Discuss November 2005

discuss@lists.centos.org

232 participants
368 discussions

SELinux on CentOS4
by James B. Byrne 15 Nov '05

15 Nov '05

I regret the delay in replying to this topic but I am a digest subscriber so I only see list traffic once every 24 hours. When I moved from RHES3 to CentOS4 back in April/May of this year I was bitten by the SELinux gnat as well, and the temptation to swat a distracting irritation by killing it in its bed nearly proved irresistible. However, taking to heart the advice given to me here and reading about SELinux on RedHat's web site I choose not to. Rather I discovered how to get immediate fixes to the SELinux permissions for specific programs applied to the host's local policy while seeking confirmation here and elsewhere as to whether the policy changes proposed by "audit2allow" made sense or should be adjusted. The process of reconfiguring the local policy for SELinux is in itself almost trivial, assuming that one has first installed the applicable selinux-policy-targeted-sources rpm package. One need only first establish that the problem is in fact caused by SELinux by grep'ing the system log file (/var/log/messages) for entries containing "avc" relating to the application in question. If this proves the case then first "cd /etc/selinux/targeted/src/policy" and then "make reload". Then run the program that is having problems with SELinux, then run audit2allow (#audit2allow -l -i /var/log/messages)and gather the resulting policy recommendations into a text file. The -l flag limits the report to those log entries made by SELinux since the last policy reload. You can then: add them to your local policy file (/etc/selinux/targeted/src/policy/domains/misc/local.te); cd into /etc/selinux/targeted/src/policy; and make reload as root. You may have to repeat this process several times to exhaust all of the circumstances that a packages trespasses against SELinux. You will probably find it most convenient if you keep these changes segregated by application in your local policy file. I also have found it useful to post them as a set on SELinux related mailing lists (and even this list) for comments by people more knowledgeable than I with the intent of narrowing the permissions granted the application to the minimum set required. Audit2allow often recommends wider scope than actually needed. The result is that with a few minutes work virtually any application can be enabled within SELinux without forgoing any of the other benefits that SELinux provides. Even if the application is initially granted too great an access the resulting situation is usually still preferable to turning SELinux off entirely. One can always return to the local policy file and tighten it up when one obtains the necessary information as to where this is advisable. Regards, Jim -- *** e-mail is not a secure channel *** mailto:byrnejb.<token>@harte-lyne.ca James B. Byrne Harte & Lyne Limited vox: +1 905 561 1241 9 Brockley Drive fax: +1 905 561 0757 Hamilton, Ontario <token> = hal Canada L8E 3C3

2 1

Evolution problem after update
by Sam Drinkard 15 Nov '05

15 Nov '05

List: Not positive this is an update problem, but did not have it till after a recent update. Now when sending mail to my mailserver, I get an error from Evolution as "Host lookup failed: vortex.wa4phy.net%20 :Name or service not known" I have to use the MSA port due to port 25 being blocked by isp. Any ideas about the error message? The resolver is pointed to the upstream name server, and I have made no other changes. -- Snowman

1 0

Re: centos] Beware - Yum 3.5 to 3.6 upgrade replacesnamed.conf -- not a YUM issue ...
by Brian T. Brunner 15 Nov '05

15 Nov '05

"Bzzzt wrong --- yada" is contentious, we don't need it. Please. 2: It's not rpm, it's the packager => "The killer is innocent, the *gun* killed the victim" " the gun didn't kill him, the *bullet* did" "no, the wound did!" "no, the loss of blood did" "no, dying did". *jeesh* Brian Brunner brian.t.brunner(a)gai-tronics.com (610)796-5838 >>> herrold(a)owlriver.com 11/15/05 03:56PM >>> On Tue, 15 Nov 2005, Bryan J. Smith wrote: > Has nothing to do with YUM. > It has to do with RPM. buzz -- wrong - thanks for playing -- It has to do with the rpm packager's design decisions; nothing more, nothing less -- rpm did just what it was told to do. -- Russ Herrold _______________________________________________ CentOS mailing list CentOS(a)centos.org http://lists.centos.org/mailman/listinfo/centos ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated

1 0

[Fwd: [suse-amd64] OFF-TOPIC - *very* bad]
by William A. Mahaffey III 15 Nov '05

15 Nov '05

I saw this on the SuSE AMD64 list & decided to pass it along, since it seems like a sneaky problem. Later posts confirm it is *NOT* AMD64-specific, nor SuSE 9.3 specific .... -- William A. Mahaffey III --------------------------------------------------------------------- Remember, ignorance is bliss, but willful ignorance is LIBERALISM !!!!

3 3

Jinzora and mounted file system
by Darryl L. Pierce 15 Nov '05

15 Nov '05

When I setup my system, I created a file system (/dev/hda3) that I mount as /var/music. I installed Jinzora on my system and want to use it as the frontend for listening to my MP3s. However, when Jinzora tries to access anything on /var/music it complains that it's an invalid file system. I can use sound-juicer to rip CDs and write them to that file system, though. I also created an alias for Apache to host that directory and that also complains that it's not accessible, so I'm thinking there's a permissions problem. The mount point and the files on that file system are owned by apache.apache so that's not the problem, I'm assuming. Any ideas? If I copy the files to a a directory that's *not* a mount point then Jinzora reads the files just fine, even if that directory's not an Apache alias... -- Darryl L. Pierce <mcpierce(a)gmail.com> Homepage: http://mcpierce.multiply.com/ "By doubting we come to inquiry, through inquiry truth." - Peter Abelard

1 0

Re: [CentOS] Turning root partition into a RAID array
by chris hammond 15 Nov '05

15 Nov '05

RIP (Recovery is Possible) also has a script to allow you to install and boot it from USB flash/pen drive. Chris >>>spamcatcher(a)lantrix.no 11/15/05 1:03 pm >>> >That's the ticket. I wonder if anyone has tried building a "rescue USB >thumb drive" since the 1GB devices are so cheap these days. That would >be great for this kind of situation. FWIW, I'm booting my firewall from an usb pen drive with devil-linux installed, so a rescue environment should be doable. But then again, devil-linux works like a rescue environment for CentOS anyway. :) Regards, Harald -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.

1 0

Java support : is there a native package ?
by mbneto 15 Nov '05

15 Nov '05

Hi, I was wondering if there is a rpm package for java (jre) to centos 4.x or do I have to get from sun/ibm/blackdown ? tks.

14 32

Re: selinux stuff - I just don't get
by Brian T. Brunner 15 Nov '05

15 Nov '05

Fixing it isn't my job, that's why! I got other strange fish to fry (like the frigging compiler), if SELinux *couldn't* be disabled, that would inspire an immediate decision to drop the distro. cold. Fix it if it pleases you to do so, *please* understand I'm plenty busy with the things I'm paid to do, and have *my* *own* hobbies & distractions for the free time. When SELinux is ready for The Big Time (meaning it doesn't break other apps), ship it my way! Brian Brunner brian.t.brunner(a)gai-tronics.com (610)796-5838 >>> tdiehl(a)rogueind.com 11/14/05 10:14PM >>> although I fail to see how anyone expects it to ever get fixed if no one will even try to use it. ******************************************************************* This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote also confirms that this email message has been swept for the presence of computer viruses. www.hubbell.com - Hubbell Incorporated

4 3

Rescan harddisk size without rebooting
by kadafax 15 Nov '05

15 Nov '05

Hi list, I have a SAN attached to a CentOS 4.2 server. I have expanded the size of the virtual disk within the SAN (by adding a new HD to the disk pool) and need CentOS to see the new size (CentOS see it as /dev/sdb). I'm using LVM. Do you know a method for the Volume Group to see that one of its harddisk is now bigger, without rebooting (it's not a problem with a reboot but since the LDAP directory is on this server, it is problematic). Thanks. kfx

5 16

CentOS 3.5 - CentOS 4.0 - DL145 G2 Boot problem
by Unni Krishnan 15 Nov '05

15 Nov '05

Hi , I am facing a strange problem .I am unable to install CentOS 4.0 on my HP DL145 G2 Server .I am getting the following error RAMDISK: couldn't find valid RAM disk image starting at 0. Please append correct "root=" boot option VFS: cannot open root device "<NULL>" or unknown-block (3,3) Kernal panic - not syncing VFS unable to mount root fs however CentOS 3.5 installs properly .Can anyone let me why this is happening ? -- Unnikrishnan.P

3 2

← Newer
1
...
16
17
18
19
20
21
22
...
37
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss November 2005