RE: [CentOS] Migration from VMWare to HP Blade
> Hi all, > > A few months ago, I migrated some of our internal servers to HP > blades, as the VMWare box they were previously running on was getting > too slow. > > However, it wasn't without it's problems, and eventually the only way I > could get them to work was: > > Install the same version of CentOS on the blade (believed to be 5.0, but > /etc/redhat-release says 5.2) > Took down both servers, booting them off the SystemRescueCD, > mounting all the partition on /mnt/transfer etc > Ran rsync to copy all the data from one to the other - except /boot and > /lib/modules > Brought the blade up, and saw that it booted fine. > > However, a new kernel has been released and we tried rebooting... And > it panicked. It seems to be LVM related, in that it can't mount /dev/root - > and I've tried manually running mkinitrd to regenerate the initrd to no > avail. > > I was just wondering if anyone had encountered similar problems, and > knew of any solutions? Having just done the opposite (test migrating a CentOS server from physical hardware to VMWare), I have a very good idea :-) It was CentOS 4, but the basic bits should be the same You need to edit /etc/modprobe.conf, and change the line (or lines) that start with: "alias scsi_hostadapter" If the server was vmware, the existing lines are probably alias scsi_hostadapter mptbase alias scsi_hostadapter1 mptscsih I'm not sure what you'll have to change mptbase and mptscsih to be; on HP servers, cciss is the correct driver. Others will vary (you could try a quick basic manual install on the target hardware and see what gets put in that file by the OS installer). After you've changed modprobe.conf, re-run mkinitrd and reboot. Should be good to go. You'll also have to watch out for HWADDR in /etc/sysconfig/network-scripts/ifcfg-eth*, either changing it to match your new hardware, or removing it entirely. Kudzu will probably take care of sorting out the network card driver entries in modprobe; follow your nose and take a guess, you'll probably get it right. Either way, mkinitrd is only necessary (in this case) to get access to your root device Hope that helps, Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] formatting large volume
> >Just pvcreate the whole disk and forgo partitioning it. Then create a > >vg out of it and start creating lvs. > > Hey Ross, > I thought it was best practice to create an LVM partition > such that the > disk could be recognizable under all circumstances such as if > the volume > was moved? Is that not really "best practice" anymore? I'm not Ross, but I'll chime in: I heartily recommend creating an LVM partition rather than using the entire disk. It will cover you for those times when you are booting off the Rescue or Install CD. When anaconda(?) sees an LVM "formatted" disk, it thinks it's garbage because there's no valid partition table. It then asks you if you want to format the disk (or words to that effect; I forget the precise details), with the default set to YES (WTH? Default option is the most dangerous? That's nutty). >From experience I can tell you that selecting "Yes" is really really bad for >your LVM meta data. Let's just say it took a while to restore the 1TB of data >the time I miss-clicked YES from a finger twitch at the wrong moment while >moving the mouse. Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] dm-multipath use
> Are folks in the Centos community succesfully using > device-mapper-multipath? > I am looking to deploy it for error handling on our iSCSI > setup but there > seems to be little traffic about this package on the Centos > forums, as far > as I can tell, and there seems to be a number of small issues > based on my > reading the dm-multipath developer lists and related resources. > > -geoff I'm using it on RHEL 5 (close enough for the purposes of your query), connecting to an HP EVA 6000 SAN. The RHEL documentation (http://www.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5.2/html/DM_Multipath/index.html) certainly covers the basics adequately, and was enough to get me going. I'm using LVM over the top of that, so I found it worthwhile to tweak /etc/lvm/lvm.conf to filter out all the various aliases for the disks that show up in /dev. My filter line is currently: filter = [ "r/sd.*/", "r:disk/by.*:", "a/.*/" ] which works well for me, but YMMV, particularly with the filtering out of "sd.*" (That works here because our main OS disks are on /dev/cciss) You've also got to be a little careful when unpresenting disks (SAN terminology, may not apply to ISCSI). From our internal documentation (some notes I wrote at the time, and with subsequent experience): * Removing is trickier; you need to ensure no-one is trying to still use the disk. Particularly watch out for lvm. If the disk is part of a volume group, you have to run #vgchange -an first, otherwise LVM still thinks the disk is there, and things like lvmdiskscan/pvdisplay etc start hanging when the disk has gone away. Once the disk is unused, unpresent the disk from the SAN, rescan to remove no-longer existing disks, then restart multipathd (/etc/init.d/multipathd restart). Running #multipath -F may also be sufficient, but I've found restarting multipathd entirely a smidgen more reliable (but I may have been doing things wrong before that). If things get really stuck, then you might have some luck with dmsetup. If "multipath -ll" shows failed disks (that have been unpresented properly), use dmsetup to remove the failed disk with the command: #dmsetup remove where is "mpath". Find the stuck one from the output of multipath -ll; be sure you've got the right mpath device. Optionally, if you've got stuck lvmdiskscan or pvdisplay type processes (trying to access the missing disk), then the "remove" will fail, claiming the device is in use (which, in some senses, it is). In this case, double check you've got the right mpath device (otherwise you'll fsck your system), and run: #dmsetup remove --force This will claim failure (device-mapper: remove ioctl failed: Device or resource busy), but if you now run #dmsetup info then you'll see the "Open count" has gone to zero. You can now run the plain remove one more time: #dmsetup remove and it will be removed. Your hung processes will finally die the death they deserve, and the unpresented disk will be unknown to the system any longer. * It has worked well in real life, except for one day when one of our EVA SAN Controllers died; one host survived, another had multipathd itself die with a double free error (which I bugzilla'd upstream). Disks went away, but came back on restarting multipathd. Odd, but survivable, and not indicative of a general problem (probably something I did early on in the setup that hung around). And one other word of advice: Play with it a lot in a test system first. It should go without saying, but this is really one of those times. There are many things you can learn safely on a production device; this isn't one of them. Get really comfortable with adding/removing/munging before you go live. And you will break it at least once during your preparation, if not more ;-). Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Odd behaviour with modules; looking for some theories
Hi all, Recently, after doing some maintenance on one of my servers (Centos 5), I rebooted. On reboot, it didn't find the SAN disks at all, and after some poking around in maintenance mode, I discovered that it couldn't find the Qlogic module. It turns out that /lib/modules//modules.alias, modules.dep and such were all empty or just had their header comment lines. moddep -a fixed things up quickly enough once I figured out what was going on. However, I'm kinda stumped as to how these files got nuked in the first place. It wasn't files being deleted completely, it's like they were regenerated incorrectly. Checking backups showed these files were last changed (to their short form) on Feb 11; yum.log doesn't show any sign of updates on that date, so presumably it wasn't something like a kernel installation running amok. Does anyone have any theories as to what happened? Random logical guesses is fine ;-) Thanks, Craig Miskell, Technical Support, AgResearch Invermay 03 489-9279 "Usenet is like a herd of performing elephants with diarrhea -- massive, difficult to redirect, awe-inspiring, entertaining, and a source of mind- boggling amounts of excrement when you least expect it." -- Gene "spaf" Spafford (1992) === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
> few questions also > > 1/ what is different between vconfig and your configure to > set it up the vlan? Using the scripts in /etc/sysconfig/network-scripts will use vconfig for you. > 2/ what is the different vlan and vlan trunking? I'm not sure I understand the question, but I'll try and explain something. VLAN trunking is when you have multiple VLANs traversing a physical link, such as between two switches, or in your case (I think), between a switch and a server which you want to have multiple interfaces on (in various VLANs). Each ethernet frame is tagged with the VLAN id, which the receiving end uses to decide what VLAN the frame should be forwarded too. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
> Miskell, Craig wrote: > >> > >> ls centos supporting vlan setup? > > If by that you mean 802.1q trunking, then yes. > > > >> ls it reliable? > > Seems to be in my experience, but that's only limited so far. > > > >> how can I do it? > > Create multiple ifcfg files in > /etc/sysconfig/network-scripts, e.g. for > > multiple VLANs on eth0: > > ifcfg-eth0 > > ifcfg-eth0.2 > > ifcfg-eth0.100 > > > > The number after the decimal is the VLAN id (default (1), 2 and 100 > > respectively above). In each file, add VLAN=yes. And > don't forget to > > turn on trunking on the switch to which you're attached. > The network > > startup scripts will then do the right thing. > > Are the details documented somewhere? Yep: /usr/share/doc/initscripts-/sysconfig.txt > Is vlan 1 always native > (untagged) or can you specify that? I remember having some > problem with > Intel NICs on windows not liking native packets at all if any were > tagged but I don't know if that was a hardware or software issue. I'm not sure about the vlan 1/untagged nature; it "just worked" here, and might have something to do with the configuration of the switch you're connecting to. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] vlan support
> Hi all > > ls centos supporting vlan setup? If by that you mean 802.1q trunking, then yes. > ls it reliable? Seems to be in my experience, but that's only limited so far. > how can I do it? Create multiple ifcfg files in /etc/sysconfig/network-scripts, e.g. for multiple VLANs on eth0: ifcfg-eth0 ifcfg-eth0.2 ifcfg-eth0.100 The number after the decimal is the VLAN id (default (1), 2 and 100 respectively above). In each file, add VLAN=yes. And don't forget to turn on trunking on the switch to which you're attached. The network startup scripts will then do the right thing. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables GUIs
> Miskell, Craig wrote: > > Hi, > > This is semi-OT, but is Centos-related. > > > > I'm looking for an IPTables GUI to help us with our expanding > > network configuration. I know there's plenty out there, but most of > > them seem to manage the firewall on the computer on which > they run, or > > only handle one firewall at a time. I need one that can > easily manage > > multiple firewalls from some sort of central > location/repository, i.e. > > sharing definitions of services, hosts etc. > > > fwbuilder is the obvious choice for you. > > I went through a number of options myself before settling on > shorewall. > My requirements are different than yours. But it was fwbuilder's > obvious fit to what you are asking for that was the reason I > rejected it! Thanks for the confirmation; knowing I'm not missing some other obvious option is good. And thank you for being only the second person who's replied who has actually read the bit of my post where I state the local requirements, instead of telling me about YALFG (Yet Another Local Firewall GUI) ;-) Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] IPTables GUIs
> I think there's one for shorewall and firestarter. Thanks, but firestarter has to run on the actual firewall (thus not meeting the "multiple firewall/central repository requirement"), and the only GUI I've been able to locate for shorewall is a webmin plugin, which implicitly is the same as the above (quite aside from the dubious security scenario of running webmin on a firewall). Craig > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Miskell, Craig > Sent: Sunday, February 03, 2008 8:43 PM > To: CentOS mailing list > Subject: [CentOS] IPTables GUIs > > Hi, > This is semi-OT, but is Centos-related. > > I'm looking for an IPTables GUI to help us with our expanding > network configuration. I know there's plenty out there, but > most of them > seem to manage the firewall on the computer on which they run, or only > handle one firewall at a time. I need one that can easily > manage multiple > firewalls from some sort of central location/repository, i.e. > sharing definitions of services, hosts etc. > > I've googled and hunted, and FWBuilder seems reasonably good > from what I've > seen so far. Are there any other packages out there? Are there any > recommendations (to look at or to avoid)? > > Thanks, > > Craig Miskell, > Technical Support, > AgResearch Invermay > 03 489-9279 > "There are no problems that cannot be solved by the judicious > use of high > explosives" > -- British Commando quote, circa WWII. > == > = > Attention: The information contained in this message and/or > attachments from > AgResearch Limited is intended only for the persons or > entities to which it > is addressed and may contain confidential and/or privileged > material. Any > review, retransmission, dissemination or other use of, or > taking of any > action in reliance upon, this information by persons or > entities other than > the intended recipients is prohibited by AgResearch Limited. > If you have > received this message in error, please notify the sender immediately. > == > = > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > > ___ > CentOS mailing list > CentOS@centos.org > http://lists.centos.org/mailman/listinfo/centos > === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] IPTables GUIs
Hi, This is semi-OT, but is Centos-related. I'm looking for an IPTables GUI to help us with our expanding network configuration. I know there's plenty out there, but most of them seem to manage the firewall on the computer on which they run, or only handle one firewall at a time. I need one that can easily manage multiple firewalls from some sort of central location/repository, i.e. sharing definitions of services, hosts etc. I've googled and hunted, and FWBuilder seems reasonably good from what I've seen so far. Are there any other packages out there? Are there any recommendations (to look at or to avoid)? Thanks, Craig Miskell, Technical Support, AgResearch Invermay 03 489-9279 "There are no problems that cannot be solved by the judicious use of high explosives" -- British Commando quote, circa WWII. === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] File retrieval from outside hangs, internally is okay, only Centos5 affected
> I have a really weird problem with some of my servers, namely all the > ones running Centos5 > > When I try to download a file from the server to a machine outside our > Cisco 6500 router/firewall, the download hangs about half the times > (15 out of 40) when less than half a megabyte into the transfer > (varied from 76 kb to 496 kb). > > One server has a portchannel (Cisco speak for ethernet bundle), others > do not, some use e1000, some use broadcom, I've tried httpd and scp > transfers, I've tried from three different clients, > > Here's the really annoying part: the problem only occurs when > downloading from outside the firewall, not when transferring files > internally in the serverroom! And the switch is the firewall is a > modular chassis, so the data comes over the same backplane regardless. > > And there's 42 files in /proc/net/sys/ipv4 which differ between EL4 > and Centos5, so I'm a little lost here > > Anybody got some ideas? Just to state the obvious (well, obvious to me), which you don't seem to have mentioned above: The filtering part of the 6500 is dropping the traffic, and is dropping it because of something that Centos 5 is doing differently from EL4. I think there was a post to this list just last week about something similar; I don't have time to search the archive, but it is something to do with a TCP option/extension which is on in Centos 5, but can be turned off via a setting in /proc somewhere; the extension should be acceptable to all firewalls/routers (uses a previously unused few bits in the TCP header), but some decide it's not valid and drop packets/connections. Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] General question about PHP
> Hello, > > Is that possible to disable running of PHP on certain directories? > I am running a server which provides personal homepage > service. However, not every user are familiar with security, > some may upload some PHP scripts with bugs/holes. I do not > want them to be executed on the server. > I can enable the safe_mode, but I have some other PHP scripts > which need safe_mode to be disabled. > Any suggestions? Yes. In you httpd.conf, you can include: php_flag engine off Which disables php processing for the directory /var/www/sheep/html/tmp . You could probably just include php_flag engine off In an .htaccess in the directory in question, assuming you've set AllowOverride to an appropriate value, and don't mind the slight performance hit of doing it that way. We use the former method to protect areas where users are permitted to upload files to (mediawiki in this case), stopping a user uploading something malicious which would then execute in the context of the webserver Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Security checklist for new Centos server?
> Feel free to rearrange, cut, add, give links, whatever: personally, > I'm interested in securing the whole box, meaning how to glue things > together in the safest possible way, without forgetting anything, > while things like how to make Postfix not an open relay, for example, > are already covered in detail in the Postfix docs. I have found that the checklist/scripts/documents at http://www.cisecurity.org/ are a pretty good starting point. Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Roll a .src.rpm without physical build?
> Hi, > > I got into a situation where a source rpm (.src.rpm) > file needs to be rolled but without build process > involved. > > That is, I have a hacked version .spec file and a > tarball, and needs to roll these two files into a > .src.rpm file directly and send it out without build > it. > > Any one know the command(s) to fullfill it? Thanks. rpmbuild -bs foo.spec Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Loss of Prompt & Cursor
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robert Thompson > Sent: Tuesday, 10 July 2007 5:06 a.m. > To: CentOS mailing list > Subject: [CentOS] Loss of Prompt & Cursor > > When I log into a virtual console as ordinary user, I > initially have a > prompt & cursor. After I > print 24 lines or more, the last visible (24th) line will be data > instead of the prompt & cursor. The up arrow no longer gives the > previous commands. A clear command will restore the prompt & cursor. > > This bug first appeared after I installed CentOS5. I do not > believe it > is a CentOS5 bug however because when I boot Ubuntu from a > LivePC CDROM, > the same thing happens. > > Any comments/suggestions would be appreciated. Thanks in > advance - Bob T. Use the "size/position" controls of your monitor to shrink and reposition the displayed image (or your monitor may have an auto-adjust feature which can be invoked). My guess is that the 25th line is being displayed, with prompt and cursor etc, but is off the bottom of visible screen area. Craig Miskell === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] good resources for making RPMs, Craig in N.Z.
> >Message: 23 > >Date: Tue, 3 Jul 2007 08:19:43 +1200 > >From: "Miskell, Craig" <[EMAIL PROTECTED]> > >Subject: RE: [CentOS] good resources for making RPMs > > > <[EMAIL PROTECTED]> > > Craig: Did you see the message Johnny posted a few days ago? I think > he was looking for people who use CentOS in New Zealand? Lanny Yeah, but I'm not doing anything truly interesting with it, just bog standard boring server stuff Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] good resources for making RPMs
> Could anyone recommend some good resources I might go to for > making an RPM? http://www.rpm.org is good, particularly http://www.rpm.org/max-rpm/ section II " RPM and Developers". Also try looking at some existing spec files to get a handle on the variety of things you can/should be doing. HTH, Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
RE: [CentOS] Selinux custom policy issue - Centos 5
> On Tue, 2007-06-12 at 12:24 +1200, Miskell, Craig wrote: > > Where file_upload_store_t is one of my custom types. My > local.fc looks > > like this: > > /data/spool/blastreq(/.*)?system_u:object_r:blast_req_t > > /data/spool/blastres(/.*)?system_u:object_r:blast_res_t > > /data/upload(/.*)? > > system_u:object_r:file_upload_store_t > > /data/bfiles(/.*)?system_u:object_r:bfiles_t > > /var/www/possumbase/html/imagetemp(/.*)? > > system_u:object_r:http_image_temp_t > > /var/www/sheep/html/imagetemp(/.*)? > > system_u:object_r:http_image_temp_t > > > > And my local.te contains (selected portions only for now): > > module local 1.1; > > > > require { > > ... > > > > ... > > } > > type blast_req_t,file_type; > > allow httpd_sys_script_t blast_req_t:file { create getattr write}; > > allow httpd_sys_script_t blast_req_t:dir { read getattr lock search > > ioctl add_name write }; > > ...etc > > Is file_upload_store_t defined in your local policy? E.g.: > > type file_upload_store_t, file_type; Yes (sorry, that would have been the sensible bit to selectively extract; I don't know what I was thinking): *** type file_upload_store_t,file_type; allow httpd_sys_script_t file_upload_store_t:dir { read getattr create search write add_name }; allow httpd_sys_script_t file_upload_store_t:file { create getattr write read }; *** Craig === Attention: The information contained in this message and/or attachments from AgResearch Limited is intended only for the persons or entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipients is prohibited by AgResearch Limited. If you have received this message in error, please notify the sender immediately. === ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos