vmstore [ filesystem ]
 
 Source:   qemu-kvm
 
 Source Path:   /usr/libexec/qemu-kvm
 
 Port:   Unknown
 
 Host:   kvmhost.tld
 
 Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
 Target RPM Packages:
 
 Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
 Selinux Enabled:   True
 
 Policy Type:   targeted
 
 Enforcing Mode:   Enforcing
 
 Plugin Name:   catchall
 
 Host Name:   kvmhost.tld
 
 Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1 SMP
 Mon Jun 27
 19:49:27 BST 2011 x86_64 x86_64
 
 Alert Count:   1
 
 First Seen:   Fri Oct 14 18:20:50 2011
 
 Last Seen:   Fri Oct 14 18:20:50 2011
 
 Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
 Line Numbers:
 
 Raw Audit Messages :
 
 
 node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
 denied { getattr } for pid=1842 comm=qemu-kvm name=/
 dev=dm-2 ino=2 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
 node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
 arch=c03e
 syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 uid=107
 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107
 tty=(none) ses=4294967295 comm=qemu-kvm
 exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
 ___ CentOS mailing
 list CentOS@centos.org 
 http://lists.centos.org/mailman/listinfo/centos


THis is a bug in policy.  It can be allowed for now.

We have 6.2 selinux-policy preview package available on
http://people.redhat.com/dwalsh/SELinux/RHEL6

I believe all that is happening is qemu-kvm is noticing you have a
file system mounted, and doing a getattr on it.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk6cI/8ACgkQrlYvE4MpobM6/QCg1qs8iK+dVRsPNVB+QXgr0zEN
+EMAnAghOHYB4INQ/NH1D4i9k3uJD7Ob
=TfIB
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] SORRY - L9 - what is a value

2011-10-17 Thread Jussi Hirvi
Sorry, wrong list! This is Lasso code.

- Jussi

On 17.10.2011 15.04, Jussi Hirvi wrote:
 This code:

 var('i') = string;
 boolean($i); 'br';
 var('i') = array;
 boolean($i); 'br';
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] L9 - what is a value

2011-10-17 Thread Jussi Hirvi
This code:

var('i') = string;
boolean($i); 'br';
var('i') = array;
boolean($i); 'br';

gives:

 false
 true

So an empty array gives true but an empty string false.
This is different from L8. Is this intentional? If so, why?

This has consequences which I think are counterintuitive:

var('i') = array(1);
if($i - find('whatever'));
i   'true'; 'br';
$i - find('whatever'); 'br';
/if;

The if clause evaluates as true and gives as output:
true
array()

- Jussi

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

2011-10-17 Thread Trey Dockendorf
Forwarding back to list.
-- Forwarded message --
From: Trey Dockendorf treyd...@gmail.com
Date: Oct 17, 2011 10:06 AM
Subject: Re: [CentOS] SELinux triggered during Libvirt snapshots
To: Daniel J Walsh dwa...@redhat.com



On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
  I recently began getting periodic emails from SEalert that SELinux
  is preventing /usr/libexec/qemu-kvm getattr access from the
  directory I store all my virtual machines for KVM.
 
  All VMs are stored under /vmstore , which is it's own mount point,
  and every file and folder under /vmstore currently has the correct
  context that was set by doing the following:
 
  semanage fcontext -a -t virt_image_t /vmstore(/.*)? restorecon -R
  /vmstore
 
  So far I've noticed then when taking snapshots and also when using
  virsh to make changes to a domain's XML file.  I haven't had any
  problems for the 3 or 4 months I've run this KVM server using
  SELinux on Enforcing, and so I'm not really sure what information
  is helpful to debug this.  The server is CentOS 6 x86_64 updated to
  CR.  This is the raw audit entry, (hostname removed)
 
  node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied
  { getattr } for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
  scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
  node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
  arch=c03e syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
  a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
  uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107
  fsgid=107 tty=(none) ses=4294967295 comm=qemu-kvm
  exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
  I've attached the alert email as a quote below, (hostname removed)
 
  Any help is greatly appreciated, I've had to deal little with
  SELinux fortunately, but at the moment am not really sure if my
  snapshots are actually functional or if this is just some false
  positive.
 
  Thanks - Trey
 
  Summary
 
  SELinux is preventing /usr/libexec/qemu-kvm getattr access on
  /vmstore.
 
  Detailed Description
 
  SELinux denied access requested by qemu-kvm. It is not expected
  that this
  access is required by qemu-kvm and this access may signal an
  intrusion attempt. It is also possible that the specific
  version or configuration of the application is causing it to
  require additional access.
 
  Allowing Access
 
  You can generate a local policy module to allow this access - see
  FAQ
  Please file a bug report.
 
  Additional Information
 
  Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
  Target Context:   system_u:object_r:fs_t:s0
 
  Target Objects:   /vmstore [ filesystem ]
 
  Source:   qemu-kvm
 
  Source Path:   /usr/libexec/qemu-kvm
 
  Port:   Unknown
 
  Host:   kvmhost.tld
 
  Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
  Target RPM Packages:
 
  Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
  Selinux Enabled:   True
 
  Policy Type:   targeted
 
  Enforcing Mode:   Enforcing
 
  Plugin Name:   catchall
 
  Host Name:   kvmhost.tld
 
  Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1 SMP
  Mon Jun 27
  19:49:27 BST 2011 x86_64 x86_64
 
  Alert Count:   1
 
  First Seen:   Fri Oct 14 18:20:50 2011
 
  Last Seen:   Fri Oct 14 18:20:50 2011
 
  Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
  Line Numbers:
 
  Raw Audit Messages :
 
 
  node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
  denied { getattr } for pid=1842 comm=qemu-kvm name=/
  dev=dm-2 ino=2 scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
  node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
  arch=c03e
  syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
  a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295 uid=107
  gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107
  tty=(none) ses=4294967295 comm=qemu-kvm
  exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
  ___ CentOS mailing
  list CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos


 THis is a bug in policy.  It can be allowed for now.

 We have 6.2 selinux-policy preview package available on
 http://people.redhat.com/dwalsh/SELinux/RHEL6

 I believe all that is happening is qemu-kvm is noticing you have a
 file system mounted, and doing a getattr on it.
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.11 (GNU/Linux)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk6cI/8ACgkQrlYvE4MpobM6/QCg1qs8iK+dVRsPNVB+QXgr0zEN
 +EMAnAghOHYB4INQ/NH1D4i9k3uJD7Ob
 =TfIB
 -END PGP SIGNATURE-


Thanks for the help Dan.  Is there something that 

Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

2011-10-17 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
 Forwarding back to list. -- Forwarded message -- 
 From: Trey Dockendorf treyd...@gmail.com Date: Oct 17, 2011
 10:06 AM Subject: Re: [CentOS] SELinux triggered during Libvirt
 snapshots To: Daniel J Walsh dwa...@redhat.com
 
 
 
 On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com
 wrote:
 
 On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
 I recently began getting periodic emails from SEalert that
 SELinux is preventing /usr/libexec/qemu-kvm getattr access
 from the directory I store all my virtual machines for KVM.
 
 All VMs are stored under /vmstore , which is it's own mount
 point, and every file and folder under /vmstore currently has
 the correct context that was set by doing the following:
 
 semanage fcontext -a -t virt_image_t /vmstore(/.*)?
 restorecon -R /vmstore
 
 So far I've noticed then when taking snapshots and also when
 using virsh to make changes to a domain's XML file.  I
 haven't had any problems for the 3 or 4 months I've run this
 KVM server using SELinux on Enforcing, and so I'm not really
 sure what information is helpful to debug this.  The server
 is CentOS 6 x86_64 updated to CR.  This is the raw audit
 entry, (hostname removed)
 
 node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
 denied { getattr } for pid=1842 comm=qemu-kvm name=/
 dev=dm-2 ino=2 
 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem 
 node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28): 
 arch=c03e syscall=138 success=no exit=-13 a0=9
 a1=7fff1cf153f0 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
 auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107
 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 I've attached the alert email as a quote below, (hostname
 removed)
 
 Any help is greatly appreciated, I've had to deal little
 with SELinux fortunately, but at the moment am not really
 sure if my snapshots are actually functional or if this is
 just some false positive.
 
 Thanks - Trey
 
 Summary
 
 SELinux is preventing /usr/libexec/qemu-kvm getattr
 access on /vmstore.
 
 Detailed Description
 
 SELinux denied access requested by qemu-kvm. It is not
 expected that this
 access is required by qemu-kvm and this access may signal
 an intrusion attempt. It is also possible that the
 specific version or configuration of the application is
 causing it to require additional access.
 
 Allowing Access
 
 You can generate a local policy module to allow this access
 - see FAQ
 Please file a bug report.
 
 Additional Information
 
 Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
 Target Context:   system_u:object_r:fs_t:s0
 
 Target Objects:   /vmstore [ filesystem ]
 
 Source:   qemu-kvm
 
 Source Path:   /usr/libexec/qemu-kvm
 
 Port:   Unknown
 
 Host:   kvmhost.tld
 
 Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
 Target RPM Packages:
 
 Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
 Selinux Enabled:   True
 
 Policy Type:   targeted
 
 Enforcing Mode:   Enforcing
 
 Plugin Name:   catchall
 
 Host Name:   kvmhost.tld
 
 Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1
 SMP Mon Jun 27
 19:49:27 BST 2011 x86_64 x86_64
 
 Alert Count:   1
 
 First Seen:   Fri Oct 14 18:20:50 2011
 
 Last Seen:   Fri Oct 14 18:20:50 2011
 
 Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
 Line Numbers:
 
 Raw Audit Messages :
 
 
 node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
 avc: denied { getattr } for pid=1842 comm=qemu-kvm
 name=/ dev=dm-2 ino=2
 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
 node=kvmhost.tld type=SYSCALL
 msg=audit(1318634450.285:28): arch=c03e
 syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
 auid=4294967295 uid=107 gid=107 euid=107 suid=107
 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
 ses=4294967295 comm=qemu-kvm 
 exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
 ___ CentOS
 mailing list CentOS@centos.org 
 http://lists.centos.org/mailman/listinfo/centos
 
 
 THis is a bug in policy.  It can be allowed for now.
 
 We have 6.2 selinux-policy preview package available on 
 http://people.redhat.com/dwalsh/SELinux/RHEL6
 
 I believe all that is happening is qemu-kvm is noticing you have a 
 file system mounted, and doing a getattr on it.
 
 
 Thanks for the help Dan.  Is there something that could have
 triggered this between 6.0 and 6.1?  This server was updated to 6.0
 CR around the same time this began happening, so I want to make
 sure if it's an issue in CR that I can file a useful bug report.
 
 When updating selinux-policy, do I have to update all the RPMs

[CentOS] CentOS-6 install on 1 Tb drive fails

2011-10-17 Thread James B. Byrne
I am attempting to load CentOS-6 onto a ST31000524AS 1Tb
SATA drive in a Supermicro 5015A-EHF-D525 system.  The
BIOS sees the drive and the CentOS install process sees
and initializes it as well.

However, even when I accept the default partitioning, I
get an error during the drive formatting prior to
installing the OS.  The error message is: Could not
commit to disk /dev/sda.  I get this error whether the
drive is configured as IDE or AHCI in BIOS.

The advanced BIOS configuration section makes reference to
LBA addressing and a maximum value of 137 Gb.  However, I
had previously equipped this very system with a 500 GB
SATA drive and had not experienced any problems.

Does anyone have any idea as to what might be happening here?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

2011-10-17 Thread Trey Dockendorf
On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
  Forwarding back to list. -- Forwarded message --
  From: Trey Dockendorf treyd...@gmail.com Date: Oct 17, 2011
  10:06 AM Subject: Re: [CentOS] SELinux triggered during Libvirt
  snapshots To: Daniel J Walsh dwa...@redhat.com
 
 
 
  On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh dwa...@redhat.com
  wrote:
 
  On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
  I recently began getting periodic emails from SEalert that
  SELinux is preventing /usr/libexec/qemu-kvm getattr access
  from the directory I store all my virtual machines for KVM.
 
  All VMs are stored under /vmstore , which is it's own mount
  point, and every file and folder under /vmstore currently has
  the correct context that was set by doing the following:
 
  semanage fcontext -a -t virt_image_t /vmstore(/.*)?
  restorecon -R /vmstore
 
  So far I've noticed then when taking snapshots and also when
  using virsh to make changes to a domain's XML file.  I
  haven't had any problems for the 3 or 4 months I've run this
  KVM server using SELinux on Enforcing, and so I'm not really
  sure what information is helpful to debug this.  The server
  is CentOS 6 x86_64 updated to CR.  This is the raw audit
  entry, (hostname removed)
 
  node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc:
  denied { getattr } for pid=1842 comm=qemu-kvm name=/
  dev=dm-2 ino=2
  scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
  node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28):
  arch=c03e syscall=138 success=no exit=-13 a0=9
  a1=7fff1cf153f0 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
  auid=4294967295 uid=107 gid=107 euid=107 suid=107 fsuid=107
  egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
  comm=qemu-kvm exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
  I've attached the alert email as a quote below, (hostname
  removed)
 
  Any help is greatly appreciated, I've had to deal little
  with SELinux fortunately, but at the moment am not really
  sure if my snapshots are actually functional or if this is
  just some false positive.
 
  Thanks - Trey
 
  Summary
 
  SELinux is preventing /usr/libexec/qemu-kvm getattr
  access on /vmstore.
 
  Detailed Description
 
  SELinux denied access requested by qemu-kvm. It is not
  expected that this
  access is required by qemu-kvm and this access may signal
  an intrusion attempt. It is also possible that the
  specific version or configuration of the application is
  causing it to require additional access.
 
  Allowing Access
 
  You can generate a local policy module to allow this access
  - see FAQ
  Please file a bug report.
 
  Additional Information
 
  Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
  Target Context:   system_u:object_r:fs_t:s0
 
  Target Objects:   /vmstore [ filesystem ]
 
  Source:   qemu-kvm
 
  Source Path:   /usr/libexec/qemu-kvm
 
  Port:   Unknown
 
  Host:   kvmhost.tld
 
  Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
  Target RPM Packages:
 
  Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
  Selinux Enabled:   True
 
  Policy Type:   targeted
 
  Enforcing Mode:   Enforcing
 
  Plugin Name:   catchall
 
  Host Name:   kvmhost.tld
 
  Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1
  SMP Mon Jun 27
  19:49:27 BST 2011 x86_64 x86_64
 
  Alert Count:   1
 
  First Seen:   Fri Oct 14 18:20:50 2011
 
  Last Seen:   Fri Oct 14 18:20:50 2011
 
  Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
  Line Numbers:
 
  Raw Audit Messages :
 
 
  node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
  avc: denied { getattr } for pid=1842 comm=qemu-kvm
  name=/ dev=dm-2 ino=2
  scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
  node=kvmhost.tld type=SYSCALL
  msg=audit(1318634450.285:28): arch=c03e
  syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
  a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
  auid=4294967295 uid=107 gid=107 euid=107 suid=107
  fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
  ses=4294967295 comm=qemu-kvm
  exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
  ___ CentOS
  mailing list CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 
  THis is a bug in policy.  It can be allowed for now.
 
  We have 6.2 selinux-policy preview package available on
  http://people.redhat.com/dwalsh/SELinux/RHEL6
 
  I believe all that is happening is qemu-kvm is noticing you have a
  file system mounted, and doing a getattr on it.
 
 
  Thanks for the help Dan.  Is there something that could have
  triggered this between 6.0 and 6.1?  This server was updated to 6.0
  CR around the same time this 

Re: [CentOS] CentOS-6 install on 1 Tb drive fails

2011-10-17 Thread m . roth
James B. Byrne wrote:
 I am attempting to load CentOS-6 onto a ST31000524AS 1Tb
 SATA drive in a Supermicro 5015A-EHF-D525 system.  The
 BIOS sees the drive and the CentOS install process sees
 and initializes it as well.

 However, even when I accept the default partitioning, I
 get an error during the drive formatting prior to
 installing the OS.  The error message is: Could not
 commit to disk /dev/sda.  I get this error whether the
 drive is configured as IDE or AHCI in BIOS.
snip
 Does anyone have any idea as to what might be happening here?

Have you tried putting the drive in another system and see if it's
recognized correctly? Also, if you put the old drive back, does it work?

What I'm looking for is whether you have a hardware problem, either m/b or
drive... or controller card.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

2011-10-17 Thread Daniel J Walsh
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 10/17/2011 02:09 PM, Trey Dockendorf wrote:
 On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com 
 mailto:dwa...@redhat.com wrote:
 
 On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
 Forwarding back to list. -- Forwarded message -- 
 From: Trey Dockendorf treyd...@gmail.com 
 mailto:treyd...@gmail.com Date: Oct 17, 2011 10:06 AM Subject:
 Re: [CentOS] SELinux triggered during Libvirt snapshots To:
 Daniel J Walsh dwa...@redhat.com mailto:dwa...@redhat.com
 
 
 
 On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh
 dwa...@redhat.com mailto:dwa...@redhat.com wrote:
 
 On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
 I recently began getting periodic emails from SEalert that 
 SELinux is preventing /usr/libexec/qemu-kvm getattr
 access from the directory I store all my virtual machines
 for KVM.
 
 All VMs are stored under /vmstore , which is it's own
 mount point, and every file and folder under /vmstore
 currently has the correct context that was set by doing the
 following:
 
 semanage fcontext -a -t virt_image_t /vmstore(/.*)? 
 restorecon -R /vmstore
 
 So far I've noticed then when taking snapshots and also
 when using virsh to make changes to a domain's XML file.
 I haven't had any problems for the 3 or 4 months I've run
 this KVM server using SELinux on Enforcing, and so I'm not
 really sure what information is helpful to debug this.  The
 server is CentOS 6 x86_64 updated to CR.  This is the raw
 audit entry, (hostname removed)
 
 node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
 avc: denied { getattr } for pid=1842 comm=qemu-kvm
 name=/ dev=dm-2 ino=2 
 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem 
 node=kvmhost.tld type=SYSCALL
 msg=audit(1318634450.285:28): arch=c03e syscall=138
 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
 a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107
 sgid=107 fsgid=107 tty=(none) ses=4294967295 
 comm=qemu-kvm exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 I've attached the alert email as a quote below, (hostname 
 removed)
 
 Any help is greatly appreciated, I've had to deal little 
 with SELinux fortunately, but at the moment am not really 
 sure if my snapshots are actually functional or if this is 
 just some false positive.
 
 Thanks - Trey
 
 Summary
 
 SELinux is preventing /usr/libexec/qemu-kvm getattr 
 access on /vmstore.
 
 Detailed Description
 
 SELinux denied access requested by qemu-kvm. It is not 
 expected that this
 access is required by qemu-kvm and this access may
 signal an intrusion attempt. It is also possible that
 the specific version or configuration of the
 application is causing it to require additional
 access.
 
 Allowing Access
 
 You can generate a local policy module to allow this
 access - see FAQ
 Please file a bug report.
 
 Additional Information
 
 Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
 Target Context:   system_u:object_r:fs_t:s0
 
 Target Objects:   /vmstore [ filesystem ]
 
 Source:   qemu-kvm
 
 Source Path:   /usr/libexec/qemu-kvm
 
 Port:   Unknown
 
 Host:   kvmhost.tld
 
 Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
 Target RPM Packages:
 
 Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
 Selinux Enabled:   True
 
 Policy Type:   targeted
 
 Enforcing Mode:   Enforcing
 
 Plugin Name:   catchall
 
 Host Name:   kvmhost.tld
 
 Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64
 #1 SMP Mon Jun 27
 19:49:27 BST 2011 x86_64 x86_64
 
 Alert Count:   1
 
 First Seen:   Fri Oct 14 18:20:50 2011
 
 Last Seen:   Fri Oct 14 18:20:50 2011
 
 Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
 Line Numbers:
 
 Raw Audit Messages :
 
 
 node=kvmhost.tld type=AVC
 msg=audit(1318634450.285:28): avc: denied { getattr }
 for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2 
 scontext=system_u:system_r:svirt_t:s0:c772,c779 
 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
 node=kvmhost.tld type=SYSCALL 
 msg=audit(1318634450.285:28): arch=c03e
 syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 
 a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842 
 auid=4294967295 uid=107 gid=107 euid=107 suid=107 
 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) 
 ses=4294967295 comm=qemu-kvm 
 exe=/usr/libexec/qemu-kvm 
 subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
 ___ CentOS 
 mailing list CentOS@centos.org mailto:CentOS@centos.org 
 http://lists.centos.org/mailman/listinfo/centos
 
 
 THis is a bug in policy.  It can be allowed for now.
 
 We have 6.2 selinux-policy preview package available on 
 http://people.redhat.com/dwalsh/SELinux/RHEL6
 
 I believe all that is happening is qemu-kvm is noticing you have
 a file system mounted, and doing a getattr on it.
 
 
 Thanks for the help Dan.  Is there something that could have 
 

Re: [CentOS] Fwd: Re: SELinux triggered during Libvirt snapshots

2011-10-17 Thread Trey Dockendorf
On Oct 17, 2011 2:06 PM, Daniel J Walsh dwa...@redhat.com wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 On 10/17/2011 02:09 PM, Trey Dockendorf wrote:
  On Oct 17, 2011 10:30 AM, Daniel J Walsh dwa...@redhat.com
  mailto:dwa...@redhat.com wrote:
 
  On 10/17/2011 11:19 AM, Trey Dockendorf wrote:
  Forwarding back to list. -- Forwarded message --
  From: Trey Dockendorf treyd...@gmail.com
  mailto:treyd...@gmail.com Date: Oct 17, 2011 10:06 AM Subject:
  Re: [CentOS] SELinux triggered during Libvirt snapshots To:
  Daniel J Walsh dwa...@redhat.com mailto:dwa...@redhat.com
 
 
 
  On Mon, Oct 17, 2011 at 7:47 AM, Daniel J Walsh
  dwa...@redhat.com mailto:dwa...@redhat.com wrote:
 
  On 10/14/2011 08:17 PM, Trey Dockendorf wrote:
  I recently began getting periodic emails from SEalert that
  SELinux is preventing /usr/libexec/qemu-kvm getattr
  access from the directory I store all my virtual machines
  for KVM.
 
  All VMs are stored under /vmstore , which is it's own
  mount point, and every file and folder under /vmstore
  currently has the correct context that was set by doing the
  following:
 
  semanage fcontext -a -t virt_image_t /vmstore(/.*)?
  restorecon -R /vmstore
 
  So far I've noticed then when taking snapshots and also
  when using virsh to make changes to a domain's XML file.
  I haven't had any problems for the 3 or 4 months I've run
  this KVM server using SELinux on Enforcing, and so I'm not
  really sure what information is helpful to debug this.  The
  server is CentOS 6 x86_64 updated to CR.  This is the raw
  audit entry, (hostname removed)
 
  node=kvmhost.tld type=AVC msg=audit(1318634450.285:28):
  avc: denied { getattr } for pid=1842 comm=qemu-kvm
  name=/ dev=dm-2 ino=2
  scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
  node=kvmhost.tld type=SYSCALL
  msg=audit(1318634450.285:28): arch=c03e syscall=138
  success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0
  a3=7fff1cf15170 items=0 ppid=1 pid=1842 auid=4294967295
  uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107
  sgid=107 fsgid=107 tty=(none) ses=4294967295
  comm=qemu-kvm exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
  I've attached the alert email as a quote below, (hostname
  removed)
 
  Any help is greatly appreciated, I've had to deal little
  with SELinux fortunately, but at the moment am not really
  sure if my snapshots are actually functional or if this is
  just some false positive.
 
  Thanks - Trey
 
  Summary
 
  SELinux is preventing /usr/libexec/qemu-kvm getattr
  access on /vmstore.
 
  Detailed Description
 
  SELinux denied access requested by qemu-kvm. It is not
  expected that this
  access is required by qemu-kvm and this access may
  signal an intrusion attempt. It is also possible that
  the specific version or configuration of the
  application is causing it to require additional
  access.
 
  Allowing Access
 
  You can generate a local policy module to allow this
  access - see FAQ
  Please file a bug report.
 
  Additional Information
 
  Source Context:   system_u:system_r:svirt_t:s0:c772,c779
 
  Target Context:   system_u:object_r:fs_t:s0
 
  Target Objects:   /vmstore [ filesystem ]
 
  Source:   qemu-kvm
 
  Source Path:   /usr/libexec/qemu-kvm
 
  Port:   Unknown
 
  Host:   kvmhost.tld
 
  Source RPM Packages:   qemu-kvm-0.12.1.2-2.160.el6_1.8
 
  Target RPM Packages:
 
  Policy RPM:   selinux-policy-3.7.19-93.el6_1.7
 
  Selinux Enabled:   True
 
  Policy Type:   targeted
 
  Enforcing Mode:   Enforcing
 
  Plugin Name:   catchall
 
  Host Name:   kvmhost.tld
 
  Platform:   Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64
  #1 SMP Mon Jun 27
  19:49:27 BST 2011 x86_64 x86_64
 
  Alert Count:   1
 
  First Seen:   Fri Oct 14 18:20:50 2011
 
  Last Seen:   Fri Oct 14 18:20:50 2011
 
  Local ID:   c73c7440-06ee-4611-80ac-712207ef9aa6
 
  Line Numbers:
 
  Raw Audit Messages :
 
 
  node=kvmhost.tld type=AVC
  msg=audit(1318634450.285:28): avc: denied { getattr }
  for pid=1842 comm=qemu-kvm name=/ dev=dm-2 ino=2
  scontext=system_u:system_r:svirt_t:s0:c772,c779
  tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
 
  node=kvmhost.tld type=SYSCALL
  msg=audit(1318634450.285:28): arch=c03e
  syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0
  a2=0 a3=7fff1cf15170 items=0 ppid=1 pid=1842
  auid=4294967295 uid=107 gid=107 euid=107 suid=107
  fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none)
  ses=4294967295 comm=qemu-kvm
  exe=/usr/libexec/qemu-kvm
  subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
 
 
 
  ___ CentOS
  mailing list CentOS@centos.org mailto:CentOS@centos.org
  http://lists.centos.org/mailman/listinfo/centos
 
 
  THis is a bug in policy.  It can be allowed for now.
 
  We have 6.2 selinux-policy preview package available on
  http://people.redhat.com/dwalsh/SELinux/RHEL6
 
  I believe all that is happening 

Re: [CentOS] CentOS-6 install on 1 Tb drive fails

2011-10-17 Thread James B. Byrne

On Mon, October 17, 2011 14:01, James B. Byrne wrote:
 I am attempting to load CentOS-6 onto a ST31000524AS 1Tb
 SATA drive in a Supermicro 5015A-EHF-D525 system.  The
 BIOS sees the drive and the CentOS install process sees
 and initializes it as well.

 However, even when I accept the default partitioning, I
 get an error during the drive formatting prior to
 installing the OS.  The error message is: Could not
 commit to disk /dev/sda.  I get this error whether the
 drive is configured as IDE or AHCI in BIOS.

On Mon Oct 17 14:12:26 EDT 2011, m.roth at 5-cent.us
m.roth at 5-cent.us wrote:
 Have you tried putting the drive in another system
 and see if it's recognized correctly?

I have and the drive in question is formatted and CentOS-6
is successfully installed using the same media if I employ
a different system to do the work.

 Also, if you put the old drive back, does it work?

Yes, I can boot the Supermicro system from a previously
formatted 500Gb disc that already has CentOS-6 installed
on it.  Further, if I install the 1Tb disk, now formatted
and with CentOS installed courtesy of the other host, then
the Supermicro system also boots from it.

 What I'm looking for is whether you have a hardware
 problem, either m/b or drive... or controller card.

It does not appear to me to be hardware related, at least
not directly.  I suspect a bug in Anaconda.  There  are
reports of a similar issue in Fedora last year and the bug
was supposed to have been fixed in June of 2010, if indeed
my problem is the same thing or something related.



-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte  Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS-6 install on 1 Tb drive fails

2011-10-17 Thread m . roth
James B. Byrne wrote:
 On Mon, October 17, 2011 14:01, James B. Byrne wrote:
 I am attempting to load CentOS-6 onto a ST31000524AS 1Tb
 SATA drive in a Supermicro 5015A-EHF-D525 system.  The
 BIOS sees the drive and the CentOS install process sees
 and initializes it as well.

 However, even when I accept the default partitioning, I
 get an error during the drive formatting prior to
 installing the OS.  The error message is: Could not
 commit to disk /dev/sda.  I get this error whether the
 drive is configured as IDE or AHCI in BIOS.

 On Mon Oct 17 14:12:26 EDT 2011, m.roth at 5-cent.us
 m.roth at 5-cent.us wrote:
 Have you tried putting the drive in another system
 and see if it's recognized correctly?
yep, he says

 Also, if you put the old drive back, does it work?

 Yes, I can boot the Supermicro system from a previously
snip
 What I'm looking for is whether you have a hardware
 problem, either m/b or drive... or controller card.

 It does not appear to me to be hardware related, at least
 not directly.  I suspect a bug in Anaconda.  There  are
 reports of a similar issue in Fedora last year and the bug
 was supposed to have been fixed in June of 2010, if indeed
 my problem is the same thing or something related.

Huh. Dunno - I've done installs on 1TB, 1.5TB, 2TB and 3TB drives with no
problem.

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


Re: [CentOS] CentOS 6.0 i386 DVD

2011-10-17 Thread Cliff Pratt
On Mon, Oct 17, 2011 at 11:47 PM, William L. Maltby
centos4b...@triad.rr.com wrote:

 Frustration does funny things to logic.

Ha! Nice one.

Cheers,

Cliff
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos


[CentOS] haproxy ssl

2011-10-17 Thread Tim Dunphy
hello list,

 I am attempting to load balance SSL web servers using haproxy on centos 5.7.

 I am using HA-Proxy version 1.4.18 


  Here is the stanza in the config regarding SSL:

   listen https 192.168.1.200:443
mode tcp
balance roundrobin
option forwardfor except 192.168.1.200
option redispatch
maxconn 1
reqadd X-Forwarded-Proto:\ https
server web1 web1.summitnjhome.com:443  maxconn 5000
server web2 web2.summitnjhome.com:443  maxconn 5000

I can connect to https on each web server and have it serve content. the IP 
192.168.1.200 is a virtual IP created with keepalived and floating between two 
load balancers.


 I can connect to the virtual ip via openssl s_connect and GET / where i see 
the source code for the home page

  
 openssl s_client -connect 192.168.1.200:443


CONNECTED(0003)
---
Certificate chain
 0 
s:/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com
   
i:/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com
---
Server certificate
-BEGIN CERTIFICATE-
MIIFejCCA2ICCQCjGRFk9cQ13zANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJV
UzELMAkGA1UECBMCTkoxDzANBgNVBAcTBlN1bW1pdDENMAsGA1UEChMEU05KSDEb
MBkGA1UEAwwSKi5zdW1taXRuamhvbWUuY29tMSYwJAYJKoZIhvcNAQkBFhdibHVl
dGh1bmRyQGpva2VmaXJlLmNvbTAeFw0xMTA5MjUwMjU4NTRaFw0xMjA5MjQwMjU4
NTRaMH8xCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJOSjEPMA0GA1UEBxMGU3VtbWl0
MQ0wCwFAKEFDATA4Yj2LgSBwxezlE
CMmqfE0Sg0lgKe3jmyzNHCAHGrzMKVdIUW7UBI+V4wZyE08Mw3HUh13To6DzBnmp
ET+zvFk5uUnbpzk3FWYFPPxiESuIEQKmi+MzrPnM6hjKc+Caq7rBxdWvg0d8eNsN
t2+UJxTJpnucgnAtIbAktNlsbYhb4Yw9iFs1YecPqvtaS22ZsChmlDAwpQYhn88p
OK+K9qOg8bMYThe6xPaAK1sMk+YfmhSPIaT974FYSIeFeY8fFa8zIZbiUcSxOnyM
fI/xh2uMwJkpxzHBXJWQxP3LZlgghSyuzL9j/g16xLZ3BotYwTGqHzMuoDVXQijq
92YTmeSl5bPaNro1stExh4ug+zk2IqrowciZ1Ehk1vQKCl31GjLKFX1P3fhwjt0o
/lQBnIgRtBFSI9RVP41+PTPjXXVzhqlgf3h1oFJ36sOQeg8342Hu0UWFg6gpy+q/
7iyuVV0CAwEAATANBgkqhkiG9w0BAQUFAAOCAgEABdQxDHPkpQV+A1RnwGP9nGNC
1uR+MTnuuowiUIEsTkSTipSlviVHlJx8CYDkQ3kcBiPJk6SjuOT8WrFu9D7+nAr8
7SNGknoe7flxhxI0fIqeLaQIncEAliv5mzw/agj2htn7GTmhP3At+JD3e3FYCrLI
kUoom53wLzJvoSu2ixBdY9yLQePC5AYBIlI6RVyCLMPQVen0fvgI7Ecyx+vvpjvD
Cu+rnGKxplPwROlFe2NPrLrV7pnGYGNcLSkO5fF32b3XvKob+xRG+rCUvmYtHA6y
6lEOBz8prwfc6ZTum+9vpb5ONmWtSaYn7mjPR/jw55kLSZ+NggW5YH6lqL8jb8b0
kNHZKgInSFSmoMY2W7pEq4ZQ5S8m5VrruBzqXNnCJ5NmQqF8bM97k81ATZoZ+r6z
oo51BfFGJSQdnGJNDJnBnl7bf9ynSbkYV3VidRNGHm+Gr/YYP32ITihlZLTioCmk
Wt+2x0xRk5jUS+MjCn5ozYTph3PxU/wW913+HCjDzx0g4fDLYW+YbWmV4zdls/Z7
pxdYaFDR594Ov1H7E2wPZeWBmR+7kT2ZFwOXVQb0qF2Dx5Q0dbZ9TEu8rTJ7jdjD
he/odOx11Qmiau/UYd5c0Pop6dJu3NhnlromNSAKR5QlTWE4UerOOyxwV+OklsDt
8qijXOiRdqk4efqL4cs=
-END CERTIFICATE-
subject=/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com
issuer=/C=US/ST=NJ/L=Summit/O=SNJH/CN=*.example.com/emailAddress=bluethu...@example.com
---
No client certificate CA names sent
---
SSL handshake has read 2361 bytes and written 319 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol  : TLSv1
Cipher: DHE-RSA-AES256-SHA
Session-ID: 74AE373F9F177593D9CF8FFDFE2EDEB6C11958BF03E5315FC49C0641A17A6277
Session-ID-ctx: 
Master-Key: 
E4C07C8D40B045FB30F612966F587AC30E3859913795B22D586D598F9EB3FE5BD97F6511920793E29EA363FE9A3961DD
Key-Arg   : None
Krb5 Principal: None
Start Time: 1318902076
Timeout   : 300 (sec)
Verify return code: 18 (self signed certificate)
---
html
head
img src='Illustration.jpg'/img
/head
/html
closed

  For now it's just a demo page with more complex content living deeper in the 
directory structure. 

  A port scan with nmap shows that port 443 is open...


 [root@VIRTCENT02:~] #nmap -p 443 192.168.1.200

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2011-10-17 21:59 EDT
Interesting ports on 192.168.1.200:
PORTSTATE SERVICE
443/tcp open  https


And the port 443 is being listened to..

  [root@VIRTCENT02:~] #lsof -i :443
COMMAND  PIDUSER   FD   TYPE DEVICE SIZE NODE NAME
haproxy 1763 haproxy6u  IPv4   7586   TCP VIRTUAL.example.com:https 
(LISTEN)

[root@VIRTCENT01:~] #netstat -tulpn | grep 443
tcp0  0 192.168.1.200:443   0.0.0.0:*   
LISTEN  1752/haproxy


 But a page will not render in a web page. 

  Unable to connect
  
   Firefox can't establish a connection to the server at virtual.example.com.   

 And there is no activity in the haproxy debug logs when I hit the web page at 
this address which should map to that ip.

 [root@VIRTCENT01:~] #host virtual.example.com
virtual.example.com has address 192.168.1.200

Thanks in advance!
tim
  
  


  



 

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos