[CentOS] USB devices - libgphoto2 - PTP - hplip

[Michael H]

Hi,
Posting this again as it has been drowned. can anybody assist?


--

Hi All,

I'm trying to disable USB storage devices in Centos7.1.1503.

I've setup udev rules to block all usb devices and then additional rules
to allow specific vendors / products to be used (mainly keyboards and
mice). This is all working perfectly.

cat /etc/udev/rules.d/01-usblockdown.rules
# Block all USB devices
ACTION=="add", SUBSYSTEMS=="usb", RUN+="/bin/sh -c 'for host in
/sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"
# Allow devices
# Keyboards
ACTION=="add", ATTR{idVendor}=="04f3", ATTR{idProduct}=="0103"
RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"
..

Now I'm testing against mobile devices and when I connect an Asus mobile
telephone it's mounting the camera using PTP even though the device is
not allowed in my udev rules.

I removed libgphoto2 which has now stopped the PTP from automounting.

My issue is that I require hplip on my systems for certain printer
drivers and this package was removed along with libgphoto2. I added an
'exclude=libgphoto2*' to my /etc/yum.repos.d/CentOS-Base.repo and
installing hplip now fails on dependencies.

Is there a method of disable libgphoto2 PTP without having to remove the
package? or can I create further udev rules to stop PTP mounts?

thanks in advance,

Michael
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Leon Fauster]

Am 10.12.2015 um 09:37 schrieb Michael H :
> 
> I'm trying to disable USB storage devices in Centos7.1.1503.

on EL6 we use: 

# cat /etc/modprobe.d/usb-disabled.conf
install usb-storage /bin/true

# depmod -a

--
LF


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Re: CentOS 7, NetworkMangler, and ipv6

[Yamaban]

On Thu, 10 Dec 2015 16:00, m.roth@... wrote:


We've started having a problem with a CentOS 7 server. It looses its IPv6
address, if I understand this issue correctly. We can get in, if we do ssh
-4, though.

In the logs, I'm seeing this about twice an hour:
  (pid 98466) unhandled DHCP event for interface ens3f0

Now, in googling, I get very few hits putting quotes around "unhanded dhcp
exception" - in fact, the only one I found that seemed to talk about it
was from someone's slackware box, where there was some sort of
configuration, perhaps similar to ifcfg-, and they were telling that
person to remove it, because it conflicted with what Networkmanager was
trying to do, leaving it in a confused state.

Any thoughts?

  mark


My first thought upon reading this was:
Well, let's block / drop the irritating packets via firewall / iptables.

Is the source of these packets allowed to contact your box at all?
 - No : then block it fully, ipv4 and ipv6
 - Yes: block all dhcpv4 / dhcpv6 / radv traffic to and from this source.
   or even more aggressive: first block this box, second only open the
   minimum required ports to that box.

IMHO, Networkmanager(and its underlaying helpers) should be much more
carefull in handling Router / DHCP stuff.
It's biggest niggle for me is a missing white- and black-list for
(dis-)allowed routers / dhcp-servers.

Is this the "Right(tm)" thing to do? Dunno, but that would be my gut-telling.

 - Yamaban

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Fedora change announcements [was Re: wifi on servers and fedora [was Re: 7.2 kernel panic on boot]]

[Matthew Miller]

On Thu, Dec 10, 2015 at 04:56:34PM -0500, m.r...@5-cent.us wrote:
> Why not what was suggested, a summary every month or three? How about
> sending announcements?

Do people _want_ accepted Fedora change announcements posted to this
list? That's pretty easy to arrange if it really helps. I don't see a
big benefit over just following the annoucement list where they're
posted (filtering out other topics if you want), but if people would
really find that helpful, we could do it.

-- 
Matthew Miller

Fedora Project Leader
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Warren Young]

On Dec 10, 2015, at 1:37 AM, Michael H  wrote:
> 
> I've setup udev rules to block all usb devices and then additional rules
> to allow specific vendors / products to be used (mainly keyboards and
> mice).

It sounds like you’re reinventing the wheel:

https://github.com/dkopecek/usbguard


Search for “Linux USB whitelist” for additional existing solutions to the 
problem, if you don’t like USBGuard for some reason.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Warren Young]

On Dec 9, 2015, at 11:55 AM, m.r...@5-cent.us wrote:
> 
> Matthew Miller wrote:
>> On Wed, Dec 09, 2015 at 01:05:15PM -0500, m.r...@5-cent.us wrote:
> 
>>> So, you're saying that end users need to go poke their noses into the
>>> development process
>> 
>> If you want to go out of your way to read it that way, it's hard to
>> stop you. However, it's not what I'm saying. The development process is
>> conducted in the open for a reason.
> 
> I don't see that as going "out of my way". Let's put it this way: how many
> times have folks on the development side poked their nose in here - the
> general redhat list is pretty dead - and asked anything?

So…you want veto power over Fedora?  You want every proposed change to cross 
your desk for a yea/nay?

What if the Fedora project gatewayed the low-traffic development mailing list 
to this one, so that you don’t even have *that* barrier to participation?  Now 
ask yourself: what user-visible changes do you expect in the world afterward?

Hint to the correct answer: F/OSS is a do-ocracy: those who do the work, rule.

People give Poettering a lot of static, but the fact is, he Gets. Stuff. Done.  
If you want different stuff done, you’re going to have to make that happen 
somehow.  Shouted complaints from a soapbox don’t compile.

And don’t play the “underfunded government agency” card.  LANL, LLBL, ORNL, 
NASA, USGS…all have given back lots of code to the open source world.  As well 
they should, because they derive an awful lot of benefit from that world.

I’m not against your basic position, Mark.  I, too, have shaken my head in 
dismay at several of the desktop-focused behaviors in recent versions of 
CentOS.[*]  I think where we actually differ is that I realize that I have no 
right to complain all that loudly about them, because I have the means to 
change them, but do not.

Partly that’s because of differing priorities, partly it’s out of rational 
self-interest (i.e. I know how many OS forks fizzle) and yes, it’s partly just 
laziness.  But there’s that difference: I know why I’m not out there trying to 
change it.

What are your reasons?



[*] My favorite fumble is the one where a 2-NIC box with one DHCP interface and 
one static will swap the configurations silently when you boot with only the 
DHCP cable plugged in.  Because *obviously* you want the static IP to be 
available all the time, right?  This is great for wifi + Ethernet laptops, 
where you want the static IP to move when you plug the wired LAN cable in, but 
it doesn’t work out so great for servers where the DHCP NIC is normally 
disconnected, and exists only so the boots on the ground can move the cable in 
an emergency to reestablish the Internet link after they roached the LAN config 
somehow.  This behavior means the broken static IP moves to the secondary NIC, 
where it remains broken.  Solution: Plug both network cables in so 
NetworkManager doesn’t get Clever.™
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[m . roth]

James Hogarth wrote:
> On 10 December 2015 at 15:00,  wrote:
>
>> We've started having a problem with a CentOS 7 server. It looses its
>> IPv6 address, if I understand this issue correctly. We can get in,
>> if we do ssh -4, though.
>>
>> In the logs, I'm seeing this about twice an hour:
>>   (pid 98466) unhandled DHCP event for interface ens3f0
>>
>> Now, in googling, I get very few hits putting quotes around "unhanded
>> dhcp exception" - in fact, the only one I found that seemed to talk
>> about it was from someone's slackware box, where there was some sort of
>> configuration, perhaps similar to ifcfg-, and they were telling that
>> person to remove it, because it conflicted with what Networkmanager was
>> trying to do, leaving it in a confused state.
>
> Well there's not much to go on here so you're going to have to provide
> more detail ...

Actually, the problem affected one CentOS 6 and one CentOS 7 server.
>
> Does the system lose all ipv6 connectivity (is the fe80:: address
> uncontactable for instance)

Yes. Each lost their IPv6 address.
>
> Does ip addr sh still show the expected global IPv6 address and it's just
> not responding?
>
> Are you using a static ipv6, dhcp ipv6 or SLAAC ipv6 configuration?

DHCP via dibbler.
>
> Does nmcli c sh  still have NM thinking there is an address or
> does that show it as gone as well?

I passed that along to my manager, and he says it's a *really* useful
thing to know, so thanks, muchly.

Oh, and Gordon - switch isn't ours. These boxen are in the datacenter, and
another division runs that. Probably big Cisco items.

Btw, one of them, at least, had two drops going into it. Removing one
seems to have helped.

mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[m . roth]

Yamaban wrote:
> On Thu, 10 Dec 2015 16:00, m.roth@... wrote:
>
>> We've started having a problem with a CentOS 7 server. It looses its
>> IPv6 address, if I understand this issue correctly. We can get in,
>> if we do ssh -4, though.
>>
>> In the logs, I'm seeing this about twice an hour:
>>   (pid 98466) unhandled DHCP event for interface ens3f0
>>
>> Now, in googling, I get very few hits putting quotes around "unhanded
>> dhcp
>> exception" - in fact, the only one I found that seemed to talk about it
>> was from someone's slackware box, where there was some sort of
>> configuration, perhaps similar to ifcfg-, and they were telling that
>> person to remove it, because it conflicted with what Networkmanager was
>> trying to do, leaving it in a confused state.
>>
> My first thought upon reading this was:
> Well, let's block / drop the irritating packets via firewall / iptables.
>
> Is the source of these packets allowed to contact your box at all?

Yes. Btw, this is a box in a datacenter, hardwired. It's getting its IP,
both 4 and 6 via dhcp from another of our servers in that rack.

>   - No : then block it fully, ipv4 and ipv6
>   - Yes: block all dhcpv4 / dhcpv6 / radv traffic to and from this source.
> or even more aggressive: first block this box, second only open the
> minimum required ports to that box.
>
> IMHO, Networkmanager(and its underlaying helpers) should be much more
> carefull in handling Router / DHCP stuff.
> It's biggest niggle for me is a missing white- and black-list for
> (dis-)allowed routers / dhcp-servers.
>
> Is this the "Right(tm)" thing to do? Dunno, but that would be my
> gut-telling.

The other admin I work with was working on it, and it seems to be good.
However, since he restarted the network, I do find this in the logs:
Dec 10 16:06:01  dhclient[96610]: PRC: Renewing lease on ens3f0.
Dec 10 16:06:01  dhclient[96610]: XMT: Renew on ens3f0, interval
10900ms.
Dec 10 16:06:01  dhclient[96610]: RCV: Reply message on ens3f0
from fe80:::
222:64ff:fef6:d30c.
Dec 10 16:06:01  dhclient[96610]: IA_NA status code NoBinding:
"Who are you? Do I know you?"
Dec 10 16:06:01  dhclient[96610]: XMT: Request on ens3f0, interval
910ms.
Dec 10 16:06:01  dhclient[96610]: RCV: Reply message on ens3f0
from fe80:::
Dec 10 16:06:01  dhclient[96610]: IA_NA status code Success:
"Assigned fixx ed address."
Dec 10 16:06:01  NetworkManager[96668]:   (pid 96610)
unhandled DHCP event for interface ens3f0

Oh, yes, not sure who the 222: address is, but the one I've replaced with
 is not merely a valid one, it's the server running dibbler.

So, I'm not sure what the "unhandled DHCP event is.

  mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[m . roth]

Warren Young wrote:
> On Dec 9, 2015, at 11:55 AM, m.r...@5-cent.us wrote:
>> Matthew Miller wrote:
>>> On Wed, Dec 09, 2015 at 01:05:15PM -0500, m.r...@5-cent.us wrote:
>>
 So, you're saying that end users need to go poke their noses into the
 development process
>>>
>>> If you want to go out of your way to read it that way, it's hard to
>>> stop you. However, it's not what I'm saying. The development process is
>>> conducted in the open for a reason.
>>
>> I don't see that as going "out of my way". Let's put it this way: how
>> many times have folks on the development side poked their nose in here
>> - the general redhat list is pretty dead - and asked anything?
>
> So…you want veto power over Fedora?  You want every proposed change to
> cross your desk for a yea/nay?

Beg pardon? Why are you caricaturing what I said? I don't believe any of
us who are complaining are talking about every small change; rather, the
major ones.

As a lesser example, I just *adore* the new ethernet names - NOT. Breaks
scripts, makes it all more difficult, not to mention *so* much easier to
guess, when you've debugging a box and your organization has hardware from
many OEMs. What was wrong with eth0, or even em1? Why go to Sun naming
conventions? Maybe it helps EEs, but not sysadmins.

Please, though, that naming is *not* the point of the thread.
>
> What if the Fedora project gatewayed the low-traffic development mailing
> list to this one, so that you don’t even have *that* barrier to
> participation?  Now ask yourself: what user-visible changes do you expect
> in the world afterward?

Why not what was suggested, a summary every month or three? How about
sending announcements?

> People give Poettering a lot of static, but the fact is, he Gets. Stuff.
> Done.  If you want different stuff done, you’re going to have to make that
> happen somehow.  Shouted complaints from a soapbox don’t compile.

Which a vast number of us strongly opposed, but were not listened to. That
stuff is fine for a desktop, but who *cares* How Fast a *server* Shuts
Down? And coming up - hell, damn HP server take for-bloody-*ever* with
their firmware, init V is faster than their firmware.
>
> And don’t play the “underfunded government agency” card.  LANL, LLBL,
> ORNL, NASA, USGS…all have given back lots of code to the open source
> world.  As well they should, because they derive an awful lot of benefit
> from that world.

May be, but my federal agency is at *least* 5% under what we were getting
in 2003, and my manager, who's working with another Institute about 2/3rds
of his time, and I, and another admin have to manage over 170 servers,
workstations, and clusters, some with special software, and ranging in age
from just bought to 2007 (I think there may be a workstation or 3 older),
and some of which we haven't managed to get the owners to allow us to get
off CentOS 5
>
> I’m not against your basic position, Mark.  I, too, have shaken my head in
> dismay at several of the desktop-focused behaviors in recent versions of
> CentOS.[*]  I think where we actually differ is that I realize that I have
> no right to complain all that loudly about them, because I have the means
> to change them, but do not.

And I ask permission from my fed manager to put in a ticket with upstream
(which reminds me, I need to ask about putting one in for those docs with
links to google ads).
>
> Partly that’s because of differing priorities, partly it’s out of rational
> self-interest (i.e. I know how many OS forks fizzle) and yes, it’s partly
> just laziness.  But there’s that difference: I know why I’m not out there
> trying to change it.
>
> What are your reasons?
>
Lack of time, as I've indicated.
>
> [*] My favorite fumble is the one where a 2-NIC box with one DHCP
> interface and one static will swap the configurations silently when you
> boot with only the DHCP cable plugged in.  Because *obviously* you want
> the static IP to be available all the time, right?  This is great for wifi
> + Ethernet laptops, where you want the static IP to move when you plug the
> wired LAN cable in, but it doesn’t work out so great for servers where the
> DHCP NIC is normally disconnected, and exists only so the boots on the
> ground can move the cable in an emergency to reestablish the Internet link
> after they roached the LAN config somehow.  This behavior means the broken
> static IP moves to the secondary NIC, where it remains broken.  Solution:
> Plug both network cables in so NetworkManager doesn’t get Clever.™

Oh, I remember when you couldn't be sure, pre-NM, what would be eth0,
until you put the MAC address in

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[John R Pierce]

On 12/10/2015 1:56 PM, m.r...@5-cent.us wrote:

As a lesser example, I just*adore*  the new ethernet names - NOT. Breaks
scripts, makes it all more difficult, not to mention*so*  much easier to
guess, when you've debugging a box and your organization has hardware from
many OEMs. What was wrong with eth0, or even em1?


when you have multiple adapters, perhaps different types (maybe 2 10gigE 
and 2 1gigE?) which one is eth0 supposed to be?   BSD has always used 
driver type in the network device names, and having dealt with device 
confusions before, I understand why.




--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Fedora change announcements [was Re: wifi on servers and fedora [was Re: 7.2 kernel panic on boot]]

[John R Pierce]

On 12/10/2015 2:32 PM, Matthew Miller wrote:

On Thu, Dec 10, 2015 at 04:56:34PM -0500,m.r...@5-cent.us  wrote:

>Why not what was suggested, a summary every month or three? How about
>sending announcements?

Do people_want_  accepted Fedora change announcements posted to this
list? That's pretty easy to arrange if it really helps. I don't see a
big benefit over just following the annoucement list where they're
posted (filtering out other topics if you want), but if people would
really find that helpful, we could do it.


I personally say 'NO' to this.  I have zilch interest in Fedora.


--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[John Stanley]

On Thu, 2015-12-10 at 08:37 -0500, Jonathan Billings wrote:

> If you're running Xvnc -inetd out of xinetd or systemd sockets, the
> updates of TigerVNC in 7.2 (CR) break it.  I've got an open bug with
> Red Hat about it, and a fix is on the way.

Privide the BZ Link please?

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[John R Pierce]

On 12/10/2015 3:05 PM, Leroy Tennison wrote:

You think this is irritating, what about when you're trying to replicate the 
network configuration to failover hardware...


IMHO, active/standby failover hardware should have exact identical 
configurations down to firmware revisions, so I'm not sure what the 
issue is.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[Jonathan Billings]

On Dec 10, 2015, at 5:15 PM, John Stanley  wrote:
> Privide the BZ Link please?

https://bugzilla.redhat.com/show_bug.cgi?id=1283925

Not my bug, but the fix is there.

--
Jonathan Billings 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Jonathan Billings]

On Dec 10, 2015, at 6:05 PM, Leroy Tennison  wrote:
> There is a freedesktop.org web page about why they did this - it has to do 
> with mobile devices and plug-and-play networking.  Take that page's statement 
> about setting net.ifnames=0 cautiously, I found it was the exact opposite. 

To be honest, I found that this change better suited servers, which often have 
multiple interfaces on multiple vendor’s cards, rather than mobile devices, 
which tend to only have one ethernet device, if any.  Being able to predictably 
define which interface would be named is much more important when you’ve got 4 
network interfaces, rather than hoping that eth0 is the one you booted from.



--
Jonathan Billings 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Leroy Tennison]

The device I encountered it on had 10 NICS, at installation 6 of them got the 
new naming convention and four of them got the eth convention.  I guess my 
question is "what's wrong with using the MAC address?"  Yes, I know some things 
don't have MAC addresses, let the exceptional situation be the exception. 

- Original Message -
From: "Jonathan Billings" 
To: "CentOS mailing list" 
Sent: Thursday, December 10, 2015 5:15:09 PM
Subject: Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic  
on boot]

On Dec 10, 2015, at 6:05 PM, Leroy Tennison  wrote:
> There is a freedesktop.org web page about why they did this - it has to do 
> with mobile devices and plug-and-play networking.  Take that page's statement 
> about setting net.ifnames=0 cautiously, I found it was the exact opposite. 

To be honest, I found that this change better suited servers, which often have 
multiple interfaces on multiple vendor’s cards, rather than mobile devices, 
which tend to only have one ethernet device, if any.  Being able to predictably 
define which interface would be named is much more important when you’ve got 4 
network interfaces, rather than hoping that eth0 is the one you booted from.



--
Jonathan Billings 


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Confidentiality Notice | This email and any included attachments may be 
privileged, confidential and/or otherwise protected from disclosure.  Access to 
this email by anyone other than the intended recipient is unauthorized.  If you 
believe you have received this email in error, please contact the sender 
immediately and delete all copies.  If you are not the intended recipient, you 
are notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[Gordon Messmer]

On 12/10/2015 12:03 PM, m.r...@5-cent.us wrote:

DHCP via dibbler.


What steps did you take to make dibbler the DHCP client under 
NetworkManager?  (Or do you mean that you're running a dibbler server 
somewhere other than your router?)

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[James Hogarth]

On 10 Dec 2015 23:25, "Leroy Tennison"  wrote:
>
> The device I encountered it on had 10 NICS, at installation 6 of them got
the new naming convention and four of them got the eth convention.  I guess
my question is "what's wrong with using the MAC address?"  Yes, I know some
things don't have MAC addresses, let the exceptional situation be the
exception.
>

Because when that PCI express card with the 4-8 ports on it fails and it's
replaced under warranty having the server come back up right away with the
correct configuration since the logical port names haven't changed despite
the change of MAC is useful...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Gordon Messmer]

On 12/10/2015 07:21 AM, James B. Byrne wrote:

If the bulk of the developers working on Fedora use laptops as their
platform then, inevitably, Fedora will become in essence a laptop
distribution and RHEL will follow.


Surely you're not suggesting that the code a developer writes is 
dependent on the form factor of the computer on which they write it?  
I'm sure that idea would shock nearly all of the developers of software 
for both rack mounted servers and embedded devices.


I think it's likely that, instead, you believe that you are 
representative of all of the people who do your job, and that features 
which you do not need are therefore not needed by others. That logic is 
quite normal, but completely wrong.


Take for instance your opinion of power management for NICs.  While 
power management is important to mobile, battery-operated devices, it is 
also desirable in large data centers.  Cooling and power use are big 
issues for data centers, and that feature was intended for that 
environment.  You dismiss it as laptop-oriented technology, but not all 
system administrators do.



A handful of voices representing server installations, who by
definition are not development types


"By definition?"  Have you heard of DevOps?  Whatever your opinion of 
that idea, there are definitely server admins who take part in 
development at all levels of the stack.



A server based distro to us has certain characteristics that are
orientated to long running processes and system uptimes measured in
months if not years.  I have given up counting how many times I have
to reboot all of our CentOS servers in the past year because of
updates.


I share that frustration, but it has nothing to do with whether or not 
Fedora developers use laptops.  The truth is simply that software 
becomes more complex over time, that there is a growing value in 
attacking computer systems, and that the world is increasingly 
connected.  These things act together to create a situation where bugs 
are more likely in the core components, where it's harder to update a 
system without fully rebooting it.


But there's hope. There are a number of efforts to produce a system to 
update the kernel without reboots (ksplice, kgraft, kpatch, and 
KernelCare).  More developers are writing unit tests.  Code analysis 
tools are improving.  Both the number of bugs produced and the cost of 
fixing them are getting better over time, too.



We do not need plug-and-play; or usb hot-swapping; or hibernation; or
screen savers; or audio-video players; or power optimisation.


That's great for you, but some of those things are really valuable for 
system admins, especially those who run *really large* numbers of 
systems.  Power and cooling cost money, so optimization has a lot of 
value.  A lot of those plug-and-play and hot-swapping technologies that 
you deride are essential for high availability systems (such as SAS/SATA 
hot swapping).


___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[Gordon Messmer]

On 12/10/2015 07:00 AM, m.r...@5-cent.us wrote:

In the logs, I'm seeing this about twice an hour:
  (pid 98466) unhandled DHCP event for interface ens3f0


Might be related to these?  The fix for NM bug 739482 is included in 
NetworkManager-1.0.0-16.git20150121.b4ea599c.el7_1.x86_64, the current 
version on CentOS 7, but it might not be fully fixed?

https://bugzilla.redhat.com/show_bug.cgi?id=1181477
https://bugzilla.gnome.org/show_bug.cgi?id=739482

It looks like that gets logged when the child "dhclient" process sends 
an event without a reason.  If that's the case, then switching from 
NetworkManager to the old "network" service probably won't help.  The 
problem is that "dhclient" is losing the address, and you'll be using 
that under the "network" service as well.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Leroy Tennison]

You think this is irritating, what about when you're trying to replicate the 
network configuration to failover hardware...  There is a way around this, I 
haven't tried it on CentOS but on Ubuntu there are kernel command line 
parameters:

net.ifnames=1
biosdevname=0

which will override this behavior. Again, on Ubuntu these are added in 
/etc/default/grub as parameters to GRUB_CMDLINE_LINUX_DEFAULT.  Finally, 
there's /udev/rules.d/70-persistent-net.rules which allows you to associate a 
MAC address with an eth? label.  However, without the command line parameters 
it is ignored (contrary to other statements on the web ).  Given this is CentOS 
you mileage will almost certainly vary but hopefully this gives you enough to 
go on to get to the final solution.  There is a freedesktop.org web page about 
why they did this - it has to do with mobile devices and plug-and-play 
networking.  Take that page's statement about setting net.ifnames=0 cautiously, 
I found it was the exact opposite.  biosdevname is a program written by someone 
at Dell which is supposed to report on hardware configurations and make some 
sense out of the cesspool.  It appears the source of the whole thing is 
hardware vendors doing whatever they want and in some cases not playing b
 y the rules.

- Original Message -
From: "John R Pierce" 
To: centos@centos.org
Sent: Thursday, December 10, 2015 4:33:24 PM
Subject: Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on 
boot]

On 12/10/2015 1:56 PM, m.r...@5-cent.us wrote:
> As a lesser example, I just*adore*  the new ethernet names - NOT. Breaks
> scripts, makes it all more difficult, not to mention*so*  much easier to
> guess, when you've debugging a box and your organization has hardware from
> many OEMs. What was wrong with eth0, or even em1?

when you have multiple adapters, perhaps different types (maybe 2 10gigE 
and 2 1gigE?) which one is eth0 supposed to be?   BSD has always used 
driver type in the network device names, and having dealt with device 
confusions before, I understand why.



-- 
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Confidentiality Notice | This email and any included attachments may be 
privileged, confidential and/or otherwise protected from disclosure.  Access to 
this email by anyone other than the intended recipient is unauthorized.  If you 
believe you have received this email in error, please contact the sender 
immediately and delete all copies.  If you are not the intended recipient, you 
are notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Leroy Tennison]

Unfortunately, hardware isn't always purchased at the same time and, even if it 
is, how do you know that the vendor didn't make some "transparent" change in 
production that isn't noticeable until you get into the details.  Vendors 
***shouldn't*** do that but then there's reality.

- Original Message -
From: "John R Pierce" 
To: centos@centos.org
Sent: Thursday, December 10, 2015 5:10:23 PM
Subject: Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on 
boot]

On 12/10/2015 3:05 PM, Leroy Tennison wrote:
> You think this is irritating, what about when you're trying to replicate the 
> network configuration to failover hardware...

IMHO, active/standby failover hardware should have exact identical 
configurations down to firmware revisions, so I'm not sure what the 
issue is.


-- 
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Confidentiality Notice | This email and any included attachments may be 
privileged, confidential and/or otherwise protected from disclosure.  Access to 
this email by anyone other than the intended recipient is unauthorized.  If you 
believe you have received this email in error, please contact the sender 
immediately and delete all copies.  If you are not the intended recipient, you 
are notified that disclosing, copying, distributing or taking any action in 
reliance on the contents of this information is strictly prohibited.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Warren Young]

On Dec 10, 2015, at 2:56 PM, m.r...@5-cent.us wrote:
> 
> Warren Young wrote:
>> So…you want veto power over Fedora?
> 
> Beg pardon? Why are you caricaturing what I said?

I didn’t think it was a caricature at all.  You clearly don’t want people to 
“listen” to you, you want veto power.

If all you wanted was to be heard, you’d have stopped banging on this drum long 
ago.  We got it.  We heard you.  You don’t like it.

How else would you characterize a desire for wishes to be changes, other than 
veto power?

> As a lesser example, I just *adore* the new ethernet names - NOT. Breaks
> scripts

Hard-coded values are never a good idea.  That’s been a principle of good 
software design and systems administration since the 1960s, at least.

The outputs of ip link and ifconfig -a are parseable for a reason.  Or, you can 
iterate over the contents of /sys/class/net.

Mind, I didn’t come away from that change unscathed.  I had to go back and make 
some changes to my code.  I think it amounted to about an hour of work, done 
years ago, and amortized to all-but-zero since then.

The bigger problem is the day-to-day mystery of it all.  “Gee, Brain, what 
interface shall we bounce tonight?”  “The same interface we bounce every night: 
enp3s0!”  “But Braaain, it’s been called enp4s0 ever since the mobo 
manufacturer switched to the rev 2 boards!  Narf!”  15 minutes of comic 
violence later, followed by utter failure; then, “So, Brain, what shall we do 
tomorrow night?”  “The same thing we do every night, Pinky: try to bounce the 
first Ethernet NIC!”

>> What if the Fedora project gatewayed the low-traffic development mailing
>> list to this one, so that you don’t even have *that* barrier to
>> participation?  Now ask yourself: what user-visible changes do you expect
>> in the world afterward?
> 
> Why not what was suggested, a summary every month or three? How about
> sending announcements?

Fine, I repeat my question: what user-visible change do you expect to find in 
the world after they do that, given that those receiving only those 
announcements (i.e. those not also watching the Fedora dev lists) will 
contribute precisely *squat* other than complaints?

Once again, soapbox soliloquies don’t compile.

> 
>> People give Poettering a lot of static, but the fact is, he Gets. Stuff.
>> Done.  If you want different stuff done, you’re going to have to make that
>> happen somehow.
> 
> Which a vast number of us strongly opposed

Opposed what, exactly?  Everything Poettering has ever done, or did you have 
something specific in mind?

> but were not listened to.

I took a wild guess that your complaints are about systemd, rather than avahi, 
pulseaudio, or any of the other several dozen projects Lennart Poettering has 
worked on.

I got 210 results from Googling CentOS’s mailing list archive server for your 
email address and “systemd”.  The first one appeared in 2014, *four years* 
after systemd was created, and over three years after it was released as the 
default init system for Fedora.

And that was the *only* post from you on that topic in 2014.  The other 209 
posts were all in 2015, when it was way, way too late to change the decision.

So, in what world do your 2015 wishes for systemd to go away become a change in 
that world?

> who *cares* How Fast a *server* Shuts
> Down? And coming up - hell, damn HP server take for-bloody-*ever* with
> their firmware, init V is faster than their firmware.

We’ve covered this already: the cloud cares.

It’s right there on the front page of https://www.digitalocean.com/  They can 
bring a VM up for you in 55 seconds.  How do you suppose they achieved that?

It isn’t just one company’s marketing slogan.  Rackspace, Amazon, etc., all 
start from a few key premises, one of which is that you can spin a server up 
and down fast enough that you can rent dynamic instant-to-instant slices of the 
host hardware, as opposed to the old VPS or shared hosting models, where the 
finest rental time granularity was a month.

This is a multi-billion dollar business.[1]  You can’t handwave it away as 
unimportant.  Red Hat would have to be fools not to be running hard to grab a 
slice of that pie.


[1]: http://www.bbc.co.uk/news/business-32442268

>> And don’t play the “underfunded government agency” card.  LANL, LLBL,
>> ORNL, NASA, USGS…all have given back lots of code to the open source
>> world.  As well they should, because they derive an awful lot of benefit
>> from that world.
> 
> May be, but my federal agency is at *least* 5% under what we were getting
> in 2003

Sigh…so you go and play the card anyway.

What, you think NASA’s doing great?  Their operating budget was about 1/20 that 
spent on troops’ air conditioning in Iraq and Afghanistan in 2011.[2]

Maybe you think the national labs are flush with cash, here in the post cold 
war era?

Open source works on the stone soup principle: everyone goes hungry when they 
hang onto their gnarled carrots and wrinkled potatoes, but 

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Michael H]

On 10/12/15 10:02, Leon Fauster wrote:
> Am 10.12.2015 um 09:37 schrieb Michael H :
>>
>> I'm trying to disable USB storage devices in Centos7.1.1503.
> 
> on EL6 we use: 
> 
> # cat /etc/modprobe.d/usb-disabled.conf
> install   usb-storage /bin/true
> 
> # depmod -a
I've achieved disabling USB devices and then allowing specific vendors /
products using UDEV rules.

How can I disable PTP automounting without removing the libgphoto2 package?

We are allowing a specific set of usb devices to be used in the company,
one of the things we want to block is any kind of file transfer between
mobile devices and our systems. Unfortunately it's not just a complete
block on devices.

> 
> --
> LF
> 
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] win2008r2 update on centos 6 host made system unbootable

[George Dunlap]

On Wed, Dec 9, 2015 at 8:31 PM, Patrick Bervoets
 wrote:
>
>
> Op 09-12-15 om 14:23 schreef Dennis Jacobfeuerborn:
>>
>> Yes, this is a CentOS 6 Host using regular libvirt based virtualization.
>> The Suse driver is apparently an optional update that gets delivered using
>> the regular Microsoft update mechanism. It's hard to believe that they
>> didn't catch a completely broken driver during QA so my hypothesis is that
>> maybe the new Virtio driver is incompatible only with the older Kernel of
>> CentOS 6 and that this wasn't properly tested. To verify this one could
>> check if the same thing happens on a CentOS 7 Host but at the moment I'm to
>> busy the check this. Regards, Dennis
>
>
> Regrettably Microsoft has picked up the habbit of giving out buggy patches.
> Sysadmins are becoming betatesters.

Well to be fair to Microsoft, the only reason SuSE driver would even
load on RHEL is if the virtio devices running on SuSE look to Windows
sufficiently like the virtio devices running on RHEL.  It's not the
normal thing to have two completely different vendors writing drivers
for nearly identical (yet incompatible) hardware, so it's not terribly
surprising that they didn't start out with checks for this kind of
thing.

 -George
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Xen4CentOS and XSA-142

[George Dunlap]

On Thu, Dec 10, 2015 at 6:49 AM, Sarah Newman  wrote:
> It looks like no XSA-142 patch, which is "libxl fails to honour readonly flag 
> on disks with qemu-xen" has been applied to Xen4CentOS. I assume this
> was on purpose?

No, indeed it wasn't on purpose.  Sorry that it dropped through the cracks.

> If not, I can have someone try adding the original patch from 
> http://xenbits.xen.org/xsa/advisory-142.html and some variant of the commit 
> from
> ef6cb76026628e26e3d1ae53c50ccde1c3c78b1b 
> http://xen.1045712.n5.nabble.com/xen-master-libxl-relax-readonly-check-introduced-by-XSA-142-fix-td5729704.html
>  .

If you could send a pull request to
https://github.com/CentOS-virt7/xen with those two patches imported
into the patchqueue (and give me any feedback on the README which
explains how to do it), that would be awesome.  (Feel free to send a
pull request pointing to a non-github git tree via e-mail as well if
you wish.)

Otherwise I'll try to get to it next week.

 -George
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

[CentOS] CentOS-announce Digest, Vol 130, Issue 3

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2015:2594 Moderate CentOS 6 libpng Security  Update
  (Johnny Hughes)


--

Message: 1
Date: Wed, 9 Dec 2015 14:47:29 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2015:2594 Moderate CentOS 6 libpng
SecurityUpdate
Message-ID: <20151209144729.ga33...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2015:2594 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-2594.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
e4b2fabf9c232b1a84e677df640aceab8b089e72781bec4fcca347d984e581d1  
libpng-1.2.49-2.el6_7.i686.rpm
c3b0f3d20047a8cef357a96171787aaffcf74ae93bb0b0faff1bca3001315586  
libpng-devel-1.2.49-2.el6_7.i686.rpm
c37977232c45d61ad118af010e21d611c4e98403b87ffd76bc645474c8754a2e  
libpng-static-1.2.49-2.el6_7.i686.rpm

x86_64:
e4b2fabf9c232b1a84e677df640aceab8b089e72781bec4fcca347d984e581d1  
libpng-1.2.49-2.el6_7.i686.rpm
0f18ee677b60fe81a24f200cc8db1c9bde26a404cc812e77a73b2bcfd4dd40de  
libpng-1.2.49-2.el6_7.x86_64.rpm
c3b0f3d20047a8cef357a96171787aaffcf74ae93bb0b0faff1bca3001315586  
libpng-devel-1.2.49-2.el6_7.i686.rpm
6e30263282f29b65af97733f7704647e615ff857902ebf87927ba276a5230e3a  
libpng-devel-1.2.49-2.el6_7.x86_64.rpm
8d2cc2d3ed0e4c3d794c847f79d98b63caae912e869ff2f6ada349b1c3c2772e  
libpng-static-1.2.49-2.el6_7.x86_64.rpm

Source:
e756441baabe4038f09eb9dbe4207e83d347f21cbe805eb4956c2cd961a891db  
libpng-1.2.49-2.el6_7.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

___
CentOS-announce mailing list
centos-annou...@centos.org
https://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 130, Issue 3
***
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] VNC on centOS

[Hersh]

Hi,

I have recently installed centOS 7 and trying to start vnc server on it.
Somehow, I am unable to make vncserver working. I have modified iptable
rules and  xstartup file but it did not help.

Has anyone else faced this problem earlier? Any help would be appreciated.

Regards
Hersh
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[Michael H]

yum -y install x11vnc

x11vnc -display :0 -forever -bg

firewall-cmd --add-port=5900/tcp --permanent

You should look into VNC passwords, I use the above command in a shell
script for each user in ~/.kde/Autostart

I believe the viewer I'm using is krdc?

Michael

On 10/12/15 11:49, Hersh wrote:
> Hi,
> 
> I have recently installed centOS 7 and trying to start vnc server on it.
> Somehow, I am unable to make vncserver working. I have modified iptable
> rules and  xstartup file but it did not help.
> 
> Has anyone else faced this problem earlier? Any help would be appreciated.
> 
> Regards
> Hersh
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-es] [Malware] Telsacrypt .VVV -- Remover y recuperar archivos ?

[angel jauregui]

Buen día Lista...

Alguien de aquí ha tenido algún reporte, información o experiencia con el
malware TELSACRIPT ???

Uno de mis clientes ya se le infecto un equipo de computo donde no había
permisos restrictivos para utilizar el equipo y ejecutaron el malware, lo
peor es que (a lo que he ledido) el malware es muy nuevo, muchos antivirus
aun no lo detectan, y esto sin mencionar que los archivos de uso frecuente
como: XLS(x), DOC(x), RTF, MDB, JPG, PNG, PDF, etc los encripta usando
una firma digital que posteriormente el cibercriminal deja UN MENSAJE
invitándolos a *recuperar sus archivos* mediante un pago a este mismo.

En mi caso, a mi cliente le afecto por parte del SOFTWARE que usan para
manejo de toda la empresa, ya que el malware solo encripta los archivos y
carpetas en red que encuentra, mas *los archivos encriptados* no tiene la
capacidad de propagar el malware.

Apenas llevo un día de acercamiento con esto, es muy fácil eliminar el
malware, el problema es *desencriptar los archivos*, a lo cual aun estoy
trabajando en ello.

De entrada *tengo una imagen forense* del disco duro que fue infectado, una
copia del malware y tengo una idea del procedimiento a seguir, pero hasta
no tener avances se los comparto.

Igual ma~ana voy a infectar una maquina virtual y capturar todo el trafico
de salida para ver el Servidor a donde sube el "certificado" que descifra
los encriptados, ver si el certificado se queda en el equipo o lo sube a
alguna parte y tratar de hacer reversa al proceso y conseguir desencriptar
los archivos afectados.

Que opinan de esto ? algún comentario ?

Saludos !

-- 
M.S.I. Angel Haniel Cantu Jauregui.

Celular: (011-52-1)-899-871-17-22
E-Mail: angel.ca...@sie-group.net
Web: http://www.sie-group.net/
Cd. Reynosa Tamaulipas.
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS-es] [Malware] Telsacrypt .VVV -- Remover y recuperar archivos ?

[angel jauregui]

Correccion El Malware usa una firma publica y privada

El 10 de diciembre de 2015, 22:07, angel jauregui 
escribió:

> Buen día Lista...
>
> Alguien de aquí ha tenido algún reporte, información o experiencia con el
> malware TELSACRIPT ???
>
> Uno de mis clientes ya se le infecto un equipo de computo donde no había
> permisos restrictivos para utilizar el equipo y ejecutaron el malware, lo
> peor es que (a lo que he ledido) el malware es muy nuevo, muchos antivirus
> aun no lo detectan, y esto sin mencionar que los archivos de uso frecuente
> como: XLS(x), DOC(x), RTF, MDB, JPG, PNG, PDF, etc los encripta usando
> una firma digital que posteriormente el cibercriminal deja UN MENSAJE
> invitándolos a *recuperar sus archivos* mediante un pago a este mismo.
>
> En mi caso, a mi cliente le afecto por parte del SOFTWARE que usan para
> manejo de toda la empresa, ya que el malware solo encripta los archivos y
> carpetas en red que encuentra, mas *los archivos encriptados* no tiene la
> capacidad de propagar el malware.
>
> Apenas llevo un día de acercamiento con esto, es muy fácil eliminar el
> malware, el problema es *desencriptar los archivos*, a lo cual aun estoy
> trabajando en ello.
>
> De entrada *tengo una imagen forense* del disco duro que fue infectado,
> una copia del malware y tengo una idea del procedimiento a seguir, pero
> hasta no tener avances se los comparto.
>
> Igual ma~ana voy a infectar una maquina virtual y capturar todo el trafico
> de salida para ver el Servidor a donde sube el "certificado" que descifra
> los encriptados, ver si el certificado se queda en el equipo o lo sube a
> alguna parte y tratar de hacer reversa al proceso y conseguir desencriptar
> los archivos afectados.
>
> Que opinan de esto ? algún comentario ?
>
> Saludos !
>
> --
> M.S.I. Angel Haniel Cantu Jauregui.
>
> Celular: (011-52-1)-899-871-17-22
> E-Mail: angel.ca...@sie-group.net
> Web: http://www.sie-group.net/
> Cd. Reynosa Tamaulipas.
>



-- 
M.S.I. Angel Haniel Cantu Jauregui.

Celular: (011-52-1)-899-871-17-22
E-Mail: angel.ca...@sie-group.net
Web: http://www.sie-group.net/
Cd. Reynosa Tamaulipas.
___
CentOS-es mailing list
CentOS-es@centos.org
https://lists.centos.org/mailman/listinfo/centos-es

Re: [CentOS] VNC on centOS

[John Stanley]

On Thu, 2015-12-10 at 18:11 -0500, Jonathan Billings wrote:
> On Dec 10, 2015, at 5:15 PM, John Stanley  wrote:
> > Privide the BZ Link please?
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=1283925
> 
> Not my bug, but the fix is there.

thanks

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[Giovanni Piñeros]

Hi

You can keep this manual... Is very complete.

 https://www.howtoforge.com/vnc-server-installation-on-centos-7

2015-12-10 7:10 GMT-05:00 Michael H :

> yum -y install x11vnc
>
> x11vnc -display :0 -forever -bg
>
> firewall-cmd --add-port=5900/tcp --permanent
>
> You should look into VNC passwords, I use the above command in a shell
> script for each user in ~/.kde/Autostart
>
> I believe the viewer I'm using is krdc?
>
> Michael
>
> On 10/12/15 11:49, Hersh wrote:
> > Hi,
> >
> > I have recently installed centOS 7 and trying to start vnc server on it.
> > Somehow, I am unable to make vncserver working. I have modified iptable
> > rules and  xstartup file but it did not help.
> >
> > Has anyone else faced this problem earlier? Any help would be
> appreciated.
> >
> > Regards
> > Hersh
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinfo/centos
> >
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



-- 


--
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[Jonathan Billings]

On Thu, Dec 10, 2015 at 05:19:11PM +0530, Hersh wrote:
> I have recently installed centOS 7 and trying to start vnc server on it.
> Somehow, I am unable to make vncserver working. I have modified iptable
> rules and  xstartup file but it did not help.
> 
> Has anyone else faced this problem earlier? Any help would be appreciated.

If you're running Xvnc -inetd out of xinetd or systemd sockets, the
updates of TigerVNC in 7.2 (CR) break it.  I've got an open bug with
Red Hat about it, and a fix is on the way.

-- 
Jonathan Billings 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[Gordon Messmer]

On 12/10/2015 08:33 AM, James Hogarth wrote:

Are you using a static ipv6, dhcp ipv6 or SLAAC ipv6 configuration?


If I may add one more question: What type of IPv6 router are you using?
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS-virt] Differences between pc and q35

[C.L. Martinez]

Hi all,

 What are the differences between pc and q35?? By default, 
virt-manager+libvirt setups kvm guest machine as a pc-i440fx-rhel7.1.0.


[hicheck@ckvm015 ~]$ /usr/libexec/qemu-kvm -machine ?
Supported machines are:
pc   RHEL 7.1.0 PC (i440FX + PIIX, 1996) (alias of 
pc-i440fx-rhel7.1.0)

pc-i440fx-rhel7.1.0  RHEL 7.1.0 PC (i440FX + PIIX, 1996) (default)
pc-i440fx-rhel7.0.0  RHEL 7.0.0 PC (i440FX + PIIX, 1996)
rhel6.6.0RHEL 6.6.0 PC
rhel6.5.0RHEL 6.5.0 PC
rhel6.4.0RHEL 6.4.0 PC
rhel6.3.0RHEL 6.3.0 PC
rhel6.2.0RHEL 6.2.0 PC
rhel6.1.0RHEL 6.1.0 PC
rhel6.0.0RHEL 6.0.0 PC
q35  RHEL-7.1.0 PC (Q35 + ICH9, 2009) (alias of 
pc-q35-rhel7.1.0)

pc-q35-rhel7.1.0 RHEL-7.1.0 PC (Q35 + ICH9, 2009)
pc-q35-rhel7.0.0 RHEL-7.0.0 PC (Q35 + ICH9, 2009)
none empty machine

But according to this, q35 is more new virtual hardware. Why??
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] when RedHat makes patches for only some versions

[Noam Bernstein]

> On Dec 10, 2015, at 10:40 AM, Leon Fauster  wrote:
> 
> Am 10.12.2015 um 16:16 schrieb Noam Bernstein :
>> I guess this is really a RedHat, not CentOS question, but I’m hoping that 
>> someone here will be familiar enough with the upstream policy to have some 
>> useful information.
>> 
>> How does RedHat decide which versions to release patches for, e.g. 
>> https://access.redhat.com/security/cve/CVE-2015-7613 
>>  which has only a RH7 
>> erratum, not 6?  And are they likely to eventually release a fix for this 
>> type of issue for RH6?
> 
> Generally defined by the production phases:  
> https://access.redhat.com/support/policy/updates/errata/
> 
> It explains not all but at least the big picture …

That’s useful, thanks.  

It does seem to indicate that RH6 is still in production 1, with security and 
bug fix errata being released.  So does that mean that I can expect RH to 
eventually release a fix for this CVE, but they just haven’t gotten around to 
it yet?


Noam

---
Noam Bernstein
Center for Materials Physics and Technology
Naval Research Laboratory Code 6390

noam.bernst...@nrl.navy.mil
phone: 202 404 8628

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Leon Fauster]

Am 10.12.2015 um 11:11 schrieb Michael H :
> 
> 
> On 10/12/15 10:02, Leon Fauster wrote:
>> Am 10.12.2015 um 09:37 schrieb Michael H :
>>> 
>>> I'm trying to disable USB storage devices in Centos7.1.1503.
>> 
>> on EL6 we use: 
>> 
>> # cat /etc/modprobe.d/usb-disabled.conf
>> install  usb-storage /bin/true
>> 
>> # depmod -a
> I've achieved disabling USB devices and then allowing specific vendors /
> products using UDEV rules.
> 
> How can I disable PTP automounting without removing the libgphoto2 package?
> 
> We are allowing a specific set of usb devices to be used in the company,
> one of the things we want to block is any kind of file transfer between
> mobile devices and our systems. Unfortunately it's not just a complete
> block on devices.



A legitimately approach but from a security point of view its not the best one.
No authentication, no authorization mechanism and USB IDs can be forgeable. 

--
LF


 

 

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] when RedHat makes patches for only some versions

[Eero Volotinen]

Maybe or maybe not.

Redhat support policy is a bit intresting..

--
Eero

2015-12-10 17:47 GMT+02:00 Noam Bernstein :

> > On Dec 10, 2015, at 10:40 AM, Leon Fauster 
> wrote:
> >
> > Am 10.12.2015 um 16:16 schrieb Noam Bernstein <
> noam.bernst...@nrl.navy.mil>:
> >> I guess this is really a RedHat, not CentOS question, but I’m hoping
> that someone here will be familiar enough with the upstream policy to have
> some useful information.
> >>
> >> How does RedHat decide which versions to release patches for, e.g.
> https://access.redhat.com/security/cve/CVE-2015-7613 <
> https://access.redhat.com/security/cve/CVE-2015-7613> which has only a
> RH7 erratum, not 6?  And are they likely to eventually release a fix for
> this type of issue for RH6?
> >
> > Generally defined by the production phases:
> > https://access.redhat.com/support/policy/updates/errata/
> >
> > It explains not all but at least the big picture …
>
> That’s useful, thanks.
>
> It does seem to indicate that RH6 is still in production 1, with security
> and bug fix errata being released.  So does that mean that I can expect RH
> to eventually release a fix for this CVE, but they just haven’t gotten
> around to it yet?
>
>
>   Noam
>
> ---
> Noam Bernstein
> Center for Materials Physics and Technology
> Naval Research Laboratory Code 6390
>
> noam.bernst...@nrl.navy.mil
> phone: 202 404 8628
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Michael H]

Please read my entire post! I need to allow specific devices, I am
trying to combat PTP mounting. not completely disable all USB devices.

On 10/12/15 15:17, Wes James wrote:
> 
>> On Dec 10, 2015, at 1:37 AM, Michael H  wrote:
>>
>> Hi,
>> Posting this again as it has been drowned. can anybody assist?
>>
>>
>> --
>>
>> Hi All,
>>
>> I'm trying to disable USB storage devices in Centos7.1.1503.
>>
> 
> 
> 
> I did a google search on “disable usb storage centos 7” and came up with 
> this.  Don’t know if it helps:
> 
> https://unixserveradmin.wordpress.com/2012/12/08/how-to-stop-usb-mass-storage-device-in-rhelcentos/
>  
> 
> 
> -wes
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Lamar Owen]

On 12/10/2015 10:21 AM, James B. Byrne wrote:

Since the import of what I was trying to convey has been lost,  no
doubt due to my poor choice of words, I will restate the obvious: If
the bulk of the developers working on Fedora use laptops as their
platform then, inevitably, Fedora will become in essence a laptop
distribution and RHEL will follow.  Talking about the server community
monitoring the Fedora development channel once every six months, or
every day for that matter, is simply not going to change this.


As Matthew said, there is a Fedora _server_ community already.  Not all 
Fedora devs are running laptops; but a laptop is one target, just as a 
server is another.  I've said it before and I'll say it again: 
Enterprise != Server.  I need an Enterprise distribution for my 
workstation needs, on a laptop.  Dell has been supporting RHEL on their 
Precision Mobile Workstations (aka 'high end laptops') for years; and 
there is a definite market segment for that use.



A server based distro to us has certain characteristics that are
orientated to long running processes and system uptimes measured in
months if not years.  I have given up counting how many times I have
to reboot all of our CentOS servers in the past year because of
updates.


There is no single 'server-oriented' way of doing things; different 
servers have different requirements, and CentOS already gets poked on by 
those who think version number is a good indicator of how up to date a 
piece of software is for security and/or bugfix purposes. Owncloud, for 
instance, is server software, but it needs a far more up-to-date PHP 
than the default in CentOS 6 (Software Collections to the rescue).



On the other hand I have this task running on a different server with
a different OS:

Priority = DS; Inpri = 8; Time = UNLIMITED seconds.
Job number = #j3719.
TUE, NOV  4, 2014,  2:04 PM.


And I have a Cisco 7401 running a different OS (IOS, of course) with the 
following uptime (and other details.):

..
colo-7400-2 uptime is 6 years, 43 weeks, 3 days, 14 hours, 13 minutes
System returned to ROM by reload at 00:40:17 UTC Tue Feb 10 2009
System restarted at 00:43:11 UTC Tue Feb 10 2009
...
Cisco 7401ASR (NSE) processor (revision A) with 491520K/32768K bytes of 
memory.

Processor board ID 74993065
R7000 CPU at 375MHz, Implementation 39, Rev 3.3, 256KB L2 Cache
1 slot ASR midplane, Version 2.0

Last reset from power-on
PXF processor tmc 'system:pxf/ucode0' is running ( v1.1 ).
2 Gigabit Ethernet interfaces
509K bytes of NVRAM.
..

But uptime isn't everything.  That router would not have been up that 
long if there was a more updated IOS available for it (I am running the 
last security update available from Cisco's TAC for that box, and it is 
way out of support, but it's in a 'sheltered' position and works fine 
for what it is doing).


Certain updates require a reboot; without ksplice or similar technology 
it will always be that way for the kernel.  Certain glibc updates are 
similar.



What we need is simplicity, stability, reliability, and consistency.
What seems to be happening instead is feature-creep, software-bloat
and increased coupling.
Many share your needs; at this point in time, CentOS 6 is in that form 
of maintenance mode.  CentOS 7 is still in a 'can get new features' mode 
(this due entirely to upstream's model).  If you need something in a 
stable mode today, use C6.  C7 will get there in a few releases.


The footprint of the needs met by a general-purpose Enterprise Linux 
distribution is getting larger, not smaller, and the software needed to 
meet all of these needs is necessarily not as simple as it once was.  
Now, niche distributions can be a bit more simple, but they will not 
have as broad of a footprint as the general-purpose ones. CentOS, and 
its upstream, is a general-purpose Enterprise (and Enterprise != Server) 
OS where one of the many use cases is as a traditional server.


Other use cases exist, and are targeted by upstream as being valuable 
market segments.  That includes the Dell Precision Mobile Workstation 
line of high-end laptops (like my 2010-vintage M6500), as well as the 
Precision Workstation desktops and the PowerEdge servers, all of which 
can be ordered from Dell with a fully-supported RHEL factory-installed.  
But there is also the virtualization market and the lightweight 
containers ('cloud') market.  And now there is the IoT market, and those 
are almost entirely ARM-based systems.  Perhaps a 'tablet' market for 
Enterprise Linux will come into play; at the moment the Linux 
penetration here is mostly Android, with some niche traditional Linux 
distributions filling certain needs (like Kali Linux for things like the 
Pwnie Express Pwn Pad).


___

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Michael H]

On 10/12/15 15:49, Leon Fauster wrote:
> Am 10.12.2015 um 11:11 schrieb Michael H :
>>
>>
>> On 10/12/15 10:02, Leon Fauster wrote:
>>> Am 10.12.2015 um 09:37 schrieb Michael H :

 I'm trying to disable USB storage devices in Centos7.1.1503.
>>>
>>> on EL6 we use: 
>>>
>>> # cat /etc/modprobe.d/usb-disabled.conf
>>> install usb-storage /bin/true
>>>
>>> # depmod -a
>> I've achieved disabling USB devices and then allowing specific vendors /
>> products using UDEV rules.
>>
>> How can I disable PTP automounting without removing the libgphoto2 package?
>>
>> We are allowing a specific set of usb devices to be used in the company,
>> one of the things we want to block is any kind of file transfer between
>> mobile devices and our systems. Unfortunately it's not just a complete
>> block on devices.
> 
> 
> 
> A legitimately approach but from a security point of view its not the best 
> one.
> No authentication, no authorization mechanism and USB IDs can be forgeable.

We are simply trying to block people who are unaware their phone may be
compromised. We understand that if someone puts their mind to it they
will still be able to get past the udev rules but it's a good starting
point.

any clues on disabling PTP (photo transfer protocol) without removing
the libgphoto2 package?

thanks



> 
> --
> LF
> 
> 
>  
> 
>  
> 
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
> 
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] VNC on centOS

[Hersh]

Thanks everyone. I was able to install VNC and get it working.

On 11 December 2015 at 04:41, Jonathan Billings  wrote:

> On Dec 10, 2015, at 5:15 PM, John Stanley  wrote:
> > Privide the BZ Link please?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1283925
>
> Not my bug, but the fix is there.
>
> --
> Jonathan Billings 
>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] when RedHat makes patches for only some versions

[Noam Bernstein]

I guess this is really a RedHat, not CentOS question, but I’m hoping that 
someone here will be familiar enough with the upstream policy to have some 
useful information.

How does RedHat decide which versions to release patches for, e.g. 
https://access.redhat.com/security/cve/CVE-2015-7613 
 which has only a RH7 
erratum, not 6?  And are they likely to eventually release a fix for this type 
of issue for RH6?

thanks,
Noam
---
Noam Bernstein
Center for Materials Physics and Technology
Naval Research Laboratory Code 6390

noam.bernst...@nrl.navy.mil
phone: 202 404 8628

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Wes James]

> On Dec 10, 2015, at 1:37 AM, Michael H  wrote:
> 
> Hi,
> Posting this again as it has been drowned. can anybody assist?
> 
> 
> --
> 
> Hi All,
> 
> I'm trying to disable USB storage devices in Centos7.1.1503.
> 



I did a google search on “disable usb storage centos 7” and came up with this.  
Don’t know if it helps:

https://unixserveradmin.wordpress.com/2012/12/08/how-to-stop-usb-mass-storage-device-in-rhelcentos/
 


-wes
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[James B. Byrne]

On Wed, December 9, 2015 16:50, James Hogarth wrote:
> On 9 Dec 2015 9:07 p.m., "Lamar Owen"  wrote:
>>
>
>> No, it seems to me that a suitably motivated CentOS user needs to
>> scratch this itch; and, no, I am not volunteering, as I've
>> followed Fedora before..and just simply cannot give the
>> time to it at this point in time in my life.
>>
>
> 
>
>>
>> So who wants to be the CentOS-Users to Fedora liaison, likely to be
>> one of the most thankless jobs on the planet?
>>
>>
>
> I'm an active Fedora packager and yet I dare say Mark would hate me as
> liaison for I find the changes in EL7 most refreshing and look forward
> to bring able to make better use of them in due course ;)
>
> But I really do question whether someone in this industry is really
> not able to spend 30 minutes or so every six months checking changes
> for anything interesting.
>
> And frankly if one isn't willing to get either get a subscription and
> feedback as a paying customer or to get involved with the upstream
> sources then no one does not have say in direction and one shouldn't
> be surprised by that.
>
> If it was a democracy with a vote on every possible choice then we'd
> never get anywhere given the time to carry out such a survey and the
> vast differences in opinions.
>
> No, as the Debian folks say it is a meritocracy instead and those
> who get stuck in and actively discuss at the right time provide
> the influence on what happens next.
>

Since the import of what I was trying to convey has been lost,  no
doubt due to my poor choice of words, I will restate the obvious: If
the bulk of the developers working on Fedora use laptops as their
platform then, inevitably, Fedora will become in essence a laptop
distribution and RHEL will follow.  Talking about the server community
monitoring the Fedora development channel once every six months, or
every day for that matter, is simply not going to change this.

A handful of voices representing server installations, who by
definition are not development types, has no hope of dealing with the
incremental changes introduced every day by hundreds of people that
use laptops as their primary development platform and all of whom have
their own 'itch' to scratch.  That is just the way it is in open
source.  The choice to go to Fedora for RHEL development was a
commitment to the laptop environment, whether consciously made or not.
And it is not in the control of RH to dictate this.  If the Fedora
developers take up tablets en masse then guess what?: We will end up
with a tablet distribution.

The OS distro we get is the consequence of the culture and environment
predominant in the development community.  This is neither good nor
bad.  It just is.  Our firm has specific requirements which to date
have been more than adequately met by RHEL and CentOS.  But that seems
to us to be changing in ways that no longer meet our expectations from
a server based distro.

A server based distro to us has certain characteristics that are
orientated to long running processes and system uptimes measured in
months if not years.  I have given up counting how many times I have
to reboot all of our CentOS servers in the past year because of
updates.

On the other hand I have this task running on a different server with
a different OS:

   Priority = DS; Inpri = 8; Time = UNLIMITED seconds.
   Job number = #j3719.
   TUE, NOV  4, 2014,  2:04 PM.

We do not need plug-and-play; or usb hot-swapping; or hibernation; or
screen savers; or audio-video players; or power optimisation.  All of
which are worthy things in their own right and certainly have their
place in computing.  While these occasionally have proved convenient
for me none are really necessary for a server host and their presence
undoubtedly significantly increases the complexity and maintenance
burden of the distribution.

What we need is simplicity, stability, reliability, and consistency. 
What seems to be happening instead is feature-creep, software-bloat
and increased coupling.

And lest I be accused of 'wingeing' from the sideline I have been
contributing to Open Source in a modest way since 1995, starting with
Sendmail-8.7 on HP-UX.  I just have limited time to give over to these
things. The selection of RHEL for our primary platform was, in large
part, to reduce the resources given over to managing the software.  It
would be ironic in the extreme were the reverse prove the case.

-- 
***  e-Mail is NOT a SECURE channel  ***
Do NOT transmit sensitive data via e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS 7, NetworkMangler, and ipv6

[m . roth]

We've started having a problem with a CentOS 7 server. It looses its IPv6
address, if I understand this issue correctly. We can get in, if we do ssh
-4, though.

In the logs, I'm seeing this about twice an hour:
  (pid 98466) unhandled DHCP event for interface ens3f0

Now, in googling, I get very few hits putting quotes around "unhanded dhcp
exception" - in fact, the only one I found that seemed to talk about it
was from someone's slackware box, where there was some sort of
configuration, perhaps similar to ifcfg-, and they were telling that
person to remove it, because it conflicted with what Networkmanager was
trying to do, leaving it in a confused state.

Any thoughts?

   mark

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] wifi on servers and fedora [was Re: 7.2 kernel panic on boot]

[Matthew Miller]

On Thu, Dec 10, 2015 at 10:21:56AM -0500, James B. Byrne wrote:
> Since the import of what I was trying to convey has been lost,  no
> doubt due to my poor choice of words, I will restate the obvious: If
> the bulk of the developers working on Fedora use laptops as their
> platform then, inevitably, Fedora will become in essence a laptop
> distribution and RHEL will follow.  Talking about the server community
> monitoring the Fedora development channel once every six months, or
> every day for that matter, is simply not going to change this.

But this isn't the case, so it's not really a very productive line of
speculation. We _have_ a server community around Fedora, both
developers and users.

> source.  The choice to go to Fedora for RHEL development was a
> commitment to the laptop environment, whether consciously made or not.

This does not match history nor the current situation.

-- 
Matthew Miller

Fedora Project Leader
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] when RedHat makes patches for only some versions

[Leon Fauster]

Am 10.12.2015 um 16:16 schrieb Noam Bernstein :
> I guess this is really a RedHat, not CentOS question, but I’m hoping that 
> someone here will be familiar enough with the upstream policy to have some 
> useful information.
> 
> How does RedHat decide which versions to release patches for, e.g. 
> https://access.redhat.com/security/cve/CVE-2015-7613 
>  which has only a RH7 
> erratum, not 6?  And are they likely to eventually release a fix for this 
> type of issue for RH6?



Generally defined by the production phases:  
https://access.redhat.com/support/policy/updates/errata/

It explains not all but at least the big picture ...

--
LF

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] USB devices - libgphoto2 - PTP - hplip

[Leon Fauster]

Am 10.12.2015 um 17:02 schrieb Michael H :
> 
> On 10/12/15 15:49, Leon Fauster wrote:
>> Am 10.12.2015 um 11:11 schrieb Michael H :
>>> 
>>> 
>>> On 10/12/15 10:02, Leon Fauster wrote:
>>> I've achieved disabling USB devices and then allowing specific vendors /
>>> products using UDEV rules.
>>> 
>>> How can I disable PTP automounting without removing the libgphoto2 package?
>>> 
>>> We are allowing a specific set of usb devices to be used in the company,
>>> one of the things we want to block is any kind of file transfer between
>>> mobile devices and our systems. Unfortunately it's not just a complete
>>> block on devices.
>> 
>> 
>> 
>> A legitimately approach but from a security point of view its not the best 
>> one.
>> No authentication, no authorization mechanism and USB IDs can be forgeable.
> 
> We are simply trying to block people who are unaware their phone may be
> compromised. We understand that if someone puts their mind to it they
> will still be able to get past the udev rules but it's a good starting
> point.
> 
> any clues on disabling PTP (photo transfer protocol) without removing
> the libgphoto2 package?


I have not handled such scenario but I would take a closer 
look at that functionality; like these files of libgphoto2 (EL6)

/usr/lib64/libgphoto2/2.4.7/ptp2.so
/usr/lib64/libgphoto2_port/0.8.0/ptpip.so
/usr/lib64/udev/check-ptp-camera

/usr/lib64/udev/check-mtp-device
/usr/lib64/udev/check-ptp-camera
/lib/udev/rules.d/40-libgphoto2.rules

the former ones looks like "plugins" for libgphoto2
the latter ones seems to control such functionality

your solution should be repackaged or enforced on 
every libgphoto2 update ...


--
LF


 

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] CentOS 7, NetworkMangler, and ipv6

[James Hogarth]

On 10 December 2015 at 15:00,  wrote:

> We've started having a problem with a CentOS 7 server. It looses its IPv6
> address, if I understand this issue correctly. We can get in, if we do ssh
> -4, though.
>
> In the logs, I'm seeing this about twice an hour:
>   (pid 98466) unhandled DHCP event for interface ens3f0
>
> Now, in googling, I get very few hits putting quotes around "unhanded dhcp
> exception" - in fact, the only one I found that seemed to talk about it
> was from someone's slackware box, where there was some sort of
> configuration, perhaps similar to ifcfg-, and they were telling that
> person to remove it, because it conflicted with what Networkmanager was
> trying to do, leaving it in a confused state.
>
> Any thoughts?
>
>
>

Well there's not much to go on here so you're going to have to provide more
detail ...

Does the system lose all ipv6 connectivity (is the fe80:: address
uncontactable for instance)

Does ip addr sh still show the expected global IPv6 address and it's just
not responding?

Are you using a static ipv6, dhcp ipv6 or SLAAC ipv6 configuration?

Does nmcli c sh  still have NM thinking there is an address or
does that show it as gone as well?

Start with those in mind as initial questions for diagnostics...
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos