[CentOS] vmware player CentOS 6 2-button 3-button touch pad with pointing device Lenovo ThinkPad

[Igor Furlan]

Hi All,

Question:

What (how, where) I need to set (configure) to make 'middle' button on
the touch pad acting as a '__paste__' button  when I run LINUX (CentOS
6.2) as guest on MS Windows 7 Home premium ?


Details:

LENOVO T520 laptop
touch pad with 3 buttons
pointing device (red small mushroom) between GHB keys
vmware host: MS Windows 7 Home Premium edition 64-bit
vmware guest: CentoOS 6.2 64-bit
vmware player version: 4.01

As you all know, on UNIX/LINUX the copy/paste function works slightly
different than on MS Windows-ware.

When one would like to copy&paste a text, he/she needs to do:

A) press left button and move the cursor to highlight the text of interest,
B) release left button and finally
C) paste the contents of buffer(clipboard)  with click on the middle button.

Unfortunately, this function does not work on CentoOS 6 as a  guest OS
running on vmware player on WIN 7.
 In order for me to do the copy/paste, I need to
A) highlight the text,
B) click on right button and select 'copy' to move the  highlighted
text into the buffer(clipboard),
C) move the cursor to the destination position,
D) click the right button again and select the 'paste' function.

In other words, 'copy&paste' on CentOS 6.2 works like 'copy&paste' on
MS WINDOWS-ware.

Is there a way to revert the 'copy&paste' functionality back to the
traditional UNIX way of doing it,
highlight the text with left mouse/touchpad button and paste it with
the middle mouse/touchpad button.

Any hint | solution | RTFM pointer | advice is more than welcome

Thanks in advance

Igor

--
"You can't run an economy where the financial sector is making 40
percent of the profits."


        former Fed Chairman Paul Volcker 2009
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound over HDMI using nvidia graphics card

[Ned Slider]

On 09/01/12 15:43, Tait Clarridge wrote:
>
>>
>> http://taiter.com/techlog/2010/07/nvidia-gt210---hdmi-audio.html
>>
>
> My mistake, the correct link is here:
>
> http://blog.taiter.com/tech/2010/07/nvidia-gt210---hdmi-audio.html
>
> Forgot I was testing my redesign and had the wrong server in my host
> file :)
>


Nvidia's documentation may also be found here:

ftp://download.nvidia.com/XFree86/gpu-hdmi-audio-document/gpu-hdmi-audio.html

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum-priorities behavior with downgrades [was: sa-update error with perl]

[Johnny Hughes]

On 01/09/2012 09:59 PM, Anthony wrote:
> On 2012-01-10 14:13, email builder wrote:
> ...
> 
> ...
>> If I already have a bunch of packages from RepoForge, some of which
>> might also be in the CentOS repo (some presumably with lower version
>> numbers), what happens after installing and configuring 
>> yum-priorities? 
>>
>> Do those packages automatically get downgraded?  Does yum complain
>> and tell me I should downgrade?  I assume upgrades would happen per
>> usual if there are newer versions of packages in CentOS repo.
>>
>> I'm slightly concerned because I have a handful of packages that got
>> installed automatically from RepoForge when I installed amavisd-new
>> from there, and I'd hate to break something.
> If the packages are _NEWER_ than those in CentOS, then no, they will 
> not be overwritten.
>
> You might also consider installing yum-protectbase.
>
> You'd then have to make a conscious effort to overwrite the base 
> packages!
You need to do the same thing with yum-priorities as well ... basically,
yum-protectbase and yum-priorities are the same thing, with protectbase
having 2 priority groups (1 and 0) with priorities has 99 priority
groups (99 down to 1).  I would use yum-priorities and not yum-protectbase.

In both cases, you are not going to be told about packages already
installed that are newer than those in the CentOS.

You can find those RPMs though by doing this:

rpm -qa | egrep "\.rf" | sort


that will tell you all repoforge rpms installed ... then do this to see
which ones also have duplicates from base or updates:


yum --disablerepo=\* --enablerepo=base --enablerepo=updates
--showduplicates list all $(rpm -q --qf '%{name} ' $(rpm -qa | grep "\.rf"))


That should work to tell you which .rf packages are also in base or
updates.




signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Anthony]

On 2012-01-10 08:44, m.r...@5-cent.us wrote:
..
>
> And then there's google+. I'm *REALLY* tired of Poredsky (or however 
> his
> name's spelled), sending me spam in Russian
>

I hear you.  I recently created an SPF record and added the necessary 
SMF-SPF milter on my mail server just to fight this Sergey Podushkin 
SPAM; all history now!  This guy was getting on my last nerve!

Cheers,
ak.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Marko Vojinovic]

On Monday 09 January 2012 15:29:59 Daniel J Walsh wrote:
> file_t means the file has no label, so the only way to create this
> type of file would be to remove the security attributes on the file.
> On an SELinux system, file_t should never be created, they are only
> created on a disabled SELinux system.  I guess you could try to use
> chcon -t file_t on a file, but I believe the kernel will block that.
> Or you could attempt to delete the SELinux label, but that might also
> be denied.

Ok, now I think I understand. The OP has stale files in /tmp which are not 
labelled, due to not purging /tmp on reboot. SELinux doesn't know how these 
files should be labelled, so it doesn't even try, and gives them the type 
file_t, which is a synonym for "this file doesn't have a type".

So the answer for the OP is to use chcon on this file to label it somehow. If 
that doesn't work, he should delete the file and recreate it (while SELinux is 
active), so that it gets properly labelled.

I learned something new today. :-) Thanks for the explanation!

Best, :-)
Marko


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] yum-priorities behavior with downgrades [was: sa-update error with perl]

[Anthony]

On 2012-01-10 14:13, email builder wrote:
...

...
> If I already have a bunch of packages from RepoForge, some of which
> might also be in the CentOS repo (some presumably with lower version
> numbers), what happens after installing and configuring 
> yum-priorities? 
>
> Do those packages automatically get downgraded?  Does yum complain
> and tell me I should downgrade?  I assume upgrades would happen per
> usual if there are newer versions of packages in CentOS repo.
>
> I'm slightly concerned because I have a handful of packages that got
> installed automatically from RepoForge when I installed amavisd-new
> from there, and I'd hate to break something.

If the packages are _NEWER_ than those in CentOS, then no, they will 
not be overwritten.

You might also consider installing yum-protectbase.

You'd then have to make a conscious effort to overwrite the base 
packages!

Cheers,
ak.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] yum-priorities behavior with downgrades [was: sa-update error with perl]

[email builder]

After solving my problem by downgrading perl-NetAddr-IP to the CentOS
repo's version, yum is of course telling me perl-NetAddr-IP is out of date
and needs to be updated (back to the buggy one in RepoForge).

So looks like yum-priorities is in order (ha! the pun!), but I have a question

>>  Hmm, OK, prioritze CentOS repo over RepoForge then will yum update

>>  figure out the rest?  I don't see any priority settings in my yum conf 
>>  files...
> 
> # yum list | grep priorities
> yum-priorities.noarch  1.1.16-16.el5.centos    
> installed
> 
> # cat /etc/yum/pluginconf.d/priorities.conf 
> [main]
> enabled = 1
> check_obsoletes=1
> 
> Then add "priority=n" to the repos sections.
> n=1 for CentOS
> n=2 for repo 2
> etc...

If I already have a bunch of packages from RepoForge, some of which
might also be in the CentOS repo (some presumably with lower version
numbers), what happens after installing and configuring yum-priorities?  

Do those packages automatically get downgraded?  Does yum complain
and tell me I should downgrade?  I assume upgrades would happen per
usual if there are newer versions of packages in CentOS repo.

I'm slightly concerned because I have a handful of packages that got
installed automatically from RepoForge when I installed amavisd-new
from there, and I'd hate to break something.

Thanks for any preemptive advice
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[email builder]

>>  I have three e-mail servers and the error is on all three.

>> 
>>  [root@MailIn ~]# service spamassassin restart
>>  Stopping spamd:                                            [  OK  ]
>>  Starting spamd: Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at 
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
>>    at 
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Net/DNS/Resolver/Base.pm
>  
> line 66
>>                                                              [  OK  ]
>> 
>>  When you report the bug would you post the bug number so we could follow 
> it.
> 
> The problem was solved for the OP when he downgraded perl-NetAddr-IP to 
> use the stock version from centos (perl-NetAddr-IP-4.027-5.el5_6) 
> instead of the one from repoforge.
> Doesn't this solve it for you?
> -
> 
> Thanks!
> 
> I will not be able to change things for a couple of days, but sure
> appreciate the information.  Looks like I will need to remove
> spamassassin and then re-install it.  

Why?  Just remove that package and install the one from CentOS.
Spamassassin doesn't need to be touched.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Gregory P. Ennis]

Gregory P. Ennis wrote:
>
> I have three e-mail servers and the error is on all three.
>
> [root@MailIn ~]# service spamassassin restart
> Stopping spamd:[  OK  ]
> Starting spamd: Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at 
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
>   at 
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Net/DNS/Resolver/Base.pm
>  line 66
> [  OK  ]
>
> When you report the bug would you post the bug number so we could follow it.

The problem was solved for the OP when he downgraded perl-NetAddr-IP to 
use the stock version from centos (perl-NetAddr-IP-4.027-5.el5_6) 
instead of the one from repoforge.
Doesn't this solve it for you?
-

Thanks!

I will not be able to change things for a couple of days, but sure
appreciate the information.  Looks like I will need to remove
spamassassin and then re-install it.  

Thanks again

Greg

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Florin Andrei]

On 01/09/2012 05:20 PM, Les Mikesell wrote:
>
> If it is your server you could just route the udp packets (using
> iptables to NAT if needed), unless you need access control or logging
> from the socks service.

The exit point is a few hops away, it's different from the default exit 
point, and I don't control the routers in between. I must use a proxy. 
Fortunately, OpenVPN seems to work well with dante-server. Too bad 
dante-server is not in EPEL, but RPM packages are available online.

-- 
Florin Andrei
http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Les Mikesell]

On Mon, Jan 9, 2012 at 7:11 PM, Florin Andrei  wrote:
> On 01/09/2012 04:51 PM, John R Pierce wrote:
>> On 01/09/12 4:34 PM, Florin Andrei wrote:
>>> OpenVPN normally uses UDP.
>>
>> it does?  I thought OpenVPN used ssl/tls as the transport, which is most
>> decidedly TCP.  I'll admit I haven't used it in quite a long time
>
> openssl is used for encryption, but the transport protocol is UDP.
>
> Anyway, I'm running dante-server now, and it seems to exhibit no problem
> at all with OpenVPN. Fingers crossed...
>
> http://www.inet.no/dante/

If it is your server you could just route the udp packets (using
iptables to NAT if needed), unless you need access control or logging
from the socks service.

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Nicolas Thierry-Mieg]

Gregory P. Ennis wrote:
>
> I have three e-mail servers and the error is on all three.
>
> [root@MailIn ~]# service spamassassin restart
> Stopping spamd:[  OK  ]
> Starting spamd: Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at 
> /usr/lib/perl5/5.8.8/Exporter.pm line 65.
>   at 
> /usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Net/DNS/Resolver/Base.pm
>  line 66
> [  OK  ]
>
> When you report the bug would you post the bug number so we could follow it.

The problem was solved for the OP when he downgraded perl-NetAddr-IP to 
use the stock version from centos (perl-NetAddr-IP-4.027-5.el5_6) 
instead of the one from repoforge.
Doesn't this solve it for you?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Florin Andrei]

On 01/09/2012 04:51 PM, John R Pierce wrote:
> On 01/09/12 4:34 PM, Florin Andrei wrote:
>> OpenVPN normally uses UDP.
>
> it does?  I thought OpenVPN used ssl/tls as the transport, which is most
> decidedly TCP.  I'll admit I haven't used it in quite a long time

openssl is used for encryption, but the transport protocol is UDP.

Anyway, I'm running dante-server now, and it seems to exhibit no problem 
at all with OpenVPN. Fingers crossed...

http://www.inet.no/dante/

-- 
Florin Andrei
http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Les Mikesell]

On Mon, Jan 9, 2012 at 6:51 PM, John R Pierce  wrote:
> On 01/09/12 4:34 PM, Florin Andrei wrote:
>> OpenVPN normally uses UDP.
>
> it does?  I thought OpenVPN used ssl/tls as the transport, which is most
> decidedly TCP.  I'll admit I haven't used it in quite a long time
>

OpenVPN can run over either tcp or udp.  The default is udp - and it
works better.

-- 
  Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Gregory P. Ennis]

\
>>  Is there somewhere at RepoForge I could notify them about this?

> 
> users mailing list:
> us...@lists.repoforge.org
> http://lists.repoforge.org/mailman/listinfo/users


Thank you.  I am reporting it now
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
---

Thanks for your post.

I have three e-mail servers and the error is on all three.

[root@MailIn ~]# service spamassassin restart
Stopping spamd:[  OK  ]
Starting spamd: Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at 
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
 at 
/usr/lib/perl5/vendor_perl/5.8.8/i386-linux-thread-multi/Net/DNS/Resolver/Base.pm
 line 66
   [  OK  ]

When you report the bug would you post the bug number so we could follow it.

Thanks,

Greg Ennis




___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[John R Pierce]

On 01/09/12 4:34 PM, Florin Andrei wrote:
> OpenVPN normally uses UDP.

it does?  I thought OpenVPN used ssl/tls as the transport, which is most 
decidedly TCP.  I'll admit I haven't used it in quite a long time





-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Florin Andrei]

On 01/09/2012 02:24 PM, Stephen Harris wrote:
>> Anyone here using a SOCKS server? I'm using ss5 but there seems to be a
>> strange disconnect issue with it and openvpn. While I'm trying to figure
>> out whether ss5 is at fault, or openvpn, I'd like to try a different
>> SOCKS server. Could you recommend one that works well on CentOS?
>
> If you can ssh to a remote machine then you can use the "-D" flag to
> make ssh act as a SOCKS server.  That should, at least, get you something
> to test against.

Doesn't work at all. Perhaps openssh is only a SOCKS server for TCP 
protocols? OpenVPN normally uses UDP.

-- 
Florin Andrei
http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[John R Pierce]

On 01/09/12 2:39 PM, m.r...@5-cent.us wrote:
> I've argued before that blocks should be by source - actual source, the
> oldest "Received-From", not from the last mailer.

Those are far too easily forged, and in fact a majority of spam has 
forged Recieved headers, you can only trust the one YOUR mail server 
puts on or a chain from the latest back as far as you see trusted 
servers.   Also, by the time you've read the header, its too late to 
reject the connection.




-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[Les Mikesell]

On Mon, Jan 9, 2012 at 4:49 PM, Craig White  wrote:
>
>> I am *NOT* going to jump hosting providers
>> every time this happens.
> 
> fine, you've made your choice - you should spare us the grief of your own 
> choices.
>

It's pretty hard to beat a free gmail account for mail lists and
similar things where you can't possibly claim to care about archived
copies or who might someday see them.

-- 
   Les Mikesell
lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[Craig White]

On Jan 9, 2012, at 3:39 PM, m.r...@5-cent.us wrote:

> I am *NOT* going to jump hosting providers
> every time this happens.

fine, you've made your choice - you should spare us the grief of your own 
choices.

-- 
Craig White ~ craig.wh...@ttiltd.com
1.800.869.6908 ~~ www.ttiassessments.com 

Need help communicating between generations at work to achieve your desired 
success? Let us help!

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[m . roth]

Craig White wrote:
>
> On Jan 9, 2012, at 3:05 PM, m.r...@5-cent.us wrote:
>
>> I've changed the subject line. It has nothing to do with my question
>> with my original post, that no one seems to have any answer to, what file
>> "image# 1" is looking for.
>>
>> This bloody email has now been blocked *twice*.
> 
> quite simply, it's obviously the methodology that you use to send e-mail
> and that may very well include 3rd parties.

What third parties? 5-cent.us is hosted, as I said, and you seem to
ignore, on hostmonster. The same company is also bluehost - they are one
and the same: I assume there was a merger a few years back. They funnel
all their email through a few mailhosts for the entire hosting provider.
*THAT* is what's being blocked.

I've argued before that blocks should be by source - actual source, the
oldest "Received-From", not from the last mailer. I think that would a)
get the hosts/virtual hosts send out the spam, not the last email host,
*and* would block the crap sent out that fraudulently puts in "Reply-to:
with other folks' email (I'm really not sending all that spam to addresses
in the Netherlands or Italy).
>
> you can choose to fix it or continue to suffer the vagaries that are
> apparent in your methods to get an e-mail to the intended target - it's
> your choice. Of course this is not the first time you've complained on the
> same topic and the cause is still the same.
>
Yeah. And I've said all along that I don't like dnsorbs, due to what I
consider a bad methodology. I am *NOT* going to jump hosting providers
every time this happens.

Unless, of course, you have a good-sized hosting provider in the US who
charges inexpensive rates for domain hosting that has *NEVER* been
blocked.

mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[Craig White]

On Jan 9, 2012, at 3:05 PM, m.r...@5-cent.us wrote:

> I've changed the subject line. It has nothing to do with my question with
> my original post, that no one seems to have any answer to, what file
> "image# 1" is looking for.
> 
> This bloody email has now been blocked *twice*.

quite simply, it's obviously the methodology that you use to send e-mail and 
that may very well include 3rd parties.

you can choose to fix it or continue to suffer the vagaries that are apparent 
in your methods to get an e-mail to the intended target - it's your choice. Of 
course this is not the first time you've complained on the same topic and the 
cause is still the same.

Craig
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[email builder]

>>  Is there somewhere at RepoForge I could notify them about this?

> 
> users mailing list:
> us...@lists.repoforge.org
> http://lists.repoforge.org/mailman/listinfo/users


Thank you.  I am reporting it now
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SOCKS server other than ss5?

[Stephen Harris]

> Anyone here using a SOCKS server? I'm using ss5 but there seems to be a 
> strange disconnect issue with it and openvpn. While I'm trying to figure 
> out whether ss5 is at fault, or openvpn, I'd like to try a different 
> SOCKS server. Could you recommend one that works well on CentOS?

If you can ssh to a remote machine then you can use the "-D" flag to
make ssh act as a SOCKS server.  That should, at least, get you something
to test against.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] SOCKS server other than ss5?

[Florin Andrei]

Anyone here using a SOCKS server? I'm using ss5 but there seems to be a 
strange disconnect issue with it and openvpn. While I'm trying to figure 
out whether ss5 is at fault, or openvpn, I'd like to try a different 
SOCKS server. Could you recommend one that works well on CentOS?

Thanks.

-- 
Florin Andrei
http://florin.myip.org/
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Was Re: USB install annoyances, is, OT, hosting providers

[m . roth]

I've changed the subject line. It has nothing to do with my question with
my original post, that no one seems to have any answer to, what file
"image# 1" is looking for.

This bloody email has now been blocked *twice*.

Ljubomir Ljubojevic wrote:
> On 01/09/2012 10:43 PM, m.r...@5-cent.us wrote:
>> Ljubomir Ljubojevic wrote:
>>> On 01/09/2012 10:13 PM, m.r...@5-cent.us wrote:
>> 
 Who here is *not* using a work email? Who here posts from their own
hosting site? Has this ever happened to you?
>>>
>>> I own my own domain/server/subnet. My WISP customers can only send mail

So, you're your own hosting, as well as personal, provider.
>>> via my server, with all the prevention's I could think of. I have
never been hit with this (but I do have small customer base), but I have
had regular domains (like one local Bank!!!) blocked to deliver to my
server because they do not have proper FQDN.

Please - I can't email some of my Congresscritters or Senators, here in
the US, because the idiot who's in charge of the Congress' webservers
hasn't discovered that top-level country codes exist and are valid.
>>
>> As I noted in another email, I don't have a commercial site. Buying a
static IP from Verizon, to run a server from home, is a *lot* more
expensive than just a 'Net connection and an inexpensive hosting
provider.
>
> It is OK. You asked who, and I answered, that is all. If I was not on
the semi-reliable 150Km Wireless link, I would be able to provide
quality service.

I appreciate your response. There's also a slight distance... and I figure
that the CIA and the FBI would have the successor to Carnivore staring at
my every email if I used you as a hosting provider. 
>
> Believe it or not, I am one of the *very* *very* rare hosting providers
in Serbia (local mostly) that provide SSL POP3/SMTP connection via port
995 and 465. There is maybe one or two providers on 7 million citizens.
>
> And yes, I forgot to write about reverse DNS, I have that too.

You're doing a really professional job. There's way too many over here who
don't have a clue, other than "I'll get rich!!!"

mark





___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Stephen Harris]

On Mon, Jan 09, 2012 at 01:44:54PM -0800, John R Pierce wrote:
> On 01/09/12 1:39 PM, Stephen Harris wrote:
> > *giggle*  *giggle*  *laugh*  *guffaw*   BWAAHAHAHAHHH!
> >
> > No spam via gmail?  Wow...  Funniest thing I've heard all day!
> 
> none of it that I've seen came through gmail servers...   lots of spam 
> from anonymous open relays with forged @gmail.com from addresses, they 
> can't do anything about that.

What you have seen, maybe.  What I've seen?  Hahahah.

Now, to be fair, Google _have_ improved.  It's nowhere as bad as it was
2 years ago (when various services actually blacklisted google as a spam
source).  But to say that google never relays spam is laughable.

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Ljubomir Ljubojevic]

On 01/09/2012 10:43 PM, m.r...@5-cent.us wrote:
> Ljubomir Ljubojevic wrote:
>> On 01/09/2012 10:13 PM, m.r...@5-cent.us wrote:
> 
>>> Who here is *not* using a work email? Who here posts from their own
>>> hosting site? Has this ever happened to you?
>>
>> I own my own domain/server/subnet. My WISP customers can only send mail
>> via my server, with all the prevention's I could think of. I have never
>> been hit with this (but I do have small customer base), but I have had
>> regular domains (like one local Bank!!!) blocked to deliver to my server
>> because they do not have proper FQDN.
>
> As I noted in another email, I don't have a commercial site. Buying a
> static IP from Verizon, to run a server from home, is a *lot* more
> expensive than just a 'Net connection and an inexpensive hosting provider.
>

It is OK. You asked who, and I answered, that is all. If I was not on 
the semi-reliable 150Km Wireless link, I would be able to provide 
quality service.

Believe it or not, I am one of the *very* *very* rare hosting providers 
in Serbia (local mostly) that provide SSL POP3/SMTP connection via port 
995 and 465. There is maybe one or two providers on 7 million citizens.

And yes, I forgot to write about reverse DNS, I have that too.


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 1:39 PM, Stephen Harris wrote:
> *giggle*  *giggle*  *laugh*  *guffaw*   BWAAHAHAHAHHH!
>
> No spam via gmail?  Wow...  Funniest thing I've heard all day!

none of it that I've seen came through gmail servers...   lots of spam 
from anonymous open relays with forged @gmail.com from addresses, they 
can't do anything about that.


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

Stephen Harris wrote:
> On Mon, Jan 09, 2012 at 01:29:24PM -0800, John R Pierce wrote:
>> Thats a BS excuse.  gmail has MILLIONS more users than bluehost, yet
>> doesn't seem to ever be used to relay spam.  Why?  they are proactive
>
> *giggle* *giggle* *laugh* *guffaw*  BWAAHAHAHAHHH!
>
> No spam via gmail?  Wow...  Funniest thing I've heard all day!

And then there's google+. I'm *REALLY* tired of Poredsky (or however his
name's spelled), sending me spam in Russian

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

Ljubomir Ljubojevic wrote:
> On 01/09/2012 10:13 PM, m.r...@5-cent.us wrote:

>> Who here is *not* using a work email? Who here posts from their own
>> hosting site? Has this ever happened to you?
>
> I own my own domain/server/subnet. My WISP customers can only send mail
> via my server, with all the prevention's I could think of. I have never
> been hit with this (but I do have small customer base), but I have had
> regular domains (like one local Bank!!!) blocked to deliver to my server
> because they do not have proper FQDN.

As I noted in another email, I don't have a commercial site. Buying a
static IP from Verizon, to run a server from home, is a *lot* more
expensive than just a 'Net connection and an inexpensive hosting provider.

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John R Pierce wrote:
> On 01/09/12 1:13 PM, m.r...@5-cent.us wrote:
>> Let's go through this again - we did it months ago. My site is hosted by
>> hostmonster, which also operates as bluehost. They are a*large*
>> provider,
>> with hundreds of thousands of domains, and the email from all of them go
>> through their (few) email servers. Therefore, when 100 or so of them
>> running WinBlows get their hosts infected, and they send out spam, and
>> the hosting provider hasn't caught them yet, hundreds of thousands of the
>> rest of us get hit with the same block.
>
> Thats a BS excuse.  gmail has MILLIONS more users than bluehost, yet
> doesn't seem to ever be used to relay spam.  Why?  they are proactive
> rather than reactive.  Bluehost is a cutrate provider who only reacts
> when forced, or this wouldn't keep recurring over and over again.

Ok, fine. Find me a hosting provider with similar rates - I don't have a
commercial site - and then get my money refunded that I've prepaid, and
the move of my stuff.

And I resent you suggesting that I chose them without doing due
dilligence, without getting a recommendations for hosting providers from
friends, some of whom have been online a *very* long time.

I should jump every time a provider falls behind? And no, I will NOT go to
gmail - when I use pop-3 and delete, I want it *GONE* forever off the
server.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Stephen Harris]

On Mon, Jan 09, 2012 at 01:29:24PM -0800, John R Pierce wrote:
> Thats a BS excuse.  gmail has MILLIONS more users than bluehost, yet 
> doesn't seem to ever be used to relay spam.  Why?  they are proactive 

*giggle* *giggle* *laugh* *guffaw*  BWAAHAHAHAHHH!

No spam via gmail?  Wow...  Funniest thing I've heard all day!

-- 

rgds
Stephen
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 1:30 PM, Ljubomir Ljubojevic wrote:
> I own my own domain/server/subnet. My WISP customers can only send mail
> via my server, with all the prevention's I could think of. I have never
> been hit with this (but I do have small customer base), but I have had
> regular domains (like one local Bank!!!) blocked to deliver to my server
> because they do not have proper FQDN.

I too run a few mail servers... none of my servers will accept incoming 
email from a host that doesn't have a reverse DNS that when looked up 
returns the original IP (eg, IP -> reverse -> forward -> IP... note this 
doesn't have to match the HELO name).  I also check that the 'from' 
domain name has an A or MX record. This sort of thing has been 
standard practice for email servers for at least 15 years.   The way I 
figure it, if someone can't get the DNS right, they shouldn't be running 
a email server at all.


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Ljubomir Ljubojevic]

On 01/09/2012 10:13 PM, m.r...@5-cent.us wrote:
> John R Pierce wrote:
>> On 01/09/12 12:31 PM, m.r...@5-cent.us wrote:
>>> Again, I*HATE*  dnsorbs This was bounced, which makes twice today.
>>>more text, add a few more words, we'll see if this makes it.
>>
>> your email is being relayed through 66.147.249.253
>> (oproxy4-pub.bluehost.com) which appears on several spam lists, for
>> instance, sorbs says 100s of spams have been sent from that host in the
>> past interval.
>>
>> you want to use a spammer-friendly service as your mail server, expect
>> to be treated as a spammer and blocked by admins tired of the deluge..
>
> Let's go through this again - we did it months ago. My site is hosted by
> hostmonster, which also operates as bluehost. They are a *large* provider,
> with hundreds of thousands of domains, and the email from all of them go
> through their (few) email servers. Therefore, when 100 or so of them
> running WinBlows get their hosts infected, and they send out spam, and the
> hosting provider hasn't caught them yet, hundreds of thousands of the rest
> of us get hit with the same block.
>
> Who here is *not* using a work email? Who here posts from their own
> hosting site? Has this ever happened to you?
>

I own my own domain/server/subnet. My WISP customers can only send mail 
via my server, with all the prevention's I could think of. I have never 
been hit with this (but I do have small customer base), but I have had 
regular domains (like one local Bank!!!) blocked to deliver to my server 
because they do not have proper FQDN.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 1:13 PM, m.r...@5-cent.us wrote:
> Let's go through this again - we did it months ago. My site is hosted by
> hostmonster, which also operates as bluehost. They are a*large*  provider,
> with hundreds of thousands of domains, and the email from all of them go
> through their (few) email servers. Therefore, when 100 or so of them
> running WinBlows get their hosts infected, and they send out spam, and the
> hosting provider hasn't caught them yet, hundreds of thousands of the rest
> of us get hit with the same block.

Thats a BS excuse.  gmail has MILLIONS more users than bluehost, yet 
doesn't seem to ever be used to relay spam.  Why?  they are proactive 
rather than reactive.  Bluehost is a cutrate provider who only reacts 
when forced, or this wouldn't keep recurring over and over again.



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John R Pierce wrote:
> On 01/09/12 12:31 PM, m.r...@5-cent.us wrote:
>> Again, I*HATE*  dnsorbs This was bounced, which makes twice today.
>>   more text, add a few more words, we'll see if this makes it.
>
> your email is being relayed through 66.147.249.253
> (oproxy4-pub.bluehost.com) which appears on several spam lists, for
> instance, sorbs says 100s of spams have been sent from that host in the
> past interval.
>
> you want to use a spammer-friendly service as your mail server, expect
> to be treated as a spammer and blocked by admins tired of the deluge..

Let's go through this again - we did it months ago. My site is hosted by
hostmonster, which also operates as bluehost. They are a *large* provider,
with hundreds of thousands of domains, and the email from all of them go
through their (few) email servers. Therefore, when 100 or so of them
running WinBlows get their hosts infected, and they send out spam, and the
hosting provider hasn't caught them yet, hundreds of thousands of the rest
of us get hit with the same block.

Who here is *not* using a work email? Who here posts from their own
hosting site? Has this ever happened to you?

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[m . roth]

Ljubomir Ljubojevic wrote:
> On 01/09/2012 07:43 PM, m.r...@5-cent.us wrote:
>> Ljubomir Ljubojevic wrote:
 John R. Dennison wrote:
> On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
>> I haven't gotten anything from the list since my email of 09:34 EST.
>> Do I have a problem, or is the list quiet?

 someone (NOT my hosting co - I don't have any filtering turned on) is
 delaying, or filtering, or if I'd been dropped for some reason, or
>>>
>>> I have seen few times when several replies came 2-3 hours before the
>>> original thread starter. I think Grey-listing could be responsible.
>>
>> Yeah, but grey-listing *outbound*?
>>
>> #include
>> Or were you suggesting my email was grey-listed?
>
> I am officially confused. You said you were not *receiving* *any* mails
> from the list. So my assumption was inbound mail from mailing list to
> you. That is what happened to me.

Right. And I get my email from this list during the day via wegmail, and
my email is on hosting I pay for, not my ISP's server, and I don't have
filtering enabled in any way. (Great, now all the spammers reading this
list will offer me pills to enlarge and/or firm up some portion of my
anatomy or wallet) Therefore, I don't understand where the greylisting
you're suggesting would occur, unless it's on the CentOS host.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 12:31 PM, m.r...@5-cent.us wrote:
> Again, I*HATE*  dnsorbs This was bounced, which makes twice today.
>   more text, add a few more words, we'll see if this makes it.

your email is being relayed through 66.147.249.253 
(oproxy4-pub.bluehost.com) which appears on several spam lists, for 
instance, sorbs says 100s of spams have been sent from that host in the 
past interval.

you want to use a spammer-friendly service as your mail server, expect 
to be treated as a spammer and blocked by admins tired of the deluge..


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Ljubomir Ljubojevic]

On 01/09/2012 09:56 PM, email builder wrote:
> Is there somewhere at RepoForge I could notify them about this?

users mailing list:
us...@lists.repoforge.org
http://lists.repoforge.org/mailman/listinfo/users

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[Ljubomir Ljubojevic]

On 01/09/2012 07:43 PM, m.r...@5-cent.us wrote:
> Ljubomir Ljubojevic wrote:
>> On 01/09/2012 07:31 PM, m.r...@5-cent.us wrote:
>>> I *loathe* dnsorbs Maybe this one will get through its crap. Maybe
>>> if I add a few more words
>>>
>>> John R. Dennison wrote:
 On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
> I haven't gotten anything from the list since my email of 09:34 EST.
> Do I have a problem, or is the list quiet?
> 
 You _could_ just have checked the archive.
>>>
>>> Actually, I went to the archives, and at least saw something from *sigh*
>>> Bennett that was dated 12:34 or so today; that was why I asked. Dunno if
>>> someone (NOT my hosting co - I don't have any filtering turned on) is
>>> delaying, or filtering, or if I'd been dropped for some reason, or
>>
>> I have seen few times when several replies came 2-3 hours before the
>> original thread starter. I think Grey-listing could be responsible.
>
> Yeah, but grey-listing *outbound*?
>
> #include
> Or were you suggesting my email was grey-listed?
>

I am officially confused. You said you were not *receiving* *any* mails 
from the list. So my assumption was inbound mail from mailing list to 
you. That is what happened to me.


-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[email builder]

>>    So maybe I *do* need to open a bug report?  Where do I do 

>> that?
>
>   can you try to disable ipv6, then reboot and see if you still 
> get the 
>   error message?

   Sorry, it's a production machine, I'd rather not do that.  
 I can 
  make small
   changes but a reboot--   Beside, if this is the set of packages 
 CentOS
   gives me when I install something like spamassassin, it seems like
   they should work no matter what.   But don't get me wrong, I 
 really
   appreciate your suggestion.
>>>
>>>  It is not the CentOS packages causing your issues.  I told you already
>>>  that I have spamassassin running with these packages with no problems:
>>
>>  Although I have the 32-bit packages which could be slightly different, no?
>> 
>>  That said, I would tend to think you're correct:
>> 
>>>  The issue you are having, based on the error that you posted, is that
>>>  something else is already providing the subroutine
>>>  "Net::DNS::Resolver::Base::AF_INET6" when it is trying to be 
>>> loaded by
>>>  perl module provided by CentOS (perl-Net-DNS-0.59-3.el5.i386).  What we
>>>  do not know is what ELSE is providing that routine.
>>
>>  It seems like it shouldn't be hard to grep for who the culprit is, but 
>> what
>>  do I know - doing this didn't turn up anything I could too easily 
>> decypher:
>> 
>>  cd /usr/lib/perl5
>>  grep -rin 'af_inet6' *
>> 
>>  I only got 40 lines of output from that so I could post them if needed.
>>  Grepping exactly for "sub af_inet6" gives me only one result:
>> 
>>  5.8.8/i386-linux-thread-multi/bits/socket.ph:66:    eval 'sub AF_INET6 
>> () { &PF_INET6;}' unless defined(&AF_INET6);
>> 
>>  Are there modules that are placed somewhere other than
>>  /usr/lib/perl5 that could have the offending code?  Or is this
>>  a fruitless way to track down the problem?
>> 
> 
> perl-NetAddr-IP-4.044-1.el5.rf   <=== I think that is the problem package
> 
> I don't know if that version is required by the repoforge packages ... but 
> base contains perl-NetAddr-IP-4.027-5.el5_6
> 
> I would see if I could replace perl-NetAddr-IP-4.044-1.el5.rf from repoforge 
> with perl-NetAddr-IP-4.027-5.el5_6 from base.

rpm -e --nodeps perl-NetAddr-IP

vi /etc/yum.repos.d/rpmforge.repo 
     -- change all enabled = 1 to enabled = 0 temporarily (seems like
    yum priorities is going to be a good idea) --

yum install perl-NetAddr-IP

/etc/init.d/spamassassin condrestart
Stopping spamd: [  OK  ]
Starting spamd: [  OK  ]

That did it.  Thanks a lot to Nicolas for sharing and thanks very very
much to Johnny for the patient help.

Is there somewhere at RepoForge I could notify them about this?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

Again, I *HATE* dnsorbs This was bounced, which makes twice today.
 more text, add a few more words, we'll see if this makes it.

John R Pierce wrote:
> On 01/09/12 12:05 PM, m.r...@5-cent.us wrote:
>> John R Pierce wrote:
>>> >  On 01/09/12 11:11 AM,m.r...@5-cent.us  wrote:
 >>  They are? I dunno - ours are labelled where they're intended to
be mounted, like / or /boot
>>> >
>>> >  don't plug one of those into a different system for repair or
you'll have all kinda grief.   $HOSTNAME_root would be the sane way
to do
>>> it...
>>> >
>> I'm trying to figure out why I'd plug one into a different system for
repair. Either the drive's bad, or I'm re-embodying a server that died,
but left good drives. If it's going bad, the*only*  thing I'm going to
do is plug it into a hot-swap bay (just about all of ours have those,
love them) to recover some data, then wipe it.
>
> exactly. and if you put that drive in a hotswap bay of another system
> that is using the same label, thats a potential for a big mess.   same

Why? If I shove it into another system, I'm *not* rebooting using it, just
putting it into a spare bay; then I'll mount /dev/sd /mnt.

No problem.

But this thread's gotten way OT: *does* anyone have any idea what the .img
file is that the running o/s from install.img is looking for, after the
partitioning, when it's ready to install?

 mark



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/09/2012 03:24 PM, Tony Molloy wrote:
> On Monday 09 January 2012 20:00:29 Marko Vojinovic wrote:
>> On Monday 09 January 2012 11:45:26 Daniel J Walsh wrote:
>>> SELinux has no idea what the labels are in /tmp, so restorecon 
>>> will not change the labels.  It would be best to just remove
>>> the content from /tmp and allow new content to be created.  If
>>> you want the content to be accessible from apache, you could
>>> change it to httpd_tmp_t
>>> 
>>> chcon -t httpd_tmp_t /tmp/PATH
>> 
>> But isn't there a policy for default labelling of arbitrary
>> files put in /tmp? I mean, when apache puts a file in /tmp, it
>> should be labelled *somehow*, according to the rules for apache
>> and/or the /tmp directory, right? This should happen in both
>> enforcing and permissive modes.
>> 
>> So is the default type label for such a case file_t? If it is,
>> it's a bug, since SELinux would deny subsequent access to that
>> file, per policy, right?
>> 
>> If I understood the OP correctly, he enabled SELinux (into 
>> permissive mode), relabeled the whole filesystem, rebooted
>> several times, and after all that apache creates a file in /tmp
>> with a label file_t. AFAIK, this should *never* happen, with the
>> default policy.
>> 
> 
> Exactly as I thought. If I touch a file or cp a file into /tmp then
> it's labelled as tmp_t not file_t. On the other hand if I mv a file
> in it retains it's original type. So how could a file created in
> /tmp get a file_t type.
> 
> That's why I asked the OP to delete the file and run the script
> which creates the file by hand.
> 
> Tony ___ CentOS mailing
> list CentOS@centos.org 
> http://lists.centos.org/mailman/listinfo/cento

file_t means the file has no label, so the only way to create this
type of file would be to remove the security attributes on the file.
On an SELinux system, file_t should never be created, they are only
created on a disabled SELinux system.  I guess you could try to use
chcon -t file_t on a file, but I believe the kernel will block that.
Or you could attempt to delete the SELinux label, but that might also
be denied.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LTkcACgkQrlYvE4MpobOQKwCfVN6EhzsP2a7Wi+ZwA/PgQpTC
L8QAoN+w+lkuYqMY1T78e08ZmTkG3aa3
=xUSZ
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 12:05 PM, m.r...@5-cent.us wrote:
> John R Pierce wrote:
>> >  On 01/09/12 11:11 AM,m.r...@5-cent.us  wrote:
>>> >>  They are? I dunno - ours are labelled where they're intended to be
>>> >>  mounted, like / or /boot
>> >
>> >  don't plug one of those into a different system for repair or you'll
>> >  have all kinda grief.   $HOSTNAME_root would be the sane way to do it...
>> >
> I'm trying to figure out why I'd plug one into a different system for
> repair. Either the drive's bad, or I'm re-embodying a server that died,
> but left good drives. If it's going bad, the*only*  thing I'm going to do
> is plug it into a hot-swap bay (just about all of ours have those, love
> them) to recover some data, then wipe it.
>

exactly. and if you put that drive in a hotswap bay of another system 
that is using the same label, thats a potential for a big mess.   same 
thing with LVM volume groups, you want their names globally unique, I 
notice EL6 now embeds the hostname in the VG...



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Tony Molloy]

On Monday 09 January 2012 20:00:29 Marko Vojinovic wrote:
> On Monday 09 January 2012 11:45:26 Daniel J Walsh wrote:
> > SELinux has no idea what the labels are in /tmp, so restorecon
> > will not change the labels.  It would be best to just remove the
> > content from /tmp and allow new content to be created.  If you
> > want the content to be accessible from apache, you could change
> > it to httpd_tmp_t
> > 
> > chcon -t httpd_tmp_t /tmp/PATH
> 
> But isn't there a policy for default labelling of arbitrary files
> put in /tmp? I mean, when apache puts a file in /tmp, it should be
> labelled *somehow*, according to the rules for apache and/or the
> /tmp directory, right? This should happen in both enforcing and
> permissive modes.
> 
> So is the default type label for such a case file_t? If it is, it's
> a bug, since SELinux would deny subsequent access to that file,
> per policy, right?
> 
> If I understood the OP correctly, he enabled SELinux (into
> permissive mode), relabeled the whole filesystem, rebooted several
> times, and after all that apache creates a file in /tmp with a
> label file_t. AFAIK, this should *never* happen, with the default
> policy.
> 

Exactly as I thought. If I touch a file or cp a file into /tmp then it's 
labelled as tmp_t not file_t. On the other hand if I mv a file in it 
retains it's original type. So how could a file created in /tmp get a 
file_t type.

That's why I asked the OP to delete the file and run the script which 
creates the file by hand.

Tony
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/09/2012 03:00 PM, Marko Vojinovic wrote:
> On Monday 09 January 2012 11:45:26 Daniel J Walsh wrote:
>> SELinux has no idea what the labels are in /tmp, so restorecon
>> will not change the labels.  It would be best to just remove the
>> content from /tmp and allow new content to be created.  If you
>> want the content to be accessible from apache, you could change
>> it to httpd_tmp_t
>> 
>> chcon -t httpd_tmp_t /tmp/PATH
> 
> But isn't there a policy for default labelling of arbitrary files
> put in /tmp? I mean, when apache puts a file in /tmp, it should be
> labelled *somehow*, according to the rules for apache and/or the
> /tmp directory, right? This should happen in both enforcing and
> permissive modes.
> 
> So is the default type label for such a case file_t? If it is, it's
> a bug, since SELinux would deny subsequent access to that file, per
> policy, right?
> 
> If I understood the OP correctly, he enabled SELinux (into
> permissive mode), relabeled the whole filesystem, rebooted several
> times, and after all that apache creates a file in /tmp with a
> label file_t. AFAIK, this should *never* happen, with the default
> policy.
> 
> Or am I missing something?
> 
> The only way I can understand how this can happen is to conjecture
> that the OP has turned on SELinux and --- *before* proper
> relabelling of the filesystem --- customized the policy (using
> audit2allow) to allow apache to read/write files of type file_t
> (this was neither confirmed nor denied by the OP). Since this is 
> inconsistent with other rules in the policy, my suggestion was to
> "reset" the policy to CentOS default and relabel everything again
> before making any further customizations. However, I don't know how
> to actually do the "reset the policy" step, since I never needed
> it. :-)
> 
> Is there an alternative explanation to the whole mess?
> 
> Best, :-) Marko
> 
> 
> ___ CentOS mailing
> list CentOS@centos.org 
> http://lists.centos.org/mailman/listinfo/centos

If you look at the file_context file you will see <>  which
means the default label has no idea what to put in this directory

/tmp/.* <>

This tells restorecon to ignore any files that match this label, to
prevent it from doing the wrong thing.  restorecon does not understand
the difference between file_t or shadow_t or user_home_t.  So it does
nothing.

So the real problem here is the fact the machine booted with SELinux
disabled and them kept files in /tmp.  Newer versions of fixfiles
attempt to delete these files if it finds them in /tmp.

UNDEFINED=`get_undefined_type` || exit $?
UNLABELED=`get_unlabeled_type` || exit $?
find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*"
\) \( -type s -o -type p \) -delete
find /tmp \( -context "*:${UNLABELED}*" -o -context "*:${UNDEFINED}*"
\) -exec chcon --reference /tmp {} \;
find /var/tmp \( -context "*:${UNLABELED}*" -o -context
"*:${UNDEFINED}*" \) -exec chcon --reference /var/tmp {} \;
find /var/run \( -context "*:${UNLABELED}*" -o -context
"*:${UNDEFINED}*" \) -exec chcon --reference /var/run {} \;
[ -e /var/lib/debug ] && find /var/lib/debug \( -context
"*:${UNLABELED}*" -o -context "*:${UNDEFINED}*" \) -exec chcon
- --reference /lib {} \;

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LTCUACgkQrlYvE4MpobOA3QCgj+B+ujz+aWl2ShEi7MmmrMlu
wRkAoIZ12wN6w8C6bKt4ul3wjWU9h6OB
=D0by
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John R Pierce wrote:
> On 01/09/12 11:11 AM, m.r...@5-cent.us wrote:
>> They are? I dunno - ours are labelled where they're intended to be
>> mounted, like / or /boot
>
> don't plug one of those into a different system for repair or you'll
> have all kinda grief.   $HOSTNAME_root would be the sane way to do it...
>
I'm trying to figure out why I'd plug one into a different system for
repair. Either the drive's bad, or I'm re-embodying a server that died,
but left good drives. If it's going bad, the *only* thing I'm going to do
is plug it into a hot-swap bay (just about all of ours have those, love
them) to recover some data, then wipe it.

>>> hostnames tend to be messy and nearly as unreadable as a uuid, so
>>> embedding them in a label wouldn't actually be much help.
>> Oh, you're in one of *those* places "This machine was bought under
>> this account, and is part of this project, and there's 1-4 char
>> abbreviations for each, and .
>
> well, $job is at a large multinational...  company standardized
> hostnames start with a 3 letter site prefix, then -S for server, then a
> 6 digit department ID, then -nnn as a server ID within that group.
> fug-ly. projects are too transient and servers tend to bounce around
> between physical and virtual over their life cycle.

Exactly what I was implying. Been there, but mostly in smaller groups, so
we could name our own.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

Les Mikesell wrote:
> On Mon, Jan 9, 2012 at 1:11 PM,   wrote:
>>
>>> labels get messy too, when you have 27 systems and a half dozen file
>>> systems each.  you want your labels globally unique so if you plug a
>>> volume into another system for repair there's no collisions.   our
>>
>> They are? I dunno - ours are labelled where they're intended to be
>> mounted, like / or /boot
>
> On which machine?  Don't you ever move drives around?  Things can get
> ugly with duplicate labels even if the reason you added a used disk
> was just to reformat it and reuse as a different mount.

On all of them. They should be running the same o/s. Move them around? No,
not unless we're replacing one that's either failed, or too small. And
with hostname and IP via dhcp, there's only a few things to worry about,
such as if it's an h/a or HPC cluster member, or backups, home directory
server, whatever.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Marko Vojinovic]

On Monday 09 January 2012 11:45:26 Daniel J Walsh wrote:
> SELinux has no idea what the labels are in /tmp, so restorecon will
> not change the labels.  It would be best to just remove the content
> from /tmp and allow new content to be created.  If you want the
> content to be accessible from apache, you could change it to httpd_tmp_t
> 
> chcon -t httpd_tmp_t /tmp/PATH

But isn't there a policy for default labelling of arbitrary files put in /tmp? 
I mean, when apache puts a file in /tmp, it should be labelled *somehow*, 
according to the rules for apache and/or the /tmp directory, right? This 
should happen in both enforcing and permissive modes.

So is the default type label for such a case file_t? If it is, it's a bug, 
since SELinux would deny subsequent access to that file, per policy, right?

If I understood the OP correctly, he enabled SELinux (into permissive mode), 
relabeled the whole filesystem, rebooted several times, and after all that 
apache creates a file in /tmp with a label file_t. AFAIK, this should *never* 
happen, with the default policy. 

Or am I missing something?

The only way I can understand how this can happen is to conjecture that the OP 
has turned on SELinux and --- *before* proper relabelling of the filesystem --- 
customized the policy (using audit2allow) to allow apache to read/write files 
of type file_t (this was neither confirmed nor denied by the OP). Since this is 
inconsistent with other rules in the policy, my suggestion was to "reset" the 
policy to CentOS default and relabel everything again before making any 
further customizations. However, I don't know how to actually do the "reset 
the policy" step, since I never needed it. :-)

Is there an alternative explanation to the whole mess?

Best, :-)
Marko


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 11:11 AM, m.r...@5-cent.us wrote:
> They are? I dunno - ours are labelled where they're intended to be
> mounted, like / or /boot

don't plug one of those into a different system for repair or you'll 
have all kinda grief.   $HOSTNAME_root would be the sane way to do it...

>> hostnames tend to be messy and nearly as unreadable as a uuid, so
>> embedding them in a label wouldn't actually be much help.
> Oh, you're in one of *those* places "This machine was bought under
> this account, and is part of this project, and there's 1-4 char
> abbreviations for each, and .

well, $job is at a large multinational...  company standardized 
hostnames start with a 3 letter site prefix, then -S for server, then a 
6 digit department ID, then -nnn as a server ID within that group. 
fug-ly. projects are too transient and servers tend to bounce around 
between physical and virtual over their life cycle.


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[Les Mikesell]

On Mon, Jan 9, 2012 at 1:11 PM,   wrote:
>
>> labels get messy too, when you have 27 systems and a half dozen file
>> systems each.  you want your labels globally unique so if you plug a
>> volume into another system for repair there's no collisions.   our
>
> They are? I dunno - ours are labelled where they're intended to be
> mounted, like / or /boot

On which machine?  Don't you ever move drives around?  Things can get
ugly with duplicate labels even if the reason you added a used disk
was just to reformat it and reuse as a different mount.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] suppressing openssh server identification

[Craig White]

On Jan 8, 2012, at 3:32 AM, Александр Кириллов wrote:

>> With all of the discussions regarding getting p3wned, I am feeling
>> paranoid and can't seem to figure out how to suppress this...
>> 
>> telnet $SOME_CENTOS_5_SERVER 22
>> Trying $SOME_IP_ADDRESS...
>> Connected to $SOME_CENTOS_5_SERVER.
>> Escape character is '^]'.
>> SSH-2.0-OpenSSH_4.3
>> 
>> 'Banner no' doesn't do it. Is it possible to suppress the version?
> 
> http://www.openssh.org/faq.html#2.14

;-) 

I guess that's pretty definitive and I honestly did google before I asked the 
list and didn't find this.

Thanks

Craig
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John R Pierce wrote:
> On 01/09/12 10:33 AM, m.r...@5-cent.us wrote:
>> So we use labels. I*loathe*  UUIDs. Quick, tell my yours on one system
>> without looking (as would be the case if the drive crashed).
>
> from my rescue environment, I'd use:  xfs_admin -u /dev/
> (or the somewhat messier ext? equiv)
>
> labels get messy too, when you have 27 systems and a half dozen file
> systems each.  you want your labels globally unique so if you plug a
> volume into another system for repair there's no collisions.   our

They are? I dunno - ours are labelled where they're intended to be
mounted, like / or /boot

> hostnames tend to be messy and nearly as unreadable as a uuid, so
> embedding them in a label wouldn't actually be much help.

Oh, you're in one of *those* places "This machine was bought under
this account, and is part of this project, and there's 1-4 char
abbreviations for each, and .

 mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos6.2, parted and alignment

[John R Pierce]

On 01/09/12 10:37 AM, m.r...@5-cent.us wrote:
> If*anyone*  has the answer to this, I want to know. Or maybe we should
> just file a bug against parted, which ABSOLUTELY, POSITIVELY does*not*
> want to a) align it for best performance, or b)*TELL*  you what you need
> to align it.

Is there another tool I can use for GPT partitions over 2TB ?


> Using gparted (GUIs, why did it have to be GUIs), you at least don't get
> that idiot warning.

yeah, no gui on my file or database servers.  not gonna happen.

another whine is the stupid decmial k/M/G/T it insists on showing.   I'd 
tolerate that if there was an option to show the binary versions all 
software works on.

-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 10:33 AM, m.r...@5-cent.us wrote:
> So we use labels. I*loathe*  UUIDs. Quick, tell my yours on one system
> without looking (as would be the case if the drive crashed).

from my rescue environment, I'd use:  xfs_admin -u /dev/
(or the somewhat messier ext? equiv)

labels get messy too, when you have 27 systems and a half dozen file 
systems each.  you want your labels globally unique so if you plug a 
volume into another system for repair there's no collisions.   our 
hostnames tend to be messy and nearly as unreadable as a uuid, so 
embedding them in a label wouldn't actually be much help.

my install instructions for this server config ($job work in progress) 
currently read...

 mkfs.xfs -f /dev/sda1
 uuid=$(xfs_admin -u /dev/sda1 | awk '{print $3}')   # get the UUID
 echo "UUID=$uuid /data  xfs defaults1 2" >> /etc/fstab
 mkdir /data
 mount /data



-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[m . roth]

Ljubomir Ljubojevic wrote:
> On 01/09/2012 07:31 PM, m.r...@5-cent.us wrote:
>> I *loathe* dnsorbs Maybe this one will get through its crap. Maybe
>> if I add a few more words
>>
>> John R. Dennison wrote:
>>> On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
 I haven't gotten anything from the list since my email of 09:34 EST.
 Do I have a problem, or is the list quiet?

>>> You _could_ just have checked the archive.
>>
>> Actually, I went to the archives, and at least saw something from *sigh*
>> Bennett that was dated 12:34 or so today; that was why I asked. Dunno if
>> someone (NOT my hosting co - I don't have any filtering turned on) is
>> delaying, or filtering, or if I'd been dropped for some reason, or
>
> I have seen few times when several replies came 2-3 hours before the
> original thread starter. I think Grey-listing could be responsible.

Yeah, but grey-listing *outbound*?

#include 
Or were you suggesting my email was grey-listed?

   mark "actually, my cloak is green, not grey"

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[Ljubomir Ljubojevic]

On 01/09/2012 07:31 PM, m.r...@5-cent.us wrote:
> I *loathe* dnsorbs Maybe this one will get through its crap. Maybe if
> I add a few more words
>
> John R. Dennison wrote:
>> On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
>>> I haven't gotten anything from the list since my email of 09:34 EST. Do
> I have a problem, or is the list quiet?
>>>
>>> Please cc me offlist, if this goes through.
>>
>> I hope you get 20,000 replies :)
>
> Nope, jes' one, so far.
> 
>> You _could_ just have checked the archive.
>
> Actually, I went to the archives, and at least saw something from *sigh*
> Bennett that was dated 12:34 or so today; that was why I asked. Dunno if
> someone (NOT my hosting co - I don't have any filtering turned on) is
> delaying, or filtering, or if I'd been dropped for some reason, or
>

I have seen few times when several replies came 2-3 hours before the 
original thread starter. I think Grey-listing could be responsible.

-- 

Ljubomir Ljubojevic
(Love is in the Air)
PL Computers
Serbia, Europe

Google is the Mother, Google is the Father, and traceroute is your
trusty Spiderman...
StarOS, Mikrotik and CentOS/RHEL/Linux consultant
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] centos6.2, parted and alignment

[m . roth]

John R Pierce wrote:
> I have a large raid (lsi megaraid sas2 9261-8i card) and when I use
> parted to initialize it as the one big partition I want, it gives me a
> warning.

>  # parted -a optimal /dev/sda "mkpart primary 128s -1s"
>  Warning: You requested a partition from 65.5kB to 81.0TB.
>  The closest location we can manage is 65.5kB to 81.0TB.
>  Is this still acceptable to you?
>  Yes/No? yes
>  Warning: The resulting partition is not properly aligned for best
> performance.
>  Ignore/Cancel? i
>  Information: You may need to update /etc/fstab.

If *anyone* has the answer to this, I want to know. Or maybe we should
just file a bug against parted, which ABSOLUTELY, POSITIVELY does *not*
want to a) align it for best performance, or b) *TELL* you what you need
to align it.

Using gparted (GUIs, why did it have to be GUIs), you at least don't get
that idiot warning.

  mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John R Pierce wrote:
> On 01/09/12 6:09 AM, John Doe wrote:
>> Works fine here...
>> On some PCs/servers the key is sdb...
>
> the days of relying on /dev/sd? are long past.

Heh. See the point of a related thread, where mkswap -L did. not. work. No
label...
>
> 'scsi' devices renumber themselves on every boot. case in point,

So we use labels. I *loathe* UUIDs. Quick, tell my yours on one system
without looking (as would be the case if the drive crashed).

I've even labelled software RAID partitions.

   mark


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[m . roth]

I *loathe* dnsorbs Maybe this one will get through its crap. Maybe if
I add a few more words

John R. Dennison wrote:
> On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
>> I haven't gotten anything from the list since my email of 09:34 EST. Do
I have a problem, or is the list quiet?
>>
>> Please cc me offlist, if this goes through.
>
> I hope you get 20,000 replies :)

Nope, jes' one, so far.

> You _could_ just have checked the archive.

Actually, I went to the archives, and at least saw something from *sigh*
Bennett that was dated 12:34 or so today; that was why I asked. Dunno if
someone (NOT my hosting co - I don't have any filtering turned on) is
delaying, or filtering, or if I'd been dropped for some reason, or

Thanks, though.

   mark



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] centos6.2, parted and alignment

[John R Pierce]

I have a large raid (lsi megaraid sas2 9261-8i card) and when I use 
parted to initialize it as the one big partition I want, it gives me a 
warning.

 # parted /dev/sda "mklabel gpt"
 Warning: The existing disk label on /dev/sda will be destroyed and 
all data on this
 disk will be lost. Do you want to continue?
 Yes/No? yes
 # parted -a optimal /dev/sda "mkpart primary 128s -1s"
 Warning: You requested a partition from 65.5kB to 81.0TB.
 The closest location we can manage is 65.5kB to 81.0TB.
 Is this still acceptable to you?
 Yes/No? yes
 Warning: The resulting partition is not properly aligned for best 
performance.
 Ignore/Cancel? i
 Information: You may need to update /etc/fstab.

The sector size is 512b actual, the raid stripe size is 64kB, hence 
starting the partition on sector 128.  I've tried various combinations 
of -a, nothing seems to help here.


-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John R Pierce]

On 01/09/12 6:09 AM, John Doe wrote:
> Works fine here...
> On some PCs/servers the key is sdb...

the days of relying on /dev/sd? are long past.

'scsi' devices renumber themselves on every boot. case in point, 
server I'm configuring now... has a LSI mptsas card with 2 disks 
mirrored for the OS and a megasas2 card with a large raid.   when it 
first came, the megaraid had 2 raids on it, /dev/sda and /dev/sdb and 
the OS on the mpt card was on /dev/sdc  I deleted these two raids 
and rebooted.   now the OS was on /dev/sda ... I then defined a new 
larger raid60 on the megaraid, this was /dev/sdb   then I rebooted and 
the megaraid was /dev/sda and the boot drive was /dev/sdb

I chose to mount my raid volume with uuid

|parted /dev/sda ||"mklabel gpt"|
|parted -a optimal /dev/sda ||"mkpart primary 128k -1s"|
|mkfs.xfs -f /dev/sda1|
|uuid=$(xfs_admin -u /dev/sda1 | awk ||'{print $3}'||)   # get the UUID|
|echo ||"uuid=$uuid /data  xfs defaults1 2"| |>
/etc/fstab|
|mkdir /data|
|mount /data|

as I had no need for LVM on this configuration, but

I have to say, I like Solaris's traditional disk numbering, 
/dev/dsk/c0t0d0s0 is channel 0, target 0, device 0, lun 0.   the channel 
numbering is generally constant in a given system if you don't juggle IO 
cards around.

-- 
john r pierceN 37, W 122
santa cruz ca mid-left coast

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Gordon Messmer]

On 01/09/2012 09:08 AM, Daniel J Walsh wrote:
> man sesearch
>
> sesearch -A -s httpd_t -C
>
> WIll show you all the allow rules for the apache service.

Thanks, Dan.  I appreciate the clarification.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] monitoring space in directories

[Alan McKay]

>
> That sounds good.
> Would you share the munin plugin later pls?
> I'm interested too.
>

Sure will.  This is not a top priority for me so I won't likely get to it
for another week or two, but once it is done I will share.


-- 
“Don't eat anything you've ever seen advertised on TV”
 - Michael Pollan, author of "In Defense of Food"
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] missing email

[John R. Dennison]

On Mon, Jan 09, 2012 at 12:49:31PM -0500, m.r...@5-cent.us wrote:
> I haven't gotten anything from the list since my email of 09:34 EST. Do I
> have a problem, or is the list quiet?
> 
> Please cc me offlist, if this goes through.

I hope you get 20,000 replies :)

In the headers of all list traffic is:

List-Archive: 

You _could_ just have checked the archive.




John
-- 
It is not life and wealth and power that enslave men, but the cleaving to
life and wealth and power.

-- Buddha (c. 563-483 BCE)


pgpYxkf83A1Jx.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] missing email

[m . roth]

I haven't gotten anything from the list since my email of 09:34 EST. Do I
have a problem, or is the list quiet?

Please cc me offlist, if this goes through.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 01/07/2012 09:21 PM, Gordon Messmer wrote:
> On 01/05/2012 01:36 PM, Bennett Haselton wrote:
>> http://wiki.centos.org/HowTos/SELinux says: "Access is only
>> allowed between similar types, so Apache running as httpd_t can
>> read /var/www/html/index.html of type httpd_sys_content_t."
>> 
>> however the doc doesn't define what "similar types" means.
> 
> That is a gross oversimplification.  Access is allowed based on a 
> policy, and no "similarity" between types is required.
> 
> If you'd like to see what is allowed, you'll have to get the 
> selinux-policy src.rpm and unpack it to examine the source for the
>  policy.  It sucks, but as far as I know, no more user-friendly
> method exists.
> 
>> and the robots.txt file has type file_t: [root@peacefire04 -
>> /root # ls -lZ /var/www/html/robots.txt -rw-rw-rw-  root root
>> system_u:object_r:file_t:s0 /var/www/html/robots.txt
>> 
>> but Apache can of course access that file.
> 
> If apache can access a mislabeled file, then either SELinux is
> disabled or in permissive mode.  Use "getenforce" to determine
> which. ___ CentOS
> mailing list CentOS@centos.org 
> http://lists.centos.org/mailman/listinfo/centos
man sesearch

sesearch -A -s httpd_t -C

WIll show you all the allow rules for the apache service.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LHyUACgkQrlYvE4MpobMoFwCfd5nnzdufMGqnJV00Fniad0wf
nhYAnjgy+jNcNiZ8QYH38k9VMb5U7TP7
=5PkJ
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Daniel J Walsh]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

SELinux has no idea what the labels are in /tmp, so restorecon will
not change the labels.  It would be best to just remove the content
from /tmp and allow new content to be created.  If you want the
content to be accessible from apache, you could change it to httpd_tmp_t

chcon -t httpd_tmp_t /tmp/PATH

I believe in treating /tmp as temporary and cleaning it out on reboot,
or running it as tmpfs.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8LGaYACgkQrlYvE4MpobPVQwCgxO5XHZkQhrgmLfbhcPIjQbcK
ISoAn183Fc+6RZCY4cPsW2nItMYDq14D
=AFEz
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound over HDMI using nvidia graphics card

[Tait Clarridge]

> 
> http://taiter.com/techlog/2010/07/nvidia-gt210---hdmi-audio.html
> 

My mistake, the correct link is here:

http://blog.taiter.com/tech/2010/07/nvidia-gt210---hdmi-audio.html

Forgot I was testing my redesign and had the wrong server in my host
file :)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] No sound over HDMI using nvidia graphics card

[Tait Clarridge]

> Under gnome control panel, all seems ok: under sound preferences, sound
> output is configured to use HDMI channel.
> 
> I am using nvidia drivers from elrepo.org (nvidia-x11-drv-290.10
> and kmod-nvidia-290.10). Somebody knows where can I find some doc to
> resolve this? Any idea?

I recall doing this on Fedora 14 for my HTPC so it should be similar or
at least point you in the right direction. I wrote something for it
(GeForce 210) here:

http://taiter.com/techlog/2010/07/nvidia-gt210---hdmi-audio.html

I remember having to update the alsa-driver package to something newer
than what was default via ATrpms repo. I believe you need version 1.0.23
or newer for it to work (version can be checked by looking
at /proc/asound/version).

Then I had to go into alsamixer and unmute the line.

Tait

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

m.r...@5-cent.us wrote:
> John Doe wrote:
>> From: "m.r...@5-cent.us" 
>>
>>> I tried to boot from my 6.0 USB key, no joy. Updated it to 6.2. Still
>>> no
>>> joy: it gets started, I do the disk layout, it formats the drives, and
>>> then fails, saying that it can't find "image# 1".
>>
>> Works fine here...
>> On some PCs/servers the key is sdb...
>> syslinux.cfg: append initrd=initrd.img ks=hd:sda2:/ks.cfg
>> repo=hd:sda2:/centos
>> ks.cfg: harddrive --partition=sda2 --dir=/centos
>> /centos contains images/install.img and the DVDs ISOs...
>>
> Yeah, and normally the USB key shows up as sdb. I had to move it, for boot
> order, to get it to boot from it (weird BIOS). But as I said, what I don't
> know is what "image# 1" is referring to. It says "copy it to the right
> directory and try again"... but I don't know *which* *.img it's referring
> to. Karabanh? Johnny? Clues?
>
Following myself, I realized I should have made clear that it *did* boot
to start, and loaded the install image, and I led it through the custom
layout (our std. one, with a much larger /boot), it formats the drives,
and *then* this popup comes up complaining.

mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[m . roth]

John Doe wrote:
> From: "m.r...@5-cent.us" 
>
>> I tried to boot from my 6.0 USB key, no joy. Updated it to 6.2. Still no
>> joy: it gets started, I do the disk layout, it formats the drives, and
>> then fails, saying that it can't find "image# 1".
>
> Works fine here...
> On some PCs/servers the key is sdb...
> syslinux.cfg: append initrd=initrd.img ks=hd:sda2:/ks.cfg
> repo=hd:sda2:/centos
> ks.cfg: harddrive --partition=sda2 --dir=/centos
> /centos contains images/install.img and the DVDs ISOs...
>
Yeah, and normally the USB key shows up as sdb. I had to move it, for boot
order, to get it to boot from it (weird BIOS). But as I said, what I don't
know is what "image# 1" is referring to. It says "copy it to the right
directory and try again"... but I don't know *which* *.img it's referring
to. Karabanh? Johnny? Clues?

mark



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB install annoyances

[John Doe]

From: "m.r...@5-cent.us" 

> I tried to boot from my 6.0 USB key, no joy. Updated it to 6.2. Still no
> joy: it gets started, I do the disk layout, it formats the drives, and
> then fails, saying that it can't find "image# 1".

Works fine here...
On some PCs/servers the key is sdb...
syslinux.cfg: append initrd=initrd.img ks=hd:sda2:/ks.cfg repo=hd:sda2:/centos
ks.cfg: harddrive --partition=sda2 --dir=/centos
/centos contains images/install.img and the DVDs ISOs...

JD
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Tony Molloy]

On Monday 09 January 2012 12:06:04 Bennett Haselton wrote:
> On 1/9/2012 3:41 AM, Tony Molloy wrote:
> > First I'm no SELinux expert ;-( but I've ben following this
> > thread with interest. It apears to be going around in circles.
> > 
> > The only time I've come across a file_t type is when I have
> > something on a machine that SELinux doesn't know about. That is
> > SELinux has no policy for it. An example would be if I create a
> > new top level directory when I install a machine. SELinux knows
> > nothing about that directory name and has no preset type for it
> > so it gets a label of file_t or default_t. Doing a relabel in
> > that case will have no affect on the file label as SELinux still
> > doesn't have a policy for it.
> > 
> > So the question is how did your file get the file_t type in the
> > first place. You say it is generated from a cgi script run from
> > apache.
> > 
> > So is this the default apache which comes with CentOS
> > 
> > What is the context of the apache executable. It should be
> > -rwxr-xr-x  root root system_u:object_r:httpd_exec_t  
> > /usr/sbin/httpd
> 
> Yes that's what I've got.
> 

Ok so apache is corectly labelled.

> > Where in the filesystem is the cgi script located. How did it get
> > there.
> > 
> > What is the context of the cgi script
> > 
> > What is the context of the directory the cgi script is in.
> 
> [root@g6950-21025 ~]# ls -lZ /var/www/cgi-bin/capture.cgi
> -rwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t
> /var/www/cgi-bin/capture.cgi
> [root@g6950-21025 ~]# ls -ldZ /var/www/cgi-bin/
> drwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t
> /var/www/cgi-bin/
> 
> The script got there because I uploaded it there.

The reason I asked that was because how the script got there can 
determine it's context.

For instance:

cp:   gives it the correct context of the directory it was copied into
mv:  does not, it preserves the original context 

But the above context(s) look ok
> 
> > What is the context of /tmp. It should be
> > drwxrwxrwt  root root system_u:object_r:tmp_t  /tmp
> 
> Yep.
> [root@g6950-21025 ~]# ls -ldZ /tmp
> drwxrwxrwt  root root system_u:object_r:tmp_t  /tmp
> 

Ok that's fine.
> > Regards
> > 
> > Tony

Now try a little experiment

# touch /tmp/x.x

# ls -alZ /tmp/x.x

should have the following context

-rw-r--r--  root root root:object_r:tmp_t  x.x

You can also try copying and moving a file to /tmp and check the 
context after each to see the difference.
 
Then delete the file created by your script from /tmp and run your cgi 
script by hand.

What is the context of the file now created.

Regards,
Tony
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Bennett Haselton]

On 1/9/2012 3:41 AM, Tony Molloy wrote:
> On Sunday 08 January 2012 23:19:39 Bennett Haselton wrote:
>> On 1/8/2012 7:28 AM, Ljubomir Ljubojevic wrote:
>>> On 01/08/2012 03:15 PM, Bennett Haselton wrote:
 It's a file created by one of my CGI scripts.  (The web server
 is accessed by several hostnames which are dynamically assigned
 to it, and I need a quick way of determining all hostnames that
 were recently used to access the server.  So when someone
 accesses the server using HOSTNAME, the file
 /tmp/hostname_is created.  Then another script
 just pulls the names of all of those files in order to find all
 recently used hostnames.)

> My suggestion:
>
> stop apache
> run relabeling again (if file continues to exists)
> start apache
> check
 Well when I was doing the relabeling I was doing:
 # touch /.autorelabel
 # reboot

 So when I'm rebooting apache stops and starts anyway, doesn't
 it? Doesn't the auto-relabel occur before other services are
 started up?  So I'm not sure what I would actually do
 differently to follow this suggestion...
>>> Ah, you are write, sorry. Well you might need to apply proper
>>> (httpd_) SELinux label for that file. At the time of creation? \
>>> Maybe move it to another location where it will get automatic
>>> label for what you want?
>> Well the warning messages say that file_t files should *never* get
>> created if the filesystem is labeled properly.  So I didn't think
>> it was just a matter of creating files where the default filetype
>> would be different, because the default filetype should not be
>> file_t anywhere.
>>
>> I could create a world-writeable directory somewhere else and have
>> all the scripts write to that but it would be a pain to re-write
>> and re-test everything as a workaround for this one bug...
>>
>> Well, one other theory: /tmp is a different partition, right?  So
>> maybe when I do
>> # touch /.autorelabel
>> # reboot
>>
>> it's only re-labeling the / partition and not the /tmp one?
>> Unfortunately in that case I don't know how to make it re-label the
>> /tmp filesystem as well.  I tried creating /tmp/.autorelabel and
>> rebooting, but that didn't work; /tmp/hostname_SKYSLICE.INFO and
>> other files still had type file_t.
>>
>> Bennett
>> ___
>> CentOS mailing list
>> CentOS@centos.org
>> http://lists.centos.org/mailman/listinfo/centos
> First I'm no SELinux expert ;-( but I've ben following this thread
> with interest. It apears to be going around in circles.
>
> The only time I've come across a file_t type is when I have something
> on a machine that SELinux doesn't know about. That is SELinux has no
> policy for it. An example would be if I create a new top level
> directory when I install a machine. SELinux knows nothing about that
> directory name and has no preset type for it so it gets a label of
> file_t or default_t. Doing a relabel in that case will have no affect on
> the file label as SELinux still doesn't have a policy for it.
>
> So the question is how did your file get the file_t type in the first
> place. You say it is generated from a cgi script run from apache.
>
> So is this the default apache which comes with CentOS
>
> What is the context of the apache executable. It should be
> -rwxr-xr-x  root root system_u:object_r:httpd_exec_t   /usr/sbin/httpd
Yes that's what I've got.
> Where in the filesystem is the cgi script located. How did it get
> there.
>
> What is the context of the cgi script
>
> What is the context of the directory the cgi script is in.
[root@g6950-21025 ~]# ls -lZ /var/www/cgi-bin/capture.cgi
-rwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t 
/var/www/cgi-bin/capture.cgi
[root@g6950-21025 ~]# ls -ldZ /var/www/cgi-bin/
drwxr-xr-x  root root system_u:object_r:httpd_sys_script_exec_t 
/var/www/cgi-bin/

The script got there because I uploaded it there.
> What is the context of /tmp. It should be
> drwxrwxrwt  root root system_u:object_r:tmp_t  /tmp
Yep.
[root@g6950-21025 ~]# ls -ldZ /tmp
drwxrwxrwt  root root system_u:object_r:tmp_t  /tmp
> Regards
>
> Tony
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] SELinux and access across 'similar types'

[Tony Molloy]

On Sunday 08 January 2012 23:19:39 Bennett Haselton wrote:
> On 1/8/2012 7:28 AM, Ljubomir Ljubojevic wrote:
> > On 01/08/2012 03:15 PM, Bennett Haselton wrote:
> >> It's a file created by one of my CGI scripts.  (The web server
> >> is accessed by several hostnames which are dynamically assigned
> >> to it, and I need a quick way of determining all hostnames that
> >> were recently used to access the server.  So when someone
> >> accesses the server using HOSTNAME, the file
> >> /tmp/hostname_   is created.  Then another script
> >> just pulls the names of all of those files in order to find all
> >> recently used hostnames.)
> >> 
> >>> My suggestion:
> >>> 
> >>> stop apache
> >>> run relabeling again (if file continues to exists)
> >>> start apache
> >>> check
> >> 
> >> Well when I was doing the relabeling I was doing:
> >> # touch /.autorelabel
> >> # reboot
> >> 
> >> So when I'm rebooting apache stops and starts anyway, doesn't
> >> it? Doesn't the auto-relabel occur before other services are
> >> started up?  So I'm not sure what I would actually do
> >> differently to follow this suggestion...
> > 
> > Ah, you are write, sorry. Well you might need to apply proper
> > (httpd_) SELinux label for that file. At the time of creation? \
> > Maybe move it to another location where it will get automatic
> > label for what you want?
> 
> Well the warning messages say that file_t files should *never* get
> created if the filesystem is labeled properly.  So I didn't think
> it was just a matter of creating files where the default filetype
> would be different, because the default filetype should not be
> file_t anywhere.
> 
> I could create a world-writeable directory somewhere else and have
> all the scripts write to that but it would be a pain to re-write
> and re-test everything as a workaround for this one bug...
> 
> Well, one other theory: /tmp is a different partition, right?  So
> maybe when I do
> # touch /.autorelabel
> # reboot
> 
> it's only re-labeling the / partition and not the /tmp one?
> Unfortunately in that case I don't know how to make it re-label the
> /tmp filesystem as well.  I tried creating /tmp/.autorelabel and
> rebooting, but that didn't work; /tmp/hostname_SKYSLICE.INFO and
> other files still had type file_t.
> 
> Bennett
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

First I'm no SELinux expert ;-( but I've ben following this thread 
with interest. It apears to be going around in circles.

The only time I've come across a file_t type is when I have something 
on a machine that SELinux doesn't know about. That is SELinux has no 
policy for it. An example would be if I create a new top level 
directory when I install a machine. SELinux knows nothing about that 
directory name and has no preset type for it so it gets a label of 
file_t or default_t. Doing a relabel in that case will have no affect on 
the file label as SELinux still doesn't have a policy for it.

So the question is how did your file get the file_t type in the first 
place. You say it is generated from a cgi script run from apache.

So is this the default apache which comes with CentOS

What is the context of the apache executable. It should be
-rwxr-xr-x  root root system_u:object_r:httpd_exec_t   /usr/sbin/httpd

Where in the filesystem is the cgi script located. How did it get 
there.

What is the context of the cgi script

What is the context of the directory the cgi script is in.

What is the context of /tmp. It should be
drwxrwxrwt  root root system_u:object_r:tmp_t  /tmp

Regards 

Tony
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Johnny Hughes]

On 01/08/2012 08:40 PM, email builder wrote:
>
>   So maybe I *do* need to open a bug report?  Where do I do that?
  can you try to disable ipv6, then reboot and see if you still get the 
  error message?
>>>  Sorry, it's a production machine, I'd rather not do that.  I can 
>>> make small
>>>  changes but a reboot--   Beside, if this is the set of packages CentOS
>>>  gives me when I install something like spamassassin, it seems like
>>>  they should work no matter what.   But don't get me wrong, I really
>>>  appreciate your suggestion.
>> It is not the CentOS packages causing your issues.  I told you already
>> that I have spamassassin running with these packages with no problems:
> Although I have the 32-bit packages which could be slightly different, no?
>
> That said, I would tend to think you're correct:
>
>> The issue you are having, based on the error that you posted, is that
>> something else is already providing the subroutine
>> "Net::DNS::Resolver::Base::AF_INET6" when it is trying to be loaded by
>> perl module provided by CentOS (perl-Net-DNS-0.59-3.el5.i386).  What we
>> do not know is what ELSE is providing that routine.
> It seems like it shouldn't be hard to grep for who the culprit is, but what
> do I know - doing this didn't turn up anything I could too easily decypher:
>
> cd /usr/lib/perl5
> grep -rin 'af_inet6' *
>
> I only got 40 lines of output from that so I could post them if needed.
> Grepping exactly for "sub af_inet6" gives me only one result:
>
> 5.8.8/i386-linux-thread-multi/bits/socket.ph:66:eval 'sub AF_INET6 () { 
> &PF_INET6;}' unless defined(&AF_INET6);
>
> Are there modules that are placed somewhere other than
> /usr/lib/perl5 that could have the offending code?  Or is this
> a fruitless way to track down the problem?
>

perl-NetAddr-IP-4.044-1.el5.rf   <=== I think that is the problem package

I don't know if that version is required by the repoforge packages ... but base 
contains perl-NetAddr-IP-4.027-5.el5_6

I would see if I could replace perl-NetAddr-IP-4.044-1.el5.rf from repoforge 
with perl-NetAddr-IP-4.027-5.el5_6 from base.





signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] sa-update error with perl

[Nicolas Thierry-Mieg]

Johnny Hughes wrote:
> On 01/07/2012 12:50 PM, email builder wrote:
>   I don't know what is causing your specific issue ... whether you
> are
>   getting something newer in sa-update than is designed to work with
>   CentOS (sa-update bypasses the normal rpm type updates and does updates
>   from elsewhere).  It should only update rules, so maybe some of the new
>   rules require a new version of perl-Net-DNS.  If that is the case, then
>   a Red Hat bugzilla entry needs to be made.
   See above - it's the spamassassin restart that causes the error, in
   the end, nothing really to do with sa-update.

>   If it will not work with the CentOS version of perl-Net-DNS and if it
>   works with the rfx version, then obviously you would run that.  If that
>   is the case, we need to get the rhel one upgraded.
   So maybe I *do* need to open a bug report?  Where do I do that?
>>> can you try to disable ipv6, then reboot and see if you still get the
>>> error message?
>> Sorry, it's a production machine, I'd rather not do that.  I can make small
>> changes but a reboot--   Beside, if this is the set of packages CentOS
>> gives me when I install something like spamassassin, it seems like
>> they should work no matter what.   But don't get me wrong, I really
>> appreciate your suggestion.
>>
>>
>
> It is not the CentOS packages causing your issues.  I told you already
> that I have spamassassin running with these packages with no problems:
> ==
> [root@localhost ~]# rpm -qa | grep -i perl | sort

> The issue you are having, based on the error that you posted, is that
> something else is already providing the subroutine
> "Net::DNS::Resolver::Base::AF_INET6" when it is trying to be loaded by
> perl module provided by CentOS (perl-Net-DNS-0.59-3.el5.i386).  What we
> do not know is what ELSE is providing that routine.
>
> Since I have the same 3 RPMs installed that you are quoting as the
> potential issue, and since I am not having the dual subroutine issue,
> that implies that the "SOMETHING ELSE" providing the other
> "Net::DNS::Resolver::Base::AF_INET6" is not any of the packages that I
> have installed.
>
> So, I would say that this issue must be caused by the intermixing of
> perl modules from other than CentOS repositories.
>
> Can anyone reproduce this issue without .rf. or .rfx. perl modules
> installed?

I have seen this same issue, but on a system where I am a user, so I 
can't experiment much. I tried to reproduce it on one of my systems and 
could not.
The only perl package from rf[x] on the system with the issue is 
perl-NetAddr-IP-4.044-1.el5.rf.x86_64. Installing that on my test system 
does not exhibit the problem, but the test system has ipv6 disabled.

What I get on the problem system is eg:
$ sa-learn --spam .0spam/cur/
Subroutine IO::Socket::INET6::AF_INET6 redefined at 
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
  at /usr/lib/perl5/vendor_perl/5.8.8/IO/Socket/INET6.pm line 16
Subroutine Net::DNS::Resolver::Base::AF_INET6 redefined at 
/usr/lib/perl5/5.8.8/Exporter.pm line 65.
  at 
/usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/Net/DNS/Resolver/Base.pm
 
line 66
Learned tokens from 0 message(s) (2 message(s) examined)


There are many similar issues on google. It seems to be just noise 
though, and spamassassin still appears to function properly.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos