rotating screen - Radeon server

[Stephen Isard]

I'm having what I think is the problem described at 
https://access.redhat.com/solutions/3177441.  On an SL7 system using the Radeon 
server, rotating the screen with xrandr fails with a lot of error messages 
involving evergreen.  Unfortunately, RedHat won't show me the solution, even 
though I have signed up for one of the free developer's licences.  I've 
searched but not found any other relevant link.  Can anyone here help?

Thanks,

Stephen Isard

Re: google-chrome

[Stephen Isard]

On Sat, 23 Oct 2021 13:19:52 -0400, Nico Kadel-Garcia  wrote:

>On Sat, Oct 23, 2021 at 12:55 PM Stephen Isard
> wrote:
>>
>> On Fri, 22 Oct 2021 09:54:19 -0500, Mark Stodola  
>> wrote:
>>
>> >On 10/22/21 9:40 AM, Stephen Isard wrote:
>> >> For the past couple of days, I've been getting
>> >>
>> >> --
>> >> /etc/cron.daily/0yum-daily.cron:
>> >>
>> >> Failed to check for updates with the following error message:
>> >> Failed to build transaction: google-chrome-stable-95.0.4638.54-1.x86_64
>> >> requires libc.so.6(GLIBC_2.18)(64bit)
>> >> --
>> >>
>> >> Disabling the google-chrome repo makes the error message go away, of 
>> >> course,
>> >> and lets check-update proceed.  But is this the end of the road for chrome
>> >> updates on SL7, or is there some reasonably straightforward work-around?
>> >>
>> >> Stephen Isard
>> >
>> >For the record, I'm a Firefox user...  I honestly don't see why some
>> >people are so tied up on chrome.
>> >There is a chromium package available that works fine and uses the same
>> >rendering engine.
>> >You could also look into a snap or appimage packaging.
>> >Historically, google doesn't give a flip about supporting "old" anything.
>>
>> I mostly use firefox, but there are sites where it doesn't display properly 
>> and chrome does.  (Maybe the converse is also true, but I wouldn't know 
>> because I only turn to chrome when firefox doesn't work.)  
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.septa.org_schedules_rail_=DwIFaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=i8lPkBMuEDK6cUEBTT5-REXMT8OK9fEHBGk__l0HSbnoQbkHHMRG1Ks2lzAzVJpb=OLOXT5NGr6IAORcdHsRPRPXfkr_gAd9_nSa5VFLmPBw=
>>   is an example of a site that firefox messes up for me.
>
>So use "chromium", rather than the leading edge and unlikely to be
>stable google-chrome builds.

Thanks!  I hadn't been aware that there was a chromium rpm.  I think it solves 
my problem.

Stephen Isard

Re: google-chrome

[Stephen Isard]

On Fri, 22 Oct 2021 09:54:19 -0500, Mark Stodola  wrote:

>On 10/22/21 9:40 AM, Stephen Isard wrote:
>> For the past couple of days, I've been getting
>>
>> --
>> /etc/cron.daily/0yum-daily.cron:
>>
>> Failed to check for updates with the following error message:
>> Failed to build transaction: google-chrome-stable-95.0.4638.54-1.x86_64
>> requires libc.so.6(GLIBC_2.18)(64bit)
>> --
>>
>> Disabling the google-chrome repo makes the error message go away, of course,
>> and lets check-update proceed.  But is this the end of the road for chrome
>> updates on SL7, or is there some reasonably straightforward work-around?
>>
>> Stephen Isard
>
>For the record, I'm a Firefox user...  I honestly don't see why some 
>people are so tied up on chrome.
>There is a chromium package available that works fine and uses the same 
>rendering engine.
>You could also look into a snap or appimage packaging.
>Historically, google doesn't give a flip about supporting "old" anything.

I mostly use firefox, but there are sites where it doesn't display properly and 
chrome does.  (Maybe the converse is also true, but I wouldn't know because I 
only turn to chrome when firefox doesn't work.)  
http://www.septa.org/schedules/rail/ is an example of a site that firefox 
messes up for me.

Stephen Isard

Re: google-chrome

[Stephen Isard]

On Fri, 22 Oct 2021 20:20:03 -0400, Nico Kadel-Garcia  wrote:

>On Fri, Oct 22, 2021 at 10:52 AM Stephen Isard
> wrote:
>>
>> For the past couple of days, I've been getting
>>
>> --
>> /etc/cron.daily/0yum-daily.cron:
>>
>> Failed to check for updates with the following error message:
>> Failed to build transaction: google-chrome-stable-95.0.4638.54-1.x86_64
>> requires libc.so.6(GLIBC_2.18)(64bit)
>
>What repo, exactly, are you looking at?

google-chrome.repo:

[google-chrome]
name=google-chrome
baseurl=http://dl.google.com/linux/chrome/rpm/stable/x86_64
enabled=0
gpgcheck=1
gpgkey=https://dl.google.com/linux/linux_signing_key.pub

(I get the error message with enabled=1)

Stephen Isard

google-chrome

[Stephen Isard]

For the past couple of days, I've been getting

--
/etc/cron.daily/0yum-daily.cron:

Failed to check for updates with the following error message: 
Failed to build transaction: google-chrome-stable-95.0.4638.54-1.x86_64
requires libc.so.6(GLIBC_2.18)(64bit)
--

Disabling the google-chrome repo makes the error message go away, of course,
and lets check-update proceed.  But is this the end of the road for chrome
updates on SL7, or is there some reasonably straightforward work-around?

Stephen Isard

GlobalProtect vpn

[Stephen Isard]

Has anyone had success in connecting to a Palo Alto Networks 
GlobalProtect vpn with openconnect on another open source client? 
There is a linux GlobalProtect client, which has the distribution names 
CentOS, RHEL and Ubuntu hard coded into it, and looks for them in 
/etc/centos-release and /etc/os-release.  I have managed to use it from 
Scientific Linux by installing an /etc/centos-release file.  My guess is 
that it checks for /etc/centos-release before looking in 
/etc/os-release, but that seems a matter of luck and maybe could change. 
I would rather have a less fragile solution.


Stephen Isard

Re: exim missing file error

[Stephen Isard]

On Tue, 19 May 2020 11:30:42 -0400, Stephen Isard  
wrote:

>I have an SL7.8 laptop that runs exim for internal email - messages
>to/from root about cron jobs, that sort of thing.  Exim doesn't handle
>any mail to or from the outside.  There was an upgrade to
>exim-4.93-2.el7.x86_64 a few days ago, and since then messages of the
>form
>
>DMARC failure to load tld list 
>'/usr/share/publicsuffix/public_suffix_list.dat': No such file or directory
>
>have been appearing the exim logs.  'yum provides' doesn't
>list any package as providing that file.
>
>As far as I can tell, no mail has been getting lost.  But why should
>there be an appeal to DMARC for internal mail anyway?
>
>Stephen Isard

Just for the record, the error messages have ceased with exim-4.94-1.el7.x86_64.

exim missing file error

[Stephen Isard]

I have an SL7.8 laptop that runs exim for internal email - messages 
to/from root about cron jobs, that sort of thing.  Exim doesn't handle 
any mail to or from the outside.  There was an upgrade to 
exim-4.93-2.el7.x86_64 a few days ago, and since then messages of the 
form


DMARC failure to load tld list 
'/usr/share/publicsuffix/public_suffix_list.dat': No such file or directory

have been appearing the exim logs.  'yum provides' doesn't 
list any package as providing that file.


As far as I can tell, no mail has been getting lost.  But why should 
there be an appeal to DMARC for internal mail anyway?


Stephen Isard

Re: xrdp-selinux

[Stephen Isard]

On Mon, 27 May 2019 12:05:47 -0700, Akemi Yagi  wrote:

>On Sun, May 26, 2019 at 6:21 PM Stephen Isard  
>wrote:
>>
>> Trying to upgrade xrdp, I get
>>
>> Error: Package: 1:xrdp-selinux-0.9.10-1.el7.x86_64 (epel)
>>  Requires: selinux-policy >= 3.13.1-229.el7_6.12
>>  Installed: selinux-policy-3.13.1-229.el7_6.6.noarch 
>> (@sl-security)
>>  selinux-policy = 3.13.1-229.el7_6.6
>>  Available: selinux-policy-3.13.1-229.el7.noarch (sl)
>>  selinux-policy = 3.13.1-229.el7
>>  Available: selinux-policy-3.13.1-229.el7_6.5.noarch 
>> (sl-security)
>>  selinux-policy = 3.13.1-229.el7_6.5
>>
>> I see that the Centos repository has
>> selinux-policy-3.13.1-229.el7_6.12.noarch.rpm.
>
>Release of selinux-policy-3.13.1-229.el7_6.12 was announced by SL on Apr 30.
>
>What does 'sudo yum list selinux-policy' show?
>
>Akemi

Thanks, Akemi.  Your message prompted me to enable sl-fastbugs and yum finds 
the package there.

Stephen Isard

xrdp-selinux

[Stephen Isard]

Trying to upgrade xrdp, I get

Error: Package: 1:xrdp-selinux-0.9.10-1.el7.x86_64 (epel)
Requires: selinux-policy >= 3.13.1-229.el7_6.12
Installed: selinux-policy-3.13.1-229.el7_6.6.noarch (@sl-security)
selinux-policy = 3.13.1-229.el7_6.6
Available: selinux-policy-3.13.1-229.el7.noarch (sl)
selinux-policy = 3.13.1-229.el7
Available: selinux-policy-3.13.1-229.el7_6.5.noarch (sl-security)
selinux-policy = 3.13.1-229.el7_6.5

I see that the Centos repository has 
selinux-policy-3.13.1-229.el7_6.12.noarch.rpm.

Dropbox

[Stephen Isard]

Hello,

I am trying to install dropbox on an up to date SL 7.6 system.  
caja-dropbox from nux-dextop installs, but when I try to run it, I get a
popup saying that it needs to download a proprietary daemon and after a
while that fails saying that I need glibc 2.18 and SL only has 2.17.  
When I try to compile from dropbox-caja-master.zip downloaded from the
dropbox website, it fails with "Requested 'libcaja-extension >= 1.17.1' but
version of libcaja-extension is 1.16.6".

Any suggestions on how to proceed?

Thanks,

Stephen Isard

xfreerdp crashing X server

[Stephen Isard]

Affected machine is a Lenovo Thinkpad X1, 3rd generation (2015).  Lspci 
says

VGA compatible controller: Intel Corporation HD Graphics 5500 (rev 09)

I've recently upgraded to SL7.6.  Previously xfreerdp (freerdp rpm from 
epel) worked as advertised.  Now attempting to run xfreerdp crashes the 
X server.  The last lines in /var/log/Xorg.0.log are:


[ 1037.968] (EE) [ 1037.968](EE) Backtrace:
[ 1037.968] (EE) 0: /usr/bin/X (xorg_backtrace+0x55) [0x562ee2b870f5]
[ 1037.968] (EE) 1: /usr/bin/X (0x562ee29d6000+0x1b4d79) [0x562ee2b8ad79]
[ 1037.968] (EE) 2: /lib64/libpthread.so.0 (0x7ffaa6b1f000+0xf5d0) [0x7ffaa6b2e 
5d0]
[ 1037.968] (EE) 3: /usr/bin/X (miHandleValidateExposures+0x29) 
[0x562ee2b7f919]
[  1037.968] (EE) 4: /usr/bin/X (0x562ee29d6000+0x8652f) 
[0x562ee2a5c52f]

[  1037.968] (EE) 5: /usr/bin/X (ConfigureWindow+0xa94) [0x562ee2a5d684]
[  1037.968] (EE) 6: /usr/bin/X (0x562ee29d6000+0x569b8) 
[0x562ee2a2c9b8]
[  1037.968] (EE) 7: /usr/bin/X (0x562ee29d6000+0x5c35b) 
[0x562ee2a3235b]
[  1037.968] (EE) 8: /usr/bin/X (0x562ee29d6000+0x603aa) 
[0x562ee2a363aa]
[  1037.969] (EE) 9: /lib64/libc.so.6 (__libc_start_main+0xf5) 
[0x7ffaa67743d5]
[  1037.969] (EE) 10: /usr/bin/X (0x562ee29d6000+0x4a4ce) 
[0x562ee2a204ce]

[  1037.969] (EE)
[  1037.969] (EE) Segmentation fault at address 0x0
[  1037.969] (EE)
Fatal server error:
[  1037.969] (EE) Caught signal 11 (Segmentation fault). Server aborting
[  1037.969] (EE)
[  1037.969] (EE)
Please consult the The X.Org Foundation support  at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__wiki.x.org=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=qQpTYsNaO8kHkkN5KtNX7xgiISxi3xM91jBybadjqN8=VWJfp2iH9OEAY13O5P1ahSPdbVGp199bLv0fXYj-b4s=
 for help.
[  1037.969] (EE) Please also check the log file at "/var/log/Xorg.0.log" for 
additional information.
[  1037.969] (EE)
[  1037.969] (II) AIGLX: Suspending AIGLX clients for VT switch
[  1038.060] (EE) Server terminated with error (1). Closing log file.

I've submitted a bug report 
https://urldefense.proofpoint.com/v2/url?u=https-3A__bugzilla.redhat.com_show-5Fbug.cgi-3Fid-3D1659113=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=qQpTYsNaO8kHkkN5KtNX7xgiISxi3xM91jBybadjqN8=YHLOIrVtfZW5LWCaCUDteKPK8rFHYGJN7kbN3by0riY=, but if anyone here 
has advice in the meantime, I'd be grateful.


Stephen Isard

Re: firefox on SL 6.10

[Stephen Isard]

I needed to add '--disableplugin=priorities' because of the way my priorities 
were set.  Could it be the same for you?

Stephen Isard

On Wed, 5 Sep 2018 17:13:57 -0500, Gilbert E. Detillieux 
 wrote:

>I'm trying the following...

yum --enablerepo=sl6x-fastbugs update firefox

... and I get "No Packages marked for Update".  (And, yes, I've done a 
"yum --enablerepo=* clean all" beforehand.)  Does the package have a 
different name?

Gilbert

On 05/09/2018 4:21 PM, Stephen Isard wrote:
> It is in sl6x-fastbugs (thank you, Glenn Cooper) and solves my problem.  It 
> doesn't crash when I download a pdf from the browser.
> 
> Stephen Isard
> 
> On Tue, 4 Sep 2018 16:19:02 -0500, Stephen Isard <7p03xy...@sneakemail.com> 
> wrote:
> 
>> Thank you, Andrew.
>>
>> Yum isn't showing me that newer version.  Which SL repo does it come from?
>>
>> I haven't been having any problems reading pdfs in the browser.  Just 
>> (lately) downloading them.
>>
>> Stephen Isard
>>
>> On Tue, 4 Sep 2018 21:59:43 +0100, Andrew C Aitchison 
>>  wrote:
>>
>>> There is a slightly newer firefox for SL 6.10.
>> IIRC 60.1.0-6 fixed some crashes for me.
>>
>> Is the in-browser pdf much good these days ?
>> I haven't tried it for several years because it couldn't handle
>> the PDFs I typically wanted to view.
>>
>>
>> # cat /etc/redhat-release
>> Scientific Linux release 6.10 (Carbon)
>> # rpmquery firefox
>> firefox-60.1.0-6.el6.x86_64
>> # rpmquery -i --changelog firefox
>> Name: firefox  Relocations: (not relocatable)
>> Version : 60.1.0Vendor: Scientific Linux
>> Release : 6.el6 Build Date: Wed 18 Jul 2018 
>> 20:03:20 BST
>> Install Date: Wed 25 Jul 2018 07:59:23 BST  Build Host: sl6.fnal.gov
>> Group   : Unspecified   Source RPM: 
>> firefox-60.1.0-6.el6.src.rpm
>> Size: 257975474License: MPLv1.1 or GPLv2+ or 
>> LGPLv2+
>> Signature   : DSA/SHA1, Thu 19 Jul 2018 13:58:59 BST, Key ID b0b4183f192a7d7d
>> Packager: Scientific Linux
>> URL : 
>> https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mozilla.org_firefox_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=eIwqrPZqtmLWwarNK_ZHnYSpTYBHlBCqvlBaqw47Fg8=SR-U7FrpmpV2w8d2NCq0EHgpCuGy4878w7QDpLpp3Mg=
>> Summary : Mozilla Firefox Web browser
>> Description :
>> Mozilla Firefox is an open-source web browser, designed for standards
>> compliance, performance and portability.
>> * Mon Jul 09 2018 Jan Horak  - 60.1.0-6
>> - Fix for missing schemes for bundled gtk3
>>
>> -
>>
>> On Tue, 4 Sep 2018, Stephen Isard wrote:
>>
>>> Hello,
>>>
>>> Firefox has been crashing if I try to save a pdf that I have been viewing in
>>> the browser to a file.  My logs show lines:
>>>
>>> Sep 3 15:02:21 localhost kernel: firefox[1282] trap int3 ip:7fe61b3eb5bf
>>> sp:7ffc7a08efe0 error:0
>>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[23423]: segfault at 0 ip
>>> 7f91e5049f9d sp 7f91e29ecaf0 error 6 in
>>> libxul.so[7f91e4b5e000+532a000]
>>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1554]: segfault at 0 ip
>>> 7f3502149f9d sp 7f34ffaecaf0 error 6 in
>>> libxul.so[7f3501c5e000+532a000]
>>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1420]: segfault at 0 ip
>>> 7f674d349f9d sp 7f674acecaf0 error 6 in
>>> libxul.so[7f674ce5e000+532a000]
>>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1384]: segfault at 0 ip
>>> 7fa16a249f9d sp 7fa167becaf0 error 6 in
>>> libxul.so[7fa169d5e000+532a000]
>>>
>>> I imagine that the libxul.so in question is the one at
>>> /usr/lib64/firefox/libxul.so, although there are also files with that name 
>>> in
>>> /usr/lib64/xulrunner and /usr/lib/xulrunner
>>>
>>> $ more /etc/system-release
>>> Scientific Linux release 6.10 (Carbon)
>>> $ rpm -q firefox
>>> firefox-60.1.0-5.el6.x86_64
>>>
>>> Any advice?
>>>
>>> Thanks,
>>>
>>> Stephen Isard

-- 
Gilbert E. Detillieux   E-mail: 
Dept. of Computer Science   Web:
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cs.umanitoba.ca_-7Egedetil_=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=LUKPBndCuwCCtQskgeZxB1ziitdKJji-w_hxZf6ZXrY=yAYysgzA9O5wk1erylwmE_OqK0lvNEKBfyBdMiE0PN4=
University of Manitoba  Phone:  (204)474-8161
Winnipeg MB CANADA  R3T 2N2 Fax:(204)474-7609

Re: firefox on SL 6.10

[Stephen Isard]

It is in sl6x-fastbugs (thank you, Glenn Cooper) and solves my problem.  It 
doesn't crash when I download a pdf from the browser.

Stephen Isard

On Tue, 4 Sep 2018 16:19:02 -0500, Stephen Isard <7p03xy...@sneakemail.com> 
wrote:

>Thank you, Andrew.
>
>Yum isn't showing me that newer version.  Which SL repo does it come from?
>
>I haven't been having any problems reading pdfs in the browser.  Just (lately) 
>downloading them.
>
>Stephen Isard
>
>On Tue, 4 Sep 2018 21:59:43 +0100, Andrew C Aitchison  
>wrote:
>
>> There is a slightly newer firefox for SL 6.10.
>IIRC 60.1.0-6 fixed some crashes for me.
>
>Is the in-browser pdf much good these days ?
>I haven't tried it for several years because it couldn't handle
>the PDFs I typically wanted to view.
>
>
># cat /etc/redhat-release
>Scientific Linux release 6.10 (Carbon)
># rpmquery firefox
>firefox-60.1.0-6.el6.x86_64
># rpmquery -i --changelog firefox
>Name: firefox  Relocations: (not relocatable)
>Version : 60.1.0Vendor: Scientific Linux
>Release : 6.el6 Build Date: Wed 18 Jul 2018 
>20:03:20 BST
>Install Date: Wed 25 Jul 2018 07:59:23 BST  Build Host: sl6.fnal.gov
>Group   : Unspecified   Source RPM: 
>firefox-60.1.0-6.el6.src.rpm
>Size: 257975474License: MPLv1.1 or GPLv2+ or 
>LGPLv2+
>Signature   : DSA/SHA1, Thu 19 Jul 2018 13:58:59 BST, Key ID b0b4183f192a7d7d
>Packager: Scientific Linux
>URL : 
>https://urldefense.proofpoint.com/v2/url?u=https-3A__www.mozilla.org_firefox_=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=eIwqrPZqtmLWwarNK_ZHnYSpTYBHlBCqvlBaqw47Fg8=SR-U7FrpmpV2w8d2NCq0EHgpCuGy4878w7QDpLpp3Mg=
>Summary : Mozilla Firefox Web browser
>Description :
>Mozilla Firefox is an open-source web browser, designed for standards
>compliance, performance and portability.
>* Mon Jul 09 2018 Jan Horak  - 60.1.0-6
>- Fix for missing schemes for bundled gtk3
>
>-
>
>On Tue, 4 Sep 2018, Stephen Isard wrote:
>
>> Hello,
>>
>> Firefox has been crashing if I try to save a pdf that I have been viewing in 
>> the browser to a file.  My logs show lines:
>>
>> Sep 3 15:02:21 localhost kernel: firefox[1282] trap int3 ip:7fe61b3eb5bf
>> sp:7ffc7a08efe0 error:0
>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[23423]: segfault at 0 ip
>> 7f91e5049f9d sp 7f91e29ecaf0 error 6 in
>> libxul.so[7f91e4b5e000+532a000]
>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1554]: segfault at 0 ip
>> 7f3502149f9d sp 7f34ffaecaf0 error 6 in
>> libxul.so[7f3501c5e000+532a000]
>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1420]: segfault at 0 ip
>> 7f674d349f9d sp 7f674acecaf0 error 6 in
>> libxul.so[7f674ce5e000+532a000]
>> Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1384]: segfault at 0 ip
>> 7fa16a249f9d sp 7fa167becaf0 error 6 in
>> libxul.so[7fa169d5e000+532a000]
>>
>> I imagine that the libxul.so in question is the one at 
>> /usr/lib64/firefox/libxul.so, although there are also files with that name 
>> in 
>> /usr/lib64/xulrunner and /usr/lib/xulrunner
>>
>> $ more /etc/system-release
>> Scientific Linux release 6.10 (Carbon)
>> $ rpm -q firefox
>> firefox-60.1.0-5.el6.x86_64
>>
>> Any advice?
>>
>> Thanks,
>>
>> Stephen Isard
>>

firefox on SL 6.10

[Stephen Isard]

Hello,

Firefox has been crashing if I try to save a pdf that I have been 
viewing in the browser to a file.  My logs show lines:


Sep 3 15:02:21 localhost kernel: firefox[1282] trap int3 ip:7fe61b3eb5bf
sp:7ffc7a08efe0 error:0
Sep 3 15:02:22 localhost kernel: Chrome_~dThread[23423]: segfault at 0 ip
7f91e5049f9d sp 7f91e29ecaf0 error 6 in
libxul.so[7f91e4b5e000+532a000]
Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1554]: segfault at 0 ip
7f3502149f9d sp 7f34ffaecaf0 error 6 in
libxul.so[7f3501c5e000+532a000]
Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1420]: segfault at 0 ip
7f674d349f9d sp 7f674acecaf0 error 6 in
libxul.so[7f674ce5e000+532a000]
Sep 3 15:02:22 localhost kernel: Chrome_~dThread[1384]: segfault at 0 ip
7fa16a249f9d sp 7fa167becaf0 error 6 in
libxul.so[7fa169d5e000+532a000]

I imagine that the libxul.so in question is the one at 
/usr/lib64/firefox/libxul.so, although there are also files with that 
name in /usr/lib64/xulrunner and /usr/lib/xulrunner


$ more /etc/system-release
Scientific Linux release 6.10 (Carbon)
$ rpm -q firefox
firefox-60.1.0-5.el6.x86_64

Any advice?

Thanks,

Stephen Isard

selinux context not valid

[Stephen Isard]

Hello,

Scientific Linux release 6.9 (Carbon)
selinux-policy.noarch   3.7.19-307.el6_9.3   @sl-security
selinux-policy-targeted.noarch  3.7.19-307.el6_9.3   @sl-security

Selinux packages were updated on 26 Jan

Selinux is set to enforcing on this machine, but normally causes no 
problems and generates no messages.


This morning I found 24 log messages from around 4:14am yesterday, 
Saturday, 3 Feb. of the form


-
Feb 3 04:14:33 kernel: SELinux:  Context 
system_u:object_r:NetworkManager_etc_t:s0 is not valid (left unmapped). 
Feb 3 04:14:33 kernel: SELinux:  Context 
system_u:object_r:NetworkManager_etc_rw_t:s0 is not valid (left unmapped).
Feb 3 04:14:33 kernel: SELinux:  Context 
system_u:object_r:firewalld_etc_rw_t:s0 is not valid (left unmapped). 
Feb 3 04:14:34 kernel: SELinux:  Context 
system_u:object_r:systemd_unit_file_t:s0 is not valid (left unmapped).

-
(Lines broken for readability).

The logs show no such messages at any other time before or since, in 
particular none this morning.


Can anyone help me understand what these messages mean and whether I 
need to do anything about them?


Thanks,

Stephen Isard

Re: Setting Up GRUB

[Stephen Isard]

On Tue, 23 Jan 2018 12:04:00 +, Ain't Nobody's Alt 
 wrote:

>I had a Win10 and a second partition with a few backups.  That partition
>was the "Active" partition according to diskmgmt.msc, which I assume
>means it had my bootloader.  I went ahead and moved my backups from that
>partition to my Win10 before I installed SL, not considering the
>consequences of the location of my bootloader.  I could totally use the
>Win10 recovery disc to reinstall the MS bootloader and then reinstall SL
>since I just installed it anyway, but I'd rather try and set up GRUB
>myself, for the experience.  That said, I have no idea how to start.  I
>installed the yum package, but what now?  Can anyone link me to an
>article or something to read that will give me an idea of how to begin?

Try "info grub" (without the quotes) from the command line.  You should get a 
menu with "Installation" as the third item and "Booting" as the fourth.
Hope that helps.

Re: clock skew too great ** EXTERNAL **

[Stephen Isard]

On Thu, 19 Oct 2017 12:48:42 -0400, Paul Robert Marino <prmari...@gmail.com> 
wrote:

>Here is a question was it using preauth?
>In other words is there a  key tab file in /etc?

No.

>The other question is NTP set to sync the time on shutdown to the bios?

I don't think so.  Certainly no setting in /etc/ntp.conf or /etc/sysconfig/ntp. 
 In any case there was no shutdown between the last successful kinit and the 
first skew error message.

>There are a couple of reasons why I can think this might happen the first
>involves how NTP corrects the time and how it may interact with how an
>option in MIT kerberos client works and that article. There is an incorrect
>statement in that article about disabling the time sync. It's not that the
>option disables the time sync it just corrects for it when the ticket is
>created to mask the issue. The problem with that is NTP usually doesn't
>sync the time in one shot by default it only corrects it in less than 1
>second increments so it doesn't break time dependant things like cron jobs.
>That flag in combination with the default behavior of NTP can cause an
>artificial clock skew issue later.
>Now you can set in /etc/sysconfig an option in the NTP settings to tell it
>to do an initial full sync on boot before starting ntpd but it is not the
>default behavior in 6 if I remember correctly. If a ticket had been created
>and the clock had been more than 5 minutes out of sync you would have
>gotten a clock skew error after the clock had corrected its self because it
>would still have still been compensating for the initial skew. In this case
>kdestroy would clear the skew correction and the new key would be
>unaffected.
>
>The other possibility is that if preauth is being used there could have be
>something wrong in how the service credential was created in the kerberos
>server which is quite common if the server is an AD server, and sometimes
>happens with Heimdal kerberos servers too. Essentially the other
>possibility is it may have a max ticket renewal set on the principal in
>which case a kdestroy may force it to redo the preauth and then create a
>new ticket. Usually you can correct this in the kerberos server if your
>Kerberos admin really knows it well sadly most AD admins don't :(. I've had
>to show more than a few of them over the years articles on Microsoft
>technet,  and tell them just do that and stop insisting it can't be done.
>
>By the way that article is right about one thing the DNS reverse lookup in
>MIT kerberos can be problematic because it can't support the use of CNAMEs
>in the forward lookup, and is not specified any where in any of the
>ratified RFCs ( in fact it was proposed and rejected by committee on that
>basis) so it causes more problem especially when it interacts with other
>kerberos implementation or is implemented in the cloud. It's also the only
>implementation of Kerberos 5 that does it. It's not the only place where
>MIT kerberos violates the RFCs and those violations are the reason why you
>can't use it for Samba version 4 AD server, and why most Linux based
>appliances that support kerberos use Heimdal kerberos.
>
>
>On Oct 19, 2017 11:48 AM, "Stephen Isard" <7p03xy...@sneakemail.com> wrote:
>
>> On Thu, 19 Oct 2017 09:09:32 -0500, Pat Riehecky <riehe...@fnal.gov>
>> wrote:
>>
>> >If memory serves, SL7 has "Less Brittle Kerberos"[1] where as SL6 does
>> >not.  This could account for why one works and the other does not.
>> >
>> >Pat
>> >
>> >[1] https://fedoraproject.org/wiki/Features/LessBrittleKerberos
>>
>> That looks promising as an explanation.
>>
>> The problem has been "solved", or at least it has gone away, although I
>> don't really understand why.  Without any clear hypothesis as to why it
>> might help, I decided to run "kdestroy -A" on the affected machine to clear
>> expired tickets out of my local cache.  That did it.  No more clock skew
>> messages.  So it looks as if it was a kerberos issue, rather than an ntp
>> one, and the error message wasn't really explaining what was wrong.
>>
>> Thanks to everyone for their advice.
>>
>> Stephen Isard
>> >
>> >On 10/18/2017 07:10 PM, Stephen Isard wrote:
>> >> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <herr...@owlriver.com>
>> wrote:
>> >>
>> >>> On Wed, 18 Oct 2017, Howard, Chris wrote:
>> >>>
>> >>>> Is it possible the two boxes are talking to two different servers?
>> >>> as the initial post mentioned and showed it was using remote
>> >>> host lists to a pool alias, almost certainly --
>> 

Re: clock skew too great ** EXTERNAL **

[Stephen Isard]

On Thu, 19 Oct 2017 09:09:32 -0500, Pat Riehecky <riehe...@fnal.gov> wrote:

>If memory serves, SL7 has "Less Brittle Kerberos"[1] where as SL6 does 
>not.  This could account for why one works and the other does not.
>
>Pat
>
>[1] https://fedoraproject.org/wiki/Features/LessBrittleKerberos

That looks promising as an explanation.

The problem has been "solved", or at least it has gone away, although I don't 
really understand why.  Without any clear hypothesis as to why it might help, I 
decided to run "kdestroy -A" on the affected machine to clear expired tickets 
out of my local cache.  That did it.  No more clock skew messages.  So it looks 
as if it was a kerberos issue, rather than an ntp one, and the error message 
wasn't really explaining what was wrong.

Thanks to everyone for their advice.

Stephen Isard
>
>On 10/18/2017 07:10 PM, Stephen Isard wrote:
>> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <herr...@owlriver.com> wrote:
>>
>>> On Wed, 18 Oct 2017, Howard, Chris wrote:
>>>
>>>> Is it possible the two boxes are talking to two different servers?
>>> as the initial post mentioned and showed it was using remote
>>> host lists to a pool alias, almost certainly --
>> Oh, I took the question to be about the kerberos server.  Yes, you are right,
>> ntpd -q returns different results on the two machines.  However, as I said 
>> in the original post, the time on the two machines is the same to within a 
>> very small amount., well within the five minute tolerance used by kerberos.  
>> So I don't understand why it should matter that the two machines have 
>> arrived at the same time by syncing with different servers.
>>
>>> as a way around, set up ONE unit to act as the local master,
>>> and then sync against it, to get 'site coherent' time
>> Could you tell me how to do this, or point me at a document that does?
>>
>> Thanks.
>>
>>> [a person with more than one clock is never quite _sure_ what
>>> time is correct ;) ]
>>>
>>>
>>> for extra geek points, spend $25 on AMZN, and get a GPS USB
>>> dongle; run a local top strata server (the first three
>>> lintes of the following)
>>>
>>> [root@router etc]# ntpq -p
>>>  remote   refid  st t when poll reach   delay
>>> offset  jitter
>>> =
>>> GPS_NMEA(0) .GPS.0 l-   1600.000
>>> 0.000   0.000
>>> SHM(0)  .GPS.0 l-   1600.000
>>> 0.000   0.000
>>> SHM(1)  .PPS.0 l-   1600.000
>>> 0.000   0.000
>>> +ntp1.versadns.c .PPS.1 u  665 1024  377   51.817
>>> -12.510  19.938
>>> *tock.usshc.com  .GPS.1 u  294 1024  377   34.608
>>> -8.108  10.644
>>> +clmbs-ntp1.eng. 130.207.244.240  2 u  429 1024  377   31.520
>>> -5.674   7.484
>>> +ntp2.sbcglobal. 151.164.108.15   2 u  272 1024  377   23.117
>>> -6.825  10.479
>>> +ntp3.tamu.edu   165.91.23.54 2 u 1063 1024  377   63.723
>>> -3.319  16.813
>>> [root@router etc]#
>>>
>>>
>>> configuring ntp.conf is not all that hard
>>>
>>> -- Russ herrold
>
>-- 
>Pat Riehecky
>
>Fermi National Accelerator Laboratory
>www.fnal.gov
>www.scientificlinux.org

Re: clock skew too great ** EXTERNAL **

[Stephen Isard]

On Thu, 19 Oct 2017 09:16:00 -0400, Paul Robert Marino <prmari...@gmail.com> 
wrote:

>well the clock sqew allowed is a client side setting and may be different
>on the two the real question is what is the time on the kerberos server?

My only access to the server is via kinit, so I can't see the time there or the 
krb5.conf file.  But it seems unlikely that they would suddenly have switched 
to millisecond tolerance for skew when the standard is 5 minutes.

>the clock sqew probably there not on the clients, The clock sqew allowed is
>set in the/etc/krb5.conf file by default (and also has a default value if
>not specified) however may be overriden by the library call so in other
>words the pam module may also over ride the defaults. Sometime they have
>been known to change the default for clock sqew in the MIT Kerberos
>libraries between major releases so thats probably why you are seeing this.
>looking at differences in the upstream NTP servers is only something you
>should consider when all of the other possibilities are exausted because
>the public ones are usually getting their time from the same upstream
>source (usually GPS which is fed by NORAD's atomic clock, or NTP from
>NIST's or CERN'satomic clocks or other simmilar autoritative source all of
>which syncronize with eachother regualrly ), and there for are very
>unlikely to have more than a few miliseconds difference between them which
>is not enough to cause such an error.
>
>In short look at your Kerberos server not the clients NTP servers as that
>is most likely where the real clock drift issue is.
>
>Then next thing to check is the firewalls because NTP works in a veru
>unusual way when compared to other protocols on the internet, for example
>in netfilters firewalls you need to load a special conntrack helper module
>to support it other wise it breaks due to the inability to the blocking of
>related connections the source server tries to make back to the client
>durring the syncronization process.
>.
>
>
>
>On Wed, Oct 18, 2017 at 8:10 PM, Stephen Isard <7p03xy...@sneakemail.com>
>wrote:
>
>> On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold <herr...@owlriver.com>
>> wrote:
>>
>> >On Wed, 18 Oct 2017, Howard, Chris wrote:
>> >
>> >> Is it possible the two boxes are talking to two different servers?
>> >
>> >as the initial post mentioned and showed it was using remote
>> >host lists to a pool alias, almost certainly --
>>
>> Oh, I took the question to be about the kerberos server.  Yes, you are
>> right,
>> ntpd -q returns different results on the two machines.  However, as I said
>> in the original post, the time on the two machines is the same to within a
>> very small amount., well within the five minute tolerance used by
>> kerberos.  So I don't understand why it should matter that the two machines
>> have arrived at the same time by syncing with different servers.
>>
>> >as a way around, set up ONE unit to act as the local master,
>> >and then sync against it, to get 'site coherent' time
>>
>> Could you tell me how to do this, or point me at a document that does?
>>
>> Thanks.
>>
>> >[a person with more than one clock is never quite _sure_ what
>> >time is correct ;) ]
>> >
>> >
>> >for extra geek points, spend $25 on AMZN, and get a GPS USB
>> >dongle; run a local top strata server (the first three
>> >lintes of the following)
>> >
>> >[root@router etc]# ntpq -p
>> > remote   refid  st t when poll reach   delay
>> >offset  jitter
>> > 
>> =
>> > GPS_NMEA(0) .GPS.0 l-   1600.000
>> >0.000   0.000
>> > SHM(0)  .GPS.0 l-   1600.000
>> >0.000   0.000
>> > SHM(1)  .PPS.0 l-   1600.000
>> >0.000   0.000
>> >+ntp1.versadns.c .PPS.1 u  665 1024  377   51.817
>> >-12.510  19.938
>> >*tock.usshc.com  .GPS.1 u  294 1024  377   34.608
>> >-8.108  10.644
>> >+clmbs-ntp1.eng. 130.207.244.240  2 u  429 1024  377   31.520
>> >-5.674   7.484
>> >+ntp2.sbcglobal. 151.164.108.15   2 u  272 1024  377   23.117
>> >-6.825  10.479
>> >+ntp3.tamu.edu   165.91.23.54 2 u 1063 1024  377   63.723
>> >-3.319  16.813
>> >[root@router etc]#
>> >
>> >
>> >configuring ntp.conf is not all that hard
>> >
>> >-- Russ herrold
>>
>

Re: clock skew too great

[Stephen Isard]

On Wed, 18 Oct 2017 20:45:41 -0400, Glenn (Gedaliah) Wolosh <gwol...@njit.edu> 
wrote:

>> On Oct 18, 2017, at 8:26 PM, Stephen Isard <7p03xy...@sneakemail.com> wrote:
>> 
>> On Wed, 18 Oct 2017 20:05:13 -0400, Bluejay Adametz <blue...@fujifilm.com> 
>> wrote:
>> 
>>>> Since the clocks of the two machines appear to agree, I would
>>>> have expected that either both should produce the error or neither.
>>> 
>>> Are they both getting tickets from the same source? (might be a dumb
>>> question...)
>> 
>> To the best of my understanding, they are.  That is, the admin_server 
>> machine name is the same for both machines and resolves to the same ip 
>> address on both machines.
>
>The admin_server is not where the tickets are coming from. Are the “kdc” 
>entries the same on both machines?

The admin_server entry in /etc/krb5.conf is the only machine name in the file 
and it is kdc.domain.name.
>
>—Gedaliah Wolosh
>
>> 
>>>- Bluejay Adametz, CFII, A, http://wildcorvid.org
>>> 
>>> "I hate quotations." - Ralph Waldo Emerson
>>> 
>>> --
>>> NOTICE:  This message, including any attachments, is only for the use of
>>> the intended recipient(s) and may contain confidential, sensitive and/or
>>> privileged information, or information otherwise prohibited from
>>> dissemination or disclosure by law or regulation, including applicable
>>> export regulations.  If the reader of this message is not the intended
>>> recipient, you are hereby notified that any use, disclosure, copying,
>>> dissemination or distribution of this message or any of its attachments is
>>> strictly prohibited.  If you received this message in error, please contact
>>> the sender immediately by reply email and destroy this message, including
>>> all attachments, and any copies thereof.

Re: clock skew too great

[Stephen Isard]

On Wed, 18 Oct 2017 20:05:13 -0400, Bluejay Adametz  
wrote:

>> Since the clocks of the two machines appear to agree, I would
>> have expected that either both should produce the error or neither.
>
>Are they both getting tickets from the same source? (might be a dumb
>question...)

To the best of my understanding, they are.  That is, the admin_server machine 
name is the same for both machines and resolves to the same ip address on both 
machines.

> - Bluejay Adametz, CFII, A, http://wildcorvid.org
>
>"I hate quotations." - Ralph Waldo Emerson
>
>--
>NOTICE:  This message, including any attachments, is only for the use of
>the intended recipient(s) and may contain confidential, sensitive and/or
>privileged information, or information otherwise prohibited from
>dissemination or disclosure by law or regulation, including applicable
>export regulations.  If the reader of this message is not the intended
>recipient, you are hereby notified that any use, disclosure, copying,
>dissemination or distribution of this message or any of its attachments is
>strictly prohibited.  If you received this message in error, please contact
>the sender immediately by reply email and destroy this message, including
>all attachments, and any copies thereof.

Re: clock skew too great ** EXTERNAL **

[Stephen Isard]

On Wed, 18 Oct 2017 17:12:46 -0400, R P Herrold  wrote:

>On Wed, 18 Oct 2017, Howard, Chris wrote:
>
>> Is it possible the two boxes are talking to two different servers?
>
>as the initial post mentioned and showed it was using remote
>host lists to a pool alias, almost certainly --

Oh, I took the question to be about the kerberos server.  Yes, you are right,
ntpd -q returns different results on the two machines.  However, as I said in 
the original post, the time on the two machines is the same to within a very 
small amount., well within the five minute tolerance used by kerberos.  So I 
don't understand why it should matter that the two machines have arrived at the 
same time by syncing with different servers.

>as a way around, set up ONE unit to act as the local master,
>and then sync against it, to get 'site coherent' time

Could you tell me how to do this, or point me at a document that does?

Thanks.

>[a person with more than one clock is never quite _sure_ what
>time is correct ;) ]
>
>
>for extra geek points, spend $25 on AMZN, and get a GPS USB
>dongle; run a local top strata server (the first three
>lintes of the following)
>
>[root@router etc]# ntpq -p
> remote   refid  st t when poll reach   delay
>offset  jitter
> =
> GPS_NMEA(0) .GPS.0 l-   1600.000
>0.000   0.000
> SHM(0)  .GPS.0 l-   1600.000
>0.000   0.000
> SHM(1)  .PPS.0 l-   1600.000
>0.000   0.000
>+ntp1.versadns.c .PPS.1 u  665 1024  377   51.817
>-12.510  19.938
>*tock.usshc.com  .GPS.1 u  294 1024  377   34.608
>-8.108  10.644
>+clmbs-ntp1.eng. 130.207.244.240  2 u  429 1024  377   31.520
>-5.674   7.484
>+ntp2.sbcglobal. 151.164.108.15   2 u  272 1024  377   23.117
>-6.825  10.479
>+ntp3.tamu.edu   165.91.23.54 2 u 1063 1024  377   63.723
>-3.319  16.813
>[root@router etc]#
>
>
>configuring ntp.conf is not all that hard
>
>-- Russ herrold

Re: clock skew too great ** EXTERNAL **

[Stephen Isard]

On Wed, 18 Oct 2017 21:02:53 +, Howard, Chris <howa...@prpa.org> wrote:

>Is it possible the two boxes are talking to two different servers?

Thanks for the idea, but no.  The admin_server entry in /etc/krb5.conf is the 
same on both machines, and the host command returns the same ip address for 
that machine name on both machines.



>-Original Message-
>From: owner-scientific-linux-us...@listserv.fnal.gov 
>[mailto:owner-scientific-linux-us...@listserv.fnal.gov] On Behalf Of Stephen 
>Isard
>Sent: Wednesday, October 18, 2017 2:47 PM
>To: scientific-linux-us...@listserv.fnal.gov
>Subject: clock skew too great ** EXTERNAL **
>
>Hello,
>
>I have two laptops side by side, one running SL6, the other SL7, both up 
>to date.  According to the date command, their times agree to within a 
>small fraction of a second.
>
>On both machines, I normally run kinit to get a kerberos ticket in the 
>same realm.  Today, the SL7 machine gets its ticket normally, but the 
>SL6 one shows an error message "Clock skew too great while getting 
>initial credentials".  Since the clocks of the two machines appear to 
>agree, I would have expected that either both should produce the error 
>or neither.  From what I have read on the web, the standard tolerance 
>for clock skew is 5 minutes, and the agreement between the times on the 
>two machines is well within that.
>
>Both machines have ntpd running, using the time servers 
>[0-3].rhel.pool.ntp.org.  Powering off the SL6 machine and rebooting 
>does not restore sanity.  The problem just arose today.  There have been 
>no system updates on the SL6 machine since it successfully got its 
>ticket yesterday.
>
>Any suggestions for what to try?
>
>Stephen Isard
>
>
> *** This email is from an EXTERNAL sender *** 
>Use caution before responding. DO NOT open attachments or click links from 
>unknown senders or unexpected email. If this email appears to be sent from a 
>Platte River Power Authority employee or department, verify its authenticity 
>before acting or responding. Contact the IT Help Desk with any questions.

Re: yum-cron

[Stephen Isard]

On Mon, 24 Jul 2017 20:36:44 -0400, Nico Kadel-Garcia <nka...@gmail.com> wrote:

>On Mon, Jul 24, 2017 at 10:59 AM, Stephen Isard
><7p03xy...@sneakemail.com> wrote:
>> On Sun, 23 Jul 2017 23:06:27 -0400, Nico Kadel-Garcia <nka...@gmail.com> 
>> wrote:
>
>>>Then perhaps there is an issue with your nearest SL mirror? Perhaps
>>>you could simply disable the sl-fastbugs repo for now, and see what
>>>yum-cron does? I wouldn't activate sl-fastbugs on a production host
>>>due to potential poor interactions with these leading edge packages.
>>
>> Can you get anything from the actual error message back in my first post
>> (https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707=SCIENTIFIC-LINUX-USERS=0===5CC755D9BAD01309BB=7p03xyr02%40sneakemail.com=51760)?
>>
>> It's complaining about a missing file on my local system.  I don't know why 
>> yum-cron expects such a file to be there,
>> but I would expect on general principles for that error message to get 
>> passed up through the python calls and for yum-cron
>> to issue its own complaint. Instead I'm getting a system call error.  
>> /var/log/messages shows
>> "python: detected unhandled Python exception in '/usr/sbin/yum-cron'".
>
>Frankly, no, I can't deduce that kind of thing remotely and with
>limited information. yum-cron is normally a shell script: you should
>be able to run it as the root user, typically with the "bash -x
>/etc/cron.daily/yum-cron" options, and get a better handle on what
>precisely it's trying to pull down.

It is now a python script, making lots of python library calls.

Re: yum-cron

[Stephen Isard]

On Sun, 23 Jul 2017 23:06:27 -0400, Nico Kadel-Garcia <nka...@gmail.com> wrote:

>On Sun, Jul 23, 2017 at 4:49 PM, Stephen Isard <7p03xy...@sneakemail.com> 
>wrote:
>> On Sun, 23 Jul 2017 15:55:23 -0400, Nico Kadel-Garcia <nka...@gmail.com> 
>> wrote:
>>
>>>I'm going to urge you to do "yum update" manually, *once*, to see if
>>>the problem occurs today.
>>>
>>>And "sl-fastbugs" is never going to be completely stable. Those are
>>>pre-production bugfixes, highly dynamic and changing quickly, one of
>>>the places most likely to have a discrepancy between the repodata and
>>>the published RPMs.
>>
>> Thanks, Nico.  I've actually done a complete update from the command line, 
>> having found that
>> I could update individual packages.  I didn't have any good reason to think 
>> that it would solve the
>> problem with yum-cron, but the packages did want updating anyway.
>>
>> The problem wasn't specific to sl-fastbugs though.  There were a couple of 
>> sl-security packages waiting too,
>> and after I updated all of the fastbug ones, yum-cron still failed with the 
>> same error message
>> on the sl-security packages.
>>
>> There haven't been any updates available since I did the manual update, so I 
>> haven't yet had a chance to
>> see what yum-cron will do with new ones.
>
>Then perhaps there is an issue with your nearest SL mirror? Perhaps
>you could simply disable the sl-fastbugs repo for now, and see what
>yum-cron does? I wouldn't activate sl-fastbugs on a production host
>due to potential poor interactions with these leading edge packages.

Can you get anything from the actual error message back in my first post
(https://listserv.fnal.gov/scripts/wa.exe?A2=ind1707=SCIENTIFIC-LINUX-USERS=0===5CC755D9BAD01309BB=7p03xyr02%40sneakemail.com=51760)?

It's complaining about a missing file on my local system.  I don't know why 
yum-cron expects such a file to be there,
but I would expect on general principles for that error message to get passed 
up through the python calls and for yum-cron
to issue its own complaint. Instead I'm getting a system call error.  
/var/log/messages shows 
"python: detected unhandled Python exception in '/usr/sbin/yum-cron'".

Re: selinux preventing access to directory net

[Stephen Isard]

On Tue, 18 Jul 2017 10:42:06 +0200, David Sommerseth 
<sl+us...@lists.topphemmelig.net> wrote:

>On 17/07/17 20:15, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net", with
>> the usual accompanying "if you believe that exim should be allowed..."
>> stuff, but the logs don't explain what call to exim triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might be
>> the same thing with different mta alternatives, but no response to either.
>
>Yes, this is exim trying to read some files in /proc/sys/net, starting
>with scanning the directory.  I'd suggest reporting this as an bug in
>the Red Hat bug tracker, file it under selinux-policy component - that
>team should be able to figure out if this is a bug or not.  My quick
>search there didn't turn up anything in particular.

I followed your suggestion 
(https://bugzilla.redhat.com/show_bug.cgi?id=1472432) and got
a comment from mma...@redhat.com that it looks the same as BZ#141, but I 
don't have
permission to view that.

Re: selinux preventing access to directory net

[Stephen Isard]

On Tue, 18 Jul 2017 17:03:40 +0100, Andrew C Aitchison <and...@aitchison.me.uk> 
wrote:

>On Tue, 18 Jul 2017, Stephen Isard wrote:
>
>> On Mon, 17 Jul 2017 23:52:22 +0200, Maarten <mailingli...@feedmebits.nl> 
>> wrote:
>>
>>> The process exim running with the the selinux context exim_t is trying
>>> to access the directory /proc/net which has the selinux context
>>> sysctl_net_t.
>>>
>>> Causing selinux to block access to directory, because the source context
>>> is different from the destination context.
>>
>> Yes, thank you, I've got that part.  As I said earlier, what I am wondering 
>> now is why exim is trying to search that directory, and whether I want it to.
>> It happens at - to me - unpredictable times, apparently unrelated to any 
>> messages being sent or received.
>
>Looking at the upstream source for exim 4.89, there are two lots of
>references to /proc
>1) /proc/loadavg
>2) /proc/net/if_inet6
>unsuprisingly exim uses these to determine load average and
>IPv6 address etc...
>
>I don't know whether the binary rpms add any other uses of /proc
>- which version of exim are you using - the one from epel ?

Yes, it is exim 4.89-1.el7 from epel.

Re: selinux preventing access to directory net

[Stephen Isard]

On Tue, 18 Jul 2017 10:42:06 +0200, David Sommerseth 
<sl+us...@lists.topphemmelig.net> wrote:

>On 17/07/17 20:15, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net", with
>> the usual accompanying "if you believe that exim should be allowed..."
>> stuff, but the logs don't explain what call to exim triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might be
>> the same thing with different mta alternatives, but no response to either.
>
>Yes, this is exim trying to read some files in /proc/sys/net, starting
>with scanning the directory.  I'd suggest reporting this as an bug in
>the Red Hat bug tracker, file it under selinux-policy component - that
>team should be able to figure out if this is a bug or not.  My quick
>search there didn't turn up anything in particular.

Thanks for that advice.  I was hesitating to report it to a bug tracker partly 
because
I didn't know which category was appropriate and partly because I don't know 
what is triggering
the scans or how to make one happen.

Re: selinux preventing access to directory net

[Stephen Isard]

On Mon, 17 Jul 2017 23:52:22 +0200, Maarten <mailingli...@feedmebits.nl> wrote:

>The process exim running with the the selinux context exim_t is trying
>to access the directory /proc/net which has the selinux context
>sysctl_net_t.
>
>Causing selinux to block access to directory, because the source context
>is different from the destination context. 

Yes, thank you, I've got that part.  As I said earlier, what I am wondering now 
is why exim is trying to search that directory, and whether I want it to.
It happens at - to me - unpredictable times, apparently unrelated to any 
messages being sent or received.

> Redhat has a package that
>updates
>
>all the active selinux policies on the system, I think it is
>selinux-policy-targeted they update the policies  every now they update
>the selinux policies. I would
>
>think they make policies for everything from the base repos. Exim is
>from epel en so is the nrpe package(which I'm getting the selinux
>messages from).  I don't know
>
>how selinux policies are managed for packages outside of the base repos.
>That's probably why there are multiple ways to manage selinux with
>custom policies, booleans, and selinux contexts etc. Maybe someone else
>knows how selinux policies for packages in third party repos are
>managed? Does that help?
>
>Cheers,
>
>Maarten
>
>
>On 07/17/2017 11:02 PM, Stephen Isard wrote:
>> On Mon, 17 Jul 2017 21:33:29 +0200, Maarten <mailingli...@feedmebits.nl> 
>> wrote:
>>
>>> Wel is exim able to do what it is supposed to do as an
>>> mta(transfer/transport mail) with selinux blocking this? If not you
>>> could create a custom selinux policy for it. If it is able to do what is
>>> supposed to and you aren't running into any unwanted results you can
>>> just leave it.
>> Indeed, but I would still prefer to understand what is going on.
>>
>>> I got selinux blocking access to /proc/sys on a couple of
>>> nagios checks via nrpe but it's not preventing the checks from working.
>>>
>>> You could probably try to create it by doing something like this if exim
>>> is not able to do it's job  by selinux blocking it:
>>>
>>> ausearch -c 'exim' --raw |audit2allow -M mypol
>>>
>>> then: semodule -i mypol.pp
>>>
>>>
>>>
>>> On 07/17/2017 09:09 PM, Stephen Isard wrote:
>>>> On Mon, 17 Jul 2017 20:22:05 +0200, Maarten <mailingli...@feedmebits.nl> 
>>>> wrote:
>>>>
>>>>> You could use audit to allow to see what you need to allow it:
>>>>>
>>>>> cat /var/log/audit/audit.log | audit2allow.
>>>> Thanks, that helps.  The log entry recommends
>>>> ausearch -c 'exim' --raw |audit2allow, so I've tried that and got
>>>>
>>>> libsepol.sepol_string_to_security_class: unrecognized class dir
>>>>
>>>> #== exim_t ==
>>>> allow exim_t sysctl_net_t:dir search;
>>>>
>>>> /proc/sys/net, as opposed to /proc/net, is of type sysctl_net_t, so that 
>>>> may be where exim is trying to search.
>>>> If so, the question is then why, and do I want it to.
>>>>
>>>>
>>>>> This output my advise you to enable a certain boolean instead of
>>>>> creating your own policy or changing the selinux context on a certain
>>>>> dir structure.
>>>>>
>>>>> And then create your own selinux policy:
>>>>>
>>>>> cat /var/log/audit/audit.log | audit2allow -M mypol
>>>>>
>>>>> then install the policy via semodule -i mypol.pp
>>>>>
>>>>>
>>>>> On 07/17/2017 08:15 PM, Stephen Isard wrote:
>>>>>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>>>>>> getting a lot of entries in /var/log/messages saying "SELinux is
>>>>>> preventing /usr/bin/exim from search access on the directory net",
>>>>>> with the usual accompanying "if you believe that exim should be
>>>>>> allowed..." stuff, but the logs don't explain what call to exim
>>>>>> triggered the messages.
>>>>>>
>>>>>> Sealert -l tells me
>>>>>>
>>>>>> Raw Audit Messages
>>>>>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>>>>>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>>>>>> scontext=system_u:sy

Re: selinux preventing access to directory net

[Stephen Isard]

On Mon, 17 Jul 2017 21:33:29 +0200, Maarten <mailingli...@feedmebits.nl> wrote:

>Wel is exim able to do what it is supposed to do as an
>mta(transfer/transport mail) with selinux blocking this? If not you
>could create a custom selinux policy for it. If it is able to do what is
>supposed to and you aren't running into any unwanted results you can
>just leave it. 

Indeed, but I would still prefer to understand what is going on.

>I got selinux blocking access to /proc/sys on a couple of
>nagios checks via nrpe but it's not preventing the checks from working.
>
>You could probably try to create it by doing something like this if exim
>is not able to do it's job  by selinux blocking it:
>
>ausearch -c 'exim' --raw |audit2allow -M mypol
>
>then: semodule -i mypol.pp
>
>
>
>On 07/17/2017 09:09 PM, Stephen Isard wrote:
>> On Mon, 17 Jul 2017 20:22:05 +0200, Maarten <mailingli...@feedmebits.nl> 
>> wrote:
>>
>>> You could use audit to allow to see what you need to allow it:
>>>
>>> cat /var/log/audit/audit.log | audit2allow.
>> Thanks, that helps.  The log entry recommends
>> ausearch -c 'exim' --raw |audit2allow, so I've tried that and got
>>
>> libsepol.sepol_string_to_security_class: unrecognized class dir
>>
>> #== exim_t ==
>> allow exim_t sysctl_net_t:dir search;
>>
>> /proc/sys/net, as opposed to /proc/net, is of type sysctl_net_t, so that may 
>> be where exim is trying to search.
>> If so, the question is then why, and do I want it to.
>>
>>
>>> This output my advise you to enable a certain boolean instead of
>>> creating your own policy or changing the selinux context on a certain
>>> dir structure.
>>>
>>> And then create your own selinux policy:
>>>
>>> cat /var/log/audit/audit.log | audit2allow -M mypol
>>>
>>> then install the policy via semodule -i mypol.pp
>>>
>>>
>>> On 07/17/2017 08:15 PM, Stephen Isard wrote:
>>>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>>>> getting a lot of entries in /var/log/messages saying "SELinux is
>>>> preventing /usr/bin/exim from search access on the directory net",
>>>> with the usual accompanying "if you believe that exim should be
>>>> allowed..." stuff, but the logs don't explain what call to exim
>>>> triggered the messages.
>>>>
>>>> Sealert -l tells me
>>>>
>>>> Raw Audit Messages
>>>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>>>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>>>> scontext=system_u:system_r:exim_t:s0
>>>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>>>
>>>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>>>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>>>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>>>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>>>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>>>
>>>> which doesn't seem to be much help.
>>>>
>>>> Searches turn up two Centos 7 reports,
>>>> https://bugs.centos.org/view.php?id=13247 and
>>>> https://bugs.centos.org/view.php?id=12913 that look as if they might
>>>> be the same thing with different mta alternatives, but no response to
>>>> either.
>>>>
>>>> All that the mta is supposed to be doing on these systems is reporting
>>>> the output of cron jobs, and that appears to be happening correctly,
>>>> so I am puzzled as to what this is about.  I'm not even sure what net
>>>> directory is being referred to.  /proc/net?  Does an mta need to look
>>>> in that directory?  I can send mail internally, to and from my local
>>>> user and root, and that doesn't provoke selinux messages in the logs.
>>>>
>>>> Any suggestions for where to look?
>>>>
>>>> Thanks,
>>>>
>>>> Stephen Isard

Re: selinux preventing access to directory net

[Stephen Isard]

On Mon, 17 Jul 2017 20:22:05 +0200, Maarten <mailingli...@feedmebits.nl> wrote:

>You could use audit to allow to see what you need to allow it:
>
>cat /var/log/audit/audit.log | audit2allow.

Thanks, that helps.  The log entry recommends
ausearch -c 'exim' --raw |audit2allow, so I've tried that and got

libsepol.sepol_string_to_security_class: unrecognized class dir

#== exim_t ==
allow exim_t sysctl_net_t:dir search;

/proc/sys/net, as opposed to /proc/net, is of type sysctl_net_t, so that may be 
where exim is trying to search.
If so, the question is then why, and do I want it to.


>
>This output my advise you to enable a certain boolean instead of
>creating your own policy or changing the selinux context on a certain
>dir structure.
>
>And then create your own selinux policy:
>
>cat /var/log/audit/audit.log | audit2allow -M mypol
>
>then install the policy via semodule -i mypol.pp
>
>
>On 07/17/2017 08:15 PM, Stephen Isard wrote:
>> On two SL7.3 systems where I have set exim as my mta alternative, I am
>> getting a lot of entries in /var/log/messages saying "SELinux is
>> preventing /usr/bin/exim from search access on the directory net",
>> with the usual accompanying "if you believe that exim should be
>> allowed..." stuff, but the logs don't explain what call to exim
>> triggered the messages.
>>
>> Sealert -l tells me
>>
>> Raw Audit Messages
>> type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for
>> pid=3097 comm="exim" name="net" dev="proc" ino=7154
>> scontext=system_u:system_r:exim_t:s0
>> tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir
>>
>> type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open
>> success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0
>> ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0
>> egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim
>> exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)
>>
>> which doesn't seem to be much help.
>>
>> Searches turn up two Centos 7 reports,
>> https://bugs.centos.org/view.php?id=13247 and
>> https://bugs.centos.org/view.php?id=12913 that look as if they might
>> be the same thing with different mta alternatives, but no response to
>> either.
>>
>> All that the mta is supposed to be doing on these systems is reporting
>> the output of cron jobs, and that appears to be happening correctly,
>> so I am puzzled as to what this is about.  I'm not even sure what net
>> directory is being referred to.  /proc/net?  Does an mta need to look
>> in that directory?  I can send mail internally, to and from my local
>> user and root, and that doesn't provoke selinux messages in the logs.
>>
>> Any suggestions for where to look?
>>
>> Thanks,
>>
>> Stephen Isard

Re: selinux preventing access to directory net

[Stephen Isard]

Thanks, but I can't find audit2text in the sl7 or epel repositories.
"yum search audit2text" and "yum provides '*/audit2text'" both come up 
blank.  Can you tell me where to get it?


On Mon, 17 Jul 2017, Paul Robert Marino prmarino1-at-gmail.com |Scientific 
Linux| wrote:


It looks like you may be right that it's /proc/net

Have you tried using the python audit tools such as audit2text to analyze them 
they can make it a lot easier to understand what's going on, though they 
usually don't tell you if there is a bool you can flip to fix it.
That tool still needs to be written :)
  Original Message  
From: 7p03xy...@sneakemail.com
Sent: July 17, 2017 2:16 PM
To: scientific-linux-us...@listserv.fnal.gov
Subject: selinux preventing access to directory net

On two SL7.3 systems where I have set exim as my mta alternative, I am 
getting a lot of entries in /var/log/messages saying "SELinux is 
preventing /usr/bin/exim from search access on the directory net", with 
the usual accompanying "if you believe that exim should be allowed..." 
stuff, but the logs don't explain what call to exim triggered the 
messages.


Sealert -l tells me

Raw Audit Messages
type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for 
pid=3097 comm="exim" name="net" dev="proc" ino=7154 
scontext=system_u:system_r:exim_t:s0 
tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir


type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open 
success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0 
ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0 
egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim 
exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)


which doesn't seem to be much help.

Searches turn up two Centos 7 reports,
https://bugs.centos.org/view.php?id=13247 and 
https://bugs.centos.org/view.php?id=12913 that look as if they might be 
the same thing with different mta alternatives, but no response to 
either.


All that the mta is supposed to be doing on these systems is reporting 
the output of cron jobs, and that appears to be happening correctly, so 
I am puzzled as to what this is about.  I'm not even sure what net 
directory is being referred to.  /proc/net?  Does an mta need to look in 
that directory?  I can send mail internally, to and from my local user 
and root, and that doesn't provoke selinux messages in the logs.


Any suggestions for where to look?

Thanks,

Stephen Isard

selinux preventing access to directory net

[Stephen Isard]

On two SL7.3 systems where I have set exim as my mta alternative, I am 
getting a lot of entries in /var/log/messages saying "SELinux is 
preventing /usr/bin/exim from search access on the directory net", with 
the usual accompanying "if you believe that exim should be allowed..." 
stuff, but the logs don't explain what call to exim triggered the 
messages.


Sealert -l tells me

Raw Audit Messages
type=AVC msg=audit(1500313603.937:268): avc:  denied { search } for 
pid=3097 comm="exim" name="net" dev="proc" ino=7154 
scontext=system_u:system_r:exim_t:s0 
tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir


type=SYSCALL msg=audit(1500313603.937:268): arch=x86_64 syscall=open 
success=no exit=EACCES a0=7ff03baef4b0 a1=8 a2=1b6 a3=24 items=0 
ppid=781 pid=3097 auid=4294967295 uid=0 gid=93 euid=0 suid=0 fsuid=0 
egid=93 sgid=93 fsgid=93 tty=(none) ses=4294967295 comm=exim 
exe=/usr/sbin/exim subj=system_u:system_r:exim_t:s0 key=(null)


which doesn't seem to be much help.

Searches turn up two Centos 7 reports,
https://bugs.centos.org/view.php?id=13247 and 
https://bugs.centos.org/view.php?id=12913 that look as if they might be 
the same thing with different mta alternatives, but no response to 
either.


All that the mta is supposed to be doing on these systems is reporting 
the output of cron jobs, and that appears to be happening correctly, so 
I am puzzled as to what this is about.  I'm not even sure what net 
directory is being referred to.  /proc/net?  Does an mta need to look in 
that directory?  I can send mail internally, to and from my local user 
and root, and that doesn't provoke selinux messages in the logs.


Any suggestions for where to look?

Thanks,

Stephen Isard

Re: firefox 52esr, SL6.9 segmentation fault

[Stephen Isard]

No solution, but maybe another data point.  A couple of bank websites were 
consistently crashing 32 bit firefox-52.1.0-2.el6_9.  No problems with any 
other sites.  I switched to the 64 bit version and it behaves normally on those 
bank websites. 

Stephen Isard

Re: Which C hooks go to which clipboard?

[Stephen Isard]

On Thu, 9 Mar 2017 00:10:33 -0800, ToddAndMargo <toddandma...@zoho.com> wrote:


>> there are also more formal references like:
>> https://en.wikipedia.org/wiki/X_Window_selection
>> https://tronche.com/gui/x/xlib/utilities/using-cut-buffers.html
>> https://tronche.com/gui/x/xlib/window-information/selection.html
>>
>> Sorry I pointed you in the wrong direction to start with.
>>
>
>Hi Andrew,
>
>https://tronche.com/gui/x/xlib/utilities/using-cut-buffers.html
>is the ctrl-c/v/x clipboard.
>
>But, looking at
>https://tronche.com/gui/x/xlib/window-information/selection.html
>
>He talks a lot about changing the ownership.  Is the the mouse over and
>middle click clipboard (primary)?  I may still have the wrong clipboard.
>Am I missing something?

Yes, mouse over and middle click is primary.  xclip will let you transfer text 
between
primary and clipboard.

For instance, 
xclip -o -sel clip |xclip -sel p
will put the clipboard selection into the primary, from which you can paste it 
with
the middle button, and
xclip -o -sel p |xclip -sel clip
will put the selection that you have highlighted with the mouse into the 
clipboard,
from which you can ctrl-v it into an openoffice document or whatever.

Obviously, you want to give these incantations names or bind them to keys if you
intend to use them a lot.

Hope that's useful.

Stephen Isard

Re: 6.8, no console permissions

[Stephen Isard]

On Thu, 21 Jul 2016 21:00:29 -0500, Stephen_Isard <7p03xy...@sneakemail.com> 
wrote:

>I have upgraded an SL6.7 laptop to SL6.8 - really just kept 6x up to date - 
>and after a reboot  I can't make an internet connection or mount a usb key 
>from the "Places" menu as an ordinary user.  I imagine that the upgrade has 
>changed the defaults in some authorisation file somewhere.  I'd welcome any 
>advice on where to look.

In case someone else hits the same difficulty:

The problem appears to be a change in ConsoleKit that the xdm display manager 
(package xorg-x11-xdm) isn't coping with.  When I log in through  xdm,  
ck-list-sessions says that my session is not local, which it needs to be in 
order to control usb, wireless, ethernet, etc..  Gdm doesn't have the same 
problem, but I prefer to use as little Gnome as I can manage.  The SL6x 
repositories don't offer a downgrade for ConsoleKit.  However, I tested with an 
older version that I found in a Centos repository and the problem went away.  
For my own purposes on a laptop that I don't reboot very often - just suspend 
and resume - I'm more comfortable with the solution of booting into runlevel 3 
(edit /etc/sysconfig/inittab) and running startx by hand.  The only thing that 
doesn't work when I do that is suspending by simply shutting the lid.  I have 
to run pm-suspend with sudo.  There must be a way of telling ConsoleKit to let 
a local session run pm-suspend.

I note that SL7 has abandoned ConsoleKit for logind, so the issue is not of 
longterm interest.  In fact, xorg-x11-xdm isn't in the SL7 repository either, 
but the fc19 rpm works for me.

Stephen Isard

Re: Transparent Screen Lock for Enterprise Linux

[Stephen Isard]

On Tue, 19 Jul 2016 13:45:10 -0400, R P Herrold <herr...@owlriver.com> wrote:

>On Tue, 19 Jul 2016, O'Neal, Miles wrote:
>
>> On 07/15/2016 10:45 AM, Pat Riehecky wrote:
>> > Neat!
>> >
>> > Any chance you can get it into EPEL?
>
>There seems to be a dependency on 'xautolock'  which is
>knknown to yum in base or EPEL

It's at rpmforge.  I've been using their rpm with SL for some years without any 
problems/conflicts.

Stephen Isard