Re: [CentOS] Want to create custom iso
On Monday, March 17, 2014 6:41 PM, Anant anant.saras...@techblue.co.uk wrote: Hello All, I want to make custom iso of Centos 6.4 and want some feature in it by default Take a look here http://smorgasbork.com/component/content/article/35-linux/128-building-a-custom-centos-6-kickstart-disc-part-1or odesk.com ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install from cdrom and Update repo
I suspect that you are using a 6.4 iso and 6.5/updates from your kernel version in your previous emails. Tru -- Tru Huynh (mirrors, CentOS i386/x86_64 Package Maintenance) http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0xBEFA581B ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos It works with Centos Minimal, but not with DVD1. I use this image http://ftp.ines.lug.ro/centos/6.5/isos/x86_64/CentOS-6.5-x86_64-bin-DVD1.iso pgp2GVilTidiq.pgp Description: PGP signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install from cdrom and Update repo
There is no information about any file or process. Only for authentication and netfilter. # ausearch -m avc no matches On Saturday, March 15, 2014 12:09 PM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2014 05:24 PM, Eero Volotinen wrote: Please provide complete kickstart, not just a snippet of it. 14.3.2014 22.47 kirjoitti EljiUdia eljiu...@yahoo.com: Hi, I have make a kickstart file to automate the installation from cdrom and another repo. The kickstart snippet looks like install graphical cdrom repo --name=Updates --baseurl= http://mirror.centos.org/centos/6.5/updates/x86_64/; --cost=98 selinux --enforcing After installation, system boots but kernel crash with the message Kernel Panic - not syncing: Attempted to kill init! Pid: 1 comm: init Not tainted 2.6.32-358.6.2.e16.x86_64 #1 Call Trace: [] ? panic+0xs7/0x16f [] ? do_exit+0x862/0x870 [] ? fput+0x25/0x30 [] ? do_group_exit+0x58/0xd0 [] ? sys_exit_group+0x17/0x20 [] ? system_call_fastpath+0x16/0x1b I found a solution on the web, but nobody tell why it happens. If selinux is disabled, it works. The append of this lines in kickstart has no positive effects. %post --log=/root/postinstall.log /sbin/restorecon -R -v / %end Some ideas? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Boot the machine in permissive mode enforcing=0 on the kernel command line, THen see what AVC's you are getting. ausearch -m avc -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMkJsMACgkQrlYvE4MpobOA0wCdHlOI7He9fMbpfc2AbEXpTlQJ vvYAn3ekfifF181Vt7F4T6R+Gc7jz1HQ =Zkpr -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install from cdrom and Update repo
Moving forward, I have found that some packages are installed before other which depends on them. By example, rsyslog requires command touch , but package containing this command(coreutils) is installed after the rsyslog. Selinux-policy-target is one of them Installing rsyslog-5.8.10-8.el6.x86_64 /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found warning: %post(rsyslog-5.8.10-8.el6.x86_64) scriptlet failed, exit status 127 And is not the only one. On Saturday, March 15, 2014 1:21 PM, EljiUdia eljiu...@yahoo.com wrote: There is no information about any file or process. Only for authentication and netfilter. # ausearch -m avc no matches On Saturday, March 15, 2014 12:09 PM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2014 05:24 PM, Eero Volotinen wrote: Please provide complete kickstart, not just a snippet of it. 14.3.2014 22.47 kirjoitti EljiUdia eljiu...@yahoo.com: Hi, I have make a kickstart file to automate the installation from cdrom and another repo. The kickstart snippet looks like install graphical cdrom repo --name=Updates --baseurl= http://mirror.centos.org/centos/6.5/updates/x86_64/; --cost=98 selinux --enforcing After installation, system boots but kernel crash with the message Kernel Panic - not syncing: Attempted to kill init! Pid: 1 comm: init Not tainted 2.6.32-358.6.2.e16.x86_64 #1 Call Trace: [] ? panic+0xs7/0x16f [] ? do_exit+0x862/0x870 [] ? fput+0x25/0x30 [] ? do_group_exit+0x58/0xd0 [] ? sys_exit_group+0x17/0x20 [] ? system_call_fastpath+0x16/0x1b I found a solution on the web, but nobody tell why it happens. If selinux is disabled, it works. The append of this lines in kickstart has no positive effects. %post --log=/root/postinstall.log /sbin/restorecon -R -v / %end Some ideas? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos Boot the machine in permissive mode enforcing=0 on the kernel command line, THen see what AVC's you are getting. ausearch -m avc -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlMkJsMACgkQrlYvE4MpobOA0wCdHlOI7He9fMbpfc2AbEXpTlQJ vvYAn3ekfifF181Vt7F4T6R+Gc7jz1HQ =Zkpr -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install from cdrom and Update repo
Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On , EljiUdia eljiu...@yahoo.com wrote: Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On Saturday, March 15, 2014 4:24 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 15.03.2014 15:20, schrieb EljiUdia: Moving forward, I have found that some packages are installed before other which depends on them. By example, rsyslog requires command touch , but package containing this command(coreutils) is installed after the rsyslog. Selinux-policy-target is one of them Installing rsyslog-5.8.10-8.el6.x86_64 /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found warning: %post(rsyslog-5.8.10-8.el6.x86_64) scriptlet failed, exit status 127 And is not the only one how do you manage to install a system without coreutils? this would be a completly broken setup from the first second look at what *essential* commands it provides [root@openvas:~]$ rpm -q --filesbypkg coreutils | grep /bin coreutils /bin/arch coreutils /bin/basename coreutils /bin/cat coreutils /bin/chgrp coreutils /bin/chmod coreutils /bin/chown coreutils /bin/cp coreutils /bin/cut coreutils /bin/date coreutils /bin/dd coreutils /bin/df coreutils /bin/echo coreutils /bin/env coreutils /bin/false coreutils /bin/link coreutils /bin/ln coreutils /bin/ls coreutils /bin/mkdir coreutils /bin/mknod coreutils /bin/mktemp coreutils /bin/mv coreutils /bin/nice coreutils /bin/pwd coreutils /bin/readlink coreutils /bin/rm coreutils /bin/rmdir coreutils /bin/sleep coreutils /bin/sort coreutils /bin/stty coreutils /bin/su coreutils /bin/sync coreutils /bin/touch coreutils /bin/true coreutils /bin/uname coreutils /bin/unlink coreutils /usr/bin/[ coreutils /usr/bin/base64 coreutils /usr/bin/chcon coreutils /usr/bin/cksum coreutils /usr/bin/comm coreutils /usr/bin/csplit coreutils /usr/bin/cut coreutils /usr/bin/dir coreutils /usr/bin/dircolors coreutils /usr/bin/dirname coreutils /usr/bin/du coreutils /usr/bin/env coreutils /usr/bin/expand coreutils /usr/bin/expr coreutils /usr/bin/factor coreutils /usr/bin/fmt coreutils /usr/bin/fold coreutils /usr/bin/groups coreutils /usr/bin/head coreutils /usr/bin/hostid coreutils /usr/bin/id coreutils /usr/bin/install coreutils /usr/bin/join coreutils /usr/bin/logname coreutils /usr/bin/md5sum coreutils /usr/bin/mkfifo coreutils /usr/bin/nl coreutils /usr/bin/nohup coreutils /usr/bin/nproc coreutils /usr/bin/od coreutils /usr/bin/paste coreutils /usr/bin/pathchk coreutils /usr/bin/pinky coreutils /usr/bin/pr coreutils /usr/bin/printenv coreutils /usr/bin/printf coreutils /usr/bin/ptx coreutils /usr/bin/readlink coreutils /usr/bin/runcon coreutils /usr/bin/seq coreutils /usr/bin/sha1sum coreutils /usr/bin/sha224sum coreutils /usr/bin/sha256sum coreutils /usr/bin/sha384sum coreutils /usr/bin/sha512sum coreutils /usr/bin/shred coreutils /usr/bin/shuf coreutils /usr/bin/split coreutils /usr/bin/stat coreutils /usr/bin/stdbuf coreutils /usr/bin/sum coreutils /usr/bin/tac coreutils
Re: [CentOS] Install from cdrom and Update repo
Why it works if I install from URL, not cdrom ? With the same kickstart file On Saturday, March 15, 2014 4:40 PM, Eero Volotinen eero.voloti...@iki.fi wrote: well, your kickstart is broken: see line: %packages --nobase -- Eero 2014-03-15 16:33 GMT+02:00 EljiUdia eljiu...@yahoo.com: Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On , EljiUdia eljiu...@yahoo.com wrote: Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On Saturday, March 15, 2014 4:24 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 15.03.2014 15:20, schrieb EljiUdia: Moving forward, I have found that some packages are installed before other which depends on them. By example, rsyslog requires command touch , but package containing this command(coreutils) is installed after the rsyslog. Selinux-policy-target is one of them Installing rsyslog-5.8.10-8.el6.x86_64 /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found warning: %post(rsyslog-5.8.10-8.el6.x86_64) scriptlet failed, exit status 127 And is not the only one how do you manage to install a system without coreutils? this would be a completly broken setup from the first second look at what *essential* commands it provides [root@openvas:~]$ rpm -q --filesbypkg coreutils | grep /bin coreutils /bin/arch coreutils /bin/basename coreutils /bin/cat coreutils /bin/chgrp coreutils /bin/chmod coreutils /bin/chown coreutils /bin/cp coreutils /bin/cut coreutils /bin/date coreutils /bin/dd coreutils /bin/df coreutils /bin/echo coreutils /bin/env coreutils /bin/false coreutils /bin/link coreutils /bin/ln coreutils /bin/ls coreutils /bin/mkdir coreutils /bin/mknod coreutils /bin/mktemp coreutils /bin/mv coreutils /bin/nice coreutils /bin/pwd coreutils /bin/readlink coreutils /bin/rm coreutils /bin/rmdir coreutils /bin/sleep coreutils /bin/sort coreutils /bin/stty coreutils /bin/su coreutils /bin/sync coreutils /bin/touch coreutils /bin/true coreutils /bin/uname coreutils /bin/unlink coreutils /usr/bin/[ coreutils /usr/bin/base64 coreutils /usr/bin/chcon coreutils /usr/bin/cksum coreutils /usr/bin/comm coreutils /usr/bin/csplit coreutils /usr/bin/cut coreutils /usr/bin/dir coreutils /usr/bin/dircolors coreutils /usr/bin/dirname coreutils /usr/bin/du coreutils /usr/bin/env coreutils /usr/bin/expand coreutils /usr/bin/expr coreutils /usr/bin/factor coreutils /usr/bin/fmt coreutils /usr/bin/fold coreutils /usr/bin/groups coreutils /usr/bin/head coreutils /usr/bin/hostid coreutils /usr/bin/id coreutils /usr/bin/install coreutils /usr/bin/join coreutils /usr/bin/logname coreutils /usr/bin/md5sum coreutils /usr/bin/mkfifo coreutils /usr/bin/nl coreutils /usr/bin/nohup coreutils /usr/bin/nproc coreutils /usr/bin/od coreutils /usr/bin/paste coreutils /usr/bin/pathchk coreutils /usr/bin/pinky coreutils /usr/bin/pr coreutils /usr/bin/printenv coreutils /usr/bin/printf coreutils /usr/bin/ptx coreutils /usr/bin/readlink coreutils /usr/bin/runcon coreutils /usr/bin/seq coreutils /usr/bin/sha1sum coreutils /usr/bin/sha224sum coreutils /usr/bin/sha256sum coreutils /usr/bin/sha384sum coreutils
Re: [CentOS] Install from cdrom and Update repo
I expose my supposition, wherewith I try to close this thread.. The /root/install.log contains the installed package in order to installed moments. The first remark is the packages from update are install the last. Begining to coreutils package, all following packages belong to update repository. An example from install.log file: Installing rt73usb-firmware-1.8-7.el6.noarch Installing ipw2100-firmware-1.3-11.el6.noarch Installing ql23xx-firmware-3.03.27-3.1.el6.noarch Installing ipw2200-firmware-3.1-4.el6.noarch Installing rootfiles-8.1-6.1.el6.noarch Installing coreutils-libs-8.4-31.el6_5.1.x86_64 Installing coreutils-8.4-31.el6_5.1.x86_64 Installing nspr-4.10.2-1.el6_5.x86_64 Installing nss-util-3.15.3-1.el6_5.x86_64 Installing nss-3.15.3-6.el6_5.x86_64 Installing nss-sysinit-3.15.3-6.el6_5.x86_64 Installing p11-kit-0.18.5-2.el6_5.2.x86_64 Installing p11-kit-trust-0.18.5-2.el6_5.2.x86_64 Installing ca-certificates-2013.1.95-65.1.el6_5.noarch Installing openssl-1.0.1e-16.el6_5.4.x86_64 Installing mysql-libs-5.1.73-3.el6_5.x86_64 My supposition is Anaconda works in this way: - Get package lists from all repositories. - Install packages from cdrom, which have no corespondent is other repository(updates) - Install the remaining packages from update. Because coreutils have a new build in Updates, it is installed after all packages in cdrom repository. I have been working with this kickstart since few months and it had ran correctly .. until March 12. Coincidence or not, coreutils has been added on the same date File:coreutils-8.4-31.el6_5.1.x86_64.rpm 3109 KB 12-Mar-14 4:30:00 PM On Saturday, March 15, 2014 4:55 PM, Eero Volotinen eero.voloti...@iki.fi wrote: Maybe your cd is broken.. 15.3.2014 16.45 kirjoitti EljiUdia eljiu...@yahoo.com: Why it works if I install from URL, not cdrom ? With the same kickstart file On Saturday, March 15, 2014 4:40 PM, Eero Volotinen eero.voloti...@iki.fi wrote: well, your kickstart is broken: see line: %packages --nobase -- Eero 2014-03-15 16:33 GMT+02:00 EljiUdia eljiu...@yahoo.com: Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On , EljiUdia eljiu...@yahoo.com wrote: Is not from me. Anaconda tries to install other packages which depend on coreutil before coreutils. I saw this in /root/install.log . By example, cronie-anacon uses touch command in its postinstalls script, but anaconda don't install coreutil before On Saturday, March 15, 2014 4:24 PM, Reindl Harald h.rei...@thelounge.net wrote: Am 15.03.2014 15:20, schrieb EljiUdia: Moving forward, I have found that some packages are installed before other which depends on them. By example, rsyslog requires command touch , but package containing this command(coreutils) is installed after the rsyslog. Selinux-policy-target is one of them Installing rsyslog-5.8.10-8.el6.x86_64 /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found /var/tmp/rpm-tmp.pg2Vvm: line 5: touch: command not found warning: %post(rsyslog-5.8.10-8.el6.x86_64) scriptlet failed, exit status 127 And is not the only one how do you manage to install a system without coreutils? this would be a completly broken setup from the first second look at what *essential* commands it provides [root@openvas:~]$ rpm -q --filesbypkg coreutils | grep /bin coreutils /bin/arch coreutils /bin/basename coreutils /bin/cat coreutils /bin/chgrp coreutils /bin/chmod coreutils /bin/chown coreutils /bin/cp coreutils /bin/cut coreutils /bin/date coreutils /bin/dd coreutils /bin/df coreutils /bin/echo coreutils /bin/env coreutils /bin/false coreutils /bin/link coreutils /bin/ln coreutils /bin/ls coreutils /bin/mkdir coreutils /bin/mknod coreutils /bin/mktemp coreutils /bin/mv coreutils /bin/nice coreutils /bin/pwd coreutils /bin/readlink coreutils /bin/rm coreutils /bin/rmdir coreutils /bin/sleep coreutils /bin/sort coreutils /bin/stty coreutils /bin/su coreutils /bin/sync coreutils /bin/touch coreutils /bin/true
[CentOS] Install from cdrom and Update repo
Hi, I have make a kickstart file to automate the installation from cdrom and another repo. The kickstart snippet looks like install graphical cdrom repo --name=Updates --baseurl=http://mirror.centos.org/centos/6.5/updates/x86_64/; --cost=98 selinux --enforcing After installation, system boots but kernel crash with the message Kernel Panic - not syncing: Attempted to kill init! Pid: 1 comm: init Not tainted 2.6.32-358.6.2.e16.x86_64 #1 Call Trace: [] ? panic+0xs7/0x16f [] ? do_exit+0x862/0x870 [] ? fput+0x25/0x30 [] ? do_group_exit+0x58/0xd0 [] ? sys_exit_group+0x17/0x20 [] ? system_call_fastpath+0x16/0x1b I found a solution on the web, but nobody tell why it happens. If selinux is disabled, it works. The append of this lines in kickstart has no positive effects. %post --log=/root/postinstall.log /sbin/restorecon -R -v / %end Some ideas? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Install from cdrom and Update repo
Kickstart file is #Generate Kickstart file for newMachine-6717 on Friday 14th of March 2014 10:16:58 PM install graphical cdrom repo --name=Updates --baseurl=http://mirrors.centos.org/centos/6.5/updates/x86_64/; --cost=98 skipx lang en_US.UTF-8 keyboard us timezone UTC rootpw --iscrypted $6$S2YsdEAqRycwTEg0$/Nblabla firewall --enabled --port=22:tcp authconfig --enableshadow --passalgo=sha512 selinux --enforcing network --device=00:15:5d:01:54:05 --bootproto=dhcp --hostname=newMachine-6717 bootloader --location=mbr --driveorder=sda,sdb,sdc --append=crashkernel=auto --iscrypted --password=$1$vzAJV1$s882/Oblabla firstboot --disabled zerombr clearpart --drives=sda --all autopart %packages --nobase %end reboot --eject %post --log=/root/postinstall.log /sbin/restorecon -R -v / %end On Friday, March 14, 2014 11:25 PM, Eero Volotinen eero.voloti...@iki.fi wrote: Please provide complete kickstart, not just a snippet of it. 14.3.2014 22.47 kirjoitti EljiUdia eljiu...@yahoo.com: Hi, I have make a kickstart file to automate the installation from cdrom and another repo. The kickstart snippet looks like install graphical cdrom repo --name=Updates --baseurl= http://mirror.centos.org/centos/6.5/updates/x86_64/; --cost=98 selinux --enforcing After installation, system boots but kernel crash with the message Kernel Panic - not syncing: Attempted to kill init! Pid: 1 comm: init Not tainted 2.6.32-358.6.2.e16.x86_64 #1 Call Trace: [] ? panic+0xs7/0x16f [] ? do_exit+0x862/0x870 [] ? fput+0x25/0x30 [] ? do_group_exit+0x58/0xd0 [] ? sys_exit_group+0x17/0x20 [] ? system_call_fastpath+0x16/0x1b I found a solution on the web, but nobody tell why it happens. If selinux is disabled, it works. The append of this lines in kickstart has no positive effects. %post --log=/root/postinstall.log /sbin/restorecon -R -v / %end Some ideas? ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] quota and selinux on centos 6.5
With semanage it works. The new rule will be included in next release? On Friday, December 20, 2013 7:29 PM, Daniel J Walsh dwa...@redhat.com wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/19/2013 02:31 PM, EljiUdia wrote: Hi, I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here. I have decided to mount /var/spool/cron on a separate partition and apply quota for regular users. But quotacheck replyes with a permission denied . quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied quotacheck: Cannot initialize IO on new quotafile: Permission denied Indeed, files in that directory has a context witch denies quotacheck process to write files. To became suitable fo quota, those files (aquota.user and aquota.group) must have quota_db_t type(in context). If I use restorecon /var/spool/cron/aquota.user , it reports that is no default context for that file. [root@CentOS active]# touch /var/spool/cron/aquota.user [root@CentOS active]# restorecon /var/spool/cron/ [root@CentOS active]# ls -lZ /var/spool/cron/ -rw-r--r--. root root unconfined_u:object_r:user_cron_spool_t:s0 aquota.user [root@CentOS active]# restorecon /var/spool/cron/aquota.user restorecon: Warning no default label for /var/spool/cron/aquota.user Semanage reports this [root@CentOS active]# semanage fcontext -l|grep quota /a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /boot/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /etc/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /sbin/quota(check|on) regular file system_u:object_r:quota_exec_t:s0 /usr/sbin/convertquota regular file system_u:object_r:quota_exec_t:s0 /usr/sbin/quota_nld regular file system_u:object_r:quota_nld_exec_t:s0 /usr/sbin/rpc\.rquotad regular file system_u:object_r:rpcd_exec_t:s0 /var/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/lib/openshift/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/lib/quota(/.*)? all files system_u:object_r:quota_flag_t:s0 /var/lib/stickshift/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/run/quota_nld\.pid regular file system_u:object_r:quota_nld_var_run_t:s0 /var/spool/(.*/)?a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 Take a look on the last file . Isn't a default context for /var/spool/cron/aquota.user ?It looks like https://bugzilla.redhat.com/show_bug.cgi?id=703871 What's your opinion? Elji Udia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos The problem is the way the algorithm that figures out the best match works. restorecon is using /var/spool/cron/[^/]* -- none inseard of /var/spool/(.*/)?a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 I just added /var/spool/cron/a?quota\.(user|group) -- system_u:object_r:quota_db_t:s0 Which now gets matchpathcon /var/spool/cron/aquota.user /var/spool/cron/aquota.user system_u:object_r:quota_db_t:s0 If you want to fix this on your machine just add semanage fcontext -a -t quota_db_t /var/spool/cron/aquota\.user restorecon /var/spool/cron/aquota.user -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlK0fo8ACgkQrlYvE4MpobPDSACgmUcb+jsWTegHPL99/c0w1i5N /tAAoJgPyPuc67UMpDVmjVq3bwePJtFG =A4ww -END PGP SIGNATURE- ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] quota and selinux on centos 6.5
Hi, I'm facing a challenge with selinux and because I don't got an explanation elsewhere, I'm trying to explain here. I have decided to mount /var/spool/cron on a separate partition and apply quota for regular users. But quotacheck replyes with a permission denied . quotacheck: Cannot create new quotafile /var/spool/cron/aquota.user.new: Permission denied quotacheck: Cannot initialize IO on new quotafile: Permission denied Indeed, files in that directory has a context witch denies quotacheck process to write files. To became suitable fo quota, those files (aquota.user and aquota.group) must have quota_db_t type(in context). If I use restorecon /var/spool/cron/aquota.user , it reports that is no default context for that file. [root@CentOS active]# touch /var/spool/cron/aquota.user [root@CentOS active]# restorecon /var/spool/cron/ [root@CentOS active]# ls -lZ /var/spool/cron/ -rw-r--r--. root root unconfined_u:object_r:user_cron_spool_t:s0 aquota.user [root@CentOS active]# restorecon /var/spool/cron/aquota.user restorecon: Warning no default label for /var/spool/cron/aquota.user Semanage reports this [root@CentOS active]# semanage fcontext -l|grep quota /a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /boot/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /etc/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /sbin/quota(check|on) regular file system_u:object_r:quota_exec_t:s0 /usr/sbin/convertquota regular file system_u:object_r:quota_exec_t:s0 /usr/sbin/quota_nld regular file system_u:object_r:quota_nld_exec_t:s0 /usr/sbin/rpc\.rquotad regular file system_u:object_r:rpcd_exec_t:s0 /var/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/lib/openshift/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/lib/quota(/.*)? all files system_u:object_r:quota_flag_t:s0 /var/lib/stickshift/a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 /var/run/quota_nld\.pid regular file system_u:object_r:quota_nld_var_run_t:s0 /var/spool/(.*/)?a?quota\.(user|group) regular file system_u:object_r:quota_db_t:s0 Take a look on the last file . Isn't a default context for /var/spool/cron/aquota.user ?It looks like https://bugzilla.redhat.com/show_bug.cgi?id=703871 What's your opinion? Elji Udia ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos