Discuss May 2013

discuss@lists.centos.org

151 participants
123 discussions

CentOS-announce Digest, Vol 99, Issue 9
by centos-announce-request＠centos.org 21 May '13

21 May '13

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2013:0835 CentOS 6 selinux-policy Update (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Mon, 20 May 2013 21:40:06 +0000 From: Johnny Hughes <johnny(a)centos.org> Subject: [CentOS-announce] CEBA-2013:0835 CentOS 6 selinux-policy Update To: centos-announce(a)centos.org Message-ID: <20130520214006.GA40075(a)n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2013:0835 Upstream details at : https://rhn.redhat.com/errata/RHBA-2013-0835.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: dfb1bb4ec17400b1c6945e2da7063190b60dfb03219dc590bfbd0fb43d985b87 selinux-policy-3.7.19-195.el6_4.5.noarch.rpm 944c8db5d659d526320a9717da0b610619bb6912c8b87097b7d6709b06786bf8 selinux-policy-doc-3.7.19-195.el6_4.5.noarch.rpm 0a28b5bc11f3c2bd554ef548dc3db8338aeb22fe4b63029361a80ad75e094d28 selinux-policy-minimum-3.7.19-195.el6_4.5.noarch.rpm 05d0bddd2d028cf23bcc3fb7a7fd47fb3660e990362b8770cec0ac4ff1a5734c selinux-policy-mls-3.7.19-195.el6_4.5.noarch.rpm b1fda473fea9012d18c2296692a9b0537317c7efc5ef3abbec9cb5aa3b435161 selinux-policy-targeted-3.7.19-195.el6_4.5.noarch.rpm x86_64: dfb1bb4ec17400b1c6945e2da7063190b60dfb03219dc590bfbd0fb43d985b87 selinux-policy-3.7.19-195.el6_4.5.noarch.rpm 944c8db5d659d526320a9717da0b610619bb6912c8b87097b7d6709b06786bf8 selinux-policy-doc-3.7.19-195.el6_4.5.noarch.rpm 0a28b5bc11f3c2bd554ef548dc3db8338aeb22fe4b63029361a80ad75e094d28 selinux-policy-minimum-3.7.19-195.el6_4.5.noarch.rpm 05d0bddd2d028cf23bcc3fb7a7fd47fb3660e990362b8770cec0ac4ff1a5734c selinux-policy-mls-3.7.19-195.el6_4.5.noarch.rpm b1fda473fea9012d18c2296692a9b0537317c7efc5ef3abbec9cb5aa3b435161 selinux-policy-targeted-3.7.19-195.el6_4.5.noarch.rpm Source: dad5529bb99ba4336b4fe96e8bfc0ac371fb6faf068bdfb11da95e2bbc2ac329 selinux-policy-3.7.19-195.el6_4.5.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 99, Issue 9 **********************************************

1 0

NIC interrupts and packets per second ratio, how to calculate? There must be some way...
by Alex Flex 21 May '13

21 May '13

Hello again guys, Iam trying to asses the best hardware for a machine that procceses a high number of packets per second on its NIC. THe only way I can achieve this without guesses is If iam able to understand or test what the number of interrupts available per core and how to translate that to PPS capabilities. So far ive been testing an Core I5 CPU and was able to achieve up to 400k packets (small syn packets) in a single core (2.8Ghz i think..) untill the point where 100% was reported to serve as hardware interrupts, yet what is the math behind this? In any case, i find this rather low and confused as I know for a fact that small home routers even on gigabit have specs that detail they can do packet forwarding at rates up to 1.4 million pps and iam sure there CPU is no where as powerfull as a 2.8Ghz Core I5 core. Any orientation is much appreciated. Alex

2 1

6.4 on old PC not connecting
by Beartooth 20 May '13

20 May '13

On an old server (Dell PowerEdge SC1420, now without RAID) I have CentOS 6.4 installed, up, and running -- but it keeps failing to connect for some reason .... NetworkManager applet 0.8.1 runs blue rings around in the panel for a while, then reports itself disconnected. It also offers a pseudo-choice, if I right-click, between Wired Connection and eth0; in fact, the cable to the router is the only connection the machine has or has ever had. I've tried such things as I could find to get a connection, in vain. I've tried replacing the cable. If there's a good fix, I'd like to get my wife running CentOS, because it's one obvious choice for her to have against such time as I'm gone. (I don't at all claim to be the Oldest Subscriber, but I am at an age such that I would be irrational not to plan for such contingencies.) What new way can I try to get this beast online? -- Beartooth Staffwright, Neo-Redneck Not Quite Clueless Power User Remember I have precious (very precious!) little idea where up is.

3 6

Re: [CentOS] TPM and secure boot
by John R Pierce 20 May '13

20 May '13

On 5/19/2013 2:41 PM, Reindl Harald wrote: > your question was*clearly* secure boot > and before UEFI secure boot*nobody* cared about TPM on OS systems so basically, you're saying you can't use a TPM to secure a linux system? hey, saves me a lot of work. I'll tell my boss it can't be done. -- john r pierce 37N 122W somewhere on the middle of the left coast

2 1

Re: [CentOS] TPM and secure boot
by John R Pierce 20 May '13

20 May '13

On 5/19/2013 2:06 PM, Reindl Harald wrote: > Am 19.05.2013 22:59, schrieb John R Pierce: >> >is this typically used in conjunction with disk encryption such that the >> >TPM module supplies the decryption keys? does linux have any concept >> >of signed executables, kernel, and so forth? would replacing the RPM >> >keys with keys signed by our own certificate authority such that the TPM >> >would be involved in RPM authentication be practical? > did you not read any IT news in the last year? > forget it on CentOS / RHEL currently > > even Fedora is far far away from what you think you need and the > complete chain of trust is more or less impossible on a opensource > system without make any 3rd party kernel module completly impossible > > https://fedoraproject.org/wiki/Secureboot > http://www.networkworld.com/community/blog/microsofts-secure-boot-red-hat-r… > TPM is not the same as the new secureboot UEFI BIOS stuff. this is an optional module (tamperproofed so if its unplugged, it erases) on most server motherboards, you initialize it with your OWN security keys if you want to use it, Microsoft has nothing to do with it. TPM has been around since 2006 or earlier. -- john r pierce 37N 122W somewhere on the middle of the left coast

2 1

Centos6.4 cannot reboot
by muiz 20 May '13

20 May '13

Dear all， I install new version centos 6.4 64bit and everything is ok except it cannot reboot, below is the /var/messages information: May 20 10:08:07 ravi2 smbd[1712]: failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL May 20 10:22:24 ravi2 init: tty (/dev/tty1) main process (1727) killed by TERM signal May 20 10:22:24 ravi2 init: tty (/dev/tty2) main process (1729) killed by TERM signal May 20 10:22:24 ravi2 init: tty (/dev/tty3) main process (1731) killed by TERM signal May 20 10:22:24 ravi2 init: tty (/dev/tty4) main process (1733) killed by TERM signal May 20 10:22:24 ravi2 init: tty (/dev/tty5) main process (1735) killed by TERM signal May 20 10:22:24 ravi2 init: tty (/dev/tty6) main process (1737) killed by TERM signal May 20 10:22:25 ravi2 xinetd[1618]: Exiting... May 20 10:22:26 ravi2 init: Disconnected from system bus May 20 10:22:26 ravi2 auditd[1530]: The audit daemon is exiting. May 20 10:22:26 ravi2 kernel: type=1305 audit(1369016546.436:112): audit_pid=0 old=1530 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1 May 20 10:22:26 ravi2 kernel: type=1305 audit(1369016546.539:113): audit_enabled=0 old=1 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1 May 20 10:22:26 ravi2 kernel: Kernel logging (proc) stopped. May 20 10:22:26 ravi2 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1546" x-info="http://www.rsyslog.com"] exiting on signal 15. (No message after this line until I click the Reset button) Do you know why? Muiz

1 0

TPM and secure boot
by John R Pierce 19 May '13

19 May '13

has anyone implemented any sort of 'secure boot' using TPM 1.2 modules on the server boards using CentOS 6.x ? I'm not finding much concrete stuff on how to setup and manage a system like this, but I've been asked to research it for a security application internally at my job. our primary application for the TPM is for client authentication certificates in an SSL application (the machine with the TPM is an unmanned embedded client, that accesses webservices on a remote server which needs to authenticate this client). We've already done similar client authentication using USB Tokens, but would like to use TPM for this in the future. I think the client authentication part is pretty straight forward, using Trousers and so forth and PKCS#11 to access the keys. Once we get the client authentication side working, we'd like to also secure the OS itself to prevent tampering, presumably using trusted grub and such? is this typically used in conjunction with disk encryption such that the TPM module supplies the decryption keys? does linux have any concept of signed executables, kernel, and so forth? would replacing the RPM keys with keys signed by our own certificate authority such that the TPM would be involved in RPM authentication be practical? (yes, I know, this would mandate using a private yum repository, and building/signing all our own system components). I realize this will greatly complicate system management, security is always a tightrope act. -- john r pierce 37N 122W somewhere on the middle of the left coast

1 0

OpenStack Grizzly on CentOS-6.4
by Florian La Roche 19 May '13

19 May '13

Hello, setting up the newest OpenStack Grizzly release seems to be really straight-forward. Red Hat has put together all support for this at http://openstack.redhat.com/. I've documented installation, post-install config tweaks, how to add a few ready-to-use guest images and links to a few gotchas on the following wiki page: http://jur-linux.org/testwiki/index.php/CloudLinux/OpenStack Most items can be setup on the command line this way, no need to e.g. use the web interface to upload guest images. best regards, Florian La Roche

2 5

[Fwd: GThread-ERROR **: GThread system may only be initialized once.]
by James B. Byrne 18 May '13

18 May '13

I posted this to the Jitsi users mailing list on Thursday last and have received no replies. Does anyone here have any idea of what is causing this and how to fix it? One other bit of information. When I first installed Jitsi it initially worked for a non-privileged user as I ran it from the gnome menu of my login account. However, at some point it seemed get 'confused' and hung. Since then I have been unable to get it to run as a non-privileged user. I have removed and reinstalled it. I have also rebooted the host. Nothing changes its current behaviour. -------------------------- Original Message -------------------------- Subject: GThread-ERROR **: GThread system may only be initialized once. From: "James B. Byrne" <byrnejb(a)harte-lyne.ca> Date: Thu, May 16, 2013 16:54 To: users(a)jitsi.org ---------------------------------------------------------------------- I installed jitsi-2.2 on a CentOS-6.4 x86_64 host. When I run it as a non-privileged user then I see this error: $ jitsi ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.rear ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.center_lfe ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.side ALSA lib pcm_dmix.c:957:(snd_pcm_dmix_open) The dmix plugin supports only playback stream GThread-ERROR **: GThread system may only be initialized once. aborting... Aborted and it dies. If instead I run it as a privileged user then I see this: $ sudo jitsi [sudo] password for byrnejb: ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.rear ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.center_lfe ALSA lib pcm.c:2209:(snd_pcm_open_noupdate) Unknown PCM cards.pcm.side ALSA lib pcm_dmix.c:957:(snd_pcm_dmix_open) The dmix plugin supports only playback stream java.lang.UnsatisfiedLinkError: /usr/share/jitsi/lib/native/libglobalshortcut.so: /usr/lib64/libstdc++.so.6: version `GLIBCXX_3.4.15' not found (required by /usr/share/jitsi/lib/native/libglobalshortcut.so) at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1939) at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1864) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1854) at java.lang.Runtime.loadLibrary0(Runtime.java:845) at java.lang.System.loadLibrary(System.java:1084) at net.java.sip.communicator.impl.globalshortcut.NativeKeyboardHook.<clinit>(NativeKeyboardHook.java:254) at net.java.sip.communicator.impl.globalshortcut.GlobalShortcutServiceImpl.<init>(GlobalShortcutServiceImpl.java:56) at net.java.sip.communicator.impl.globalshortcut.GlobalShortcutActivator.start(GlobalShortcutActivator.java:104) at org.apache.felix.framework.util.SecureAction.startActivator(SecureAction.java:629) at org.apache.felix.framework.Felix.activateBundle(Felix.java:1904) at org.apache.felix.framework.Felix.startBundle(Felix.java:1822) at org.apache.felix.framework.Felix.setActiveStartLevel(Felix.java:1192) at org.apache.felix.framework.StartLevelImpl.run(StartLevelImpl.java:266) at java.lang.Thread.run(Thread.java:722) And it works. What is going on and how do I fix it? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

1 0

F18: Create a USB install of CentOS 6 from iso
by Mihamina Rakotomandimby 18 May '13

18 May '13

Hi all, On a F18, I installed livecd-tools-18.15-1 I downloaded CenOS6.x minimal .iso and with livecd-iso-to-disk the resulting USB is never bootable: the computer doesnt boot on it. Tested on many computers. The fact is I succeded to install CentOS on a Netbook (no CD/DVD tray), but I dont remember how I invoked livecd-iso-to-disk. I tried with many combinations (/dev/sdc is the USB pendrive): 1°) $ sudo livecd-iso-to-disk --format --force <ISO> /dev/sdc 2°) $ sudo livecd-iso-to-disk --format --force <ISO> /dev/sdc1 3°) - Format with VFAT on partiion #1 then $ sudo livecd-iso-to-disk <ISO> /dev/sdc1 4°) - Format with Ext on partiion #1 then $ sudo livecd-iso-to-disk <ISO> /dev/sdc1 ... N°) I dont remember what I tried, but it was many, mostly tried with CentOS 6.2 Please, if someone has a F18 + an USB drive: would you test and see if you succed? If you ever succed, how did you? -- RMA.

5 5

← Newer
1
...
4
5
6
7
8
9
10
...
13
Older →

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss May 2013