Discuss July 2015

discuss@lists.centos.org

116 participants
114 discussions

HP Elitebook 8460p
by Phil Dobbin 10 Jul '15

10 Jul '15

Hi, all. I'm looking to install CentOS 7 to my HP Elitebook 8460p (Intel i5, 4gig of RAM, 250 HD). Has anybody had any experience with this laptop & CentOS 7? Many thanks for any help. Regards, Phil...

1 0

C-6.6 - sshd_config chroot SELinux issues
by James B. Byrne 09 Jul '15

09 Jul '15

CentOS-6.6 We have sshd chroot working, mostly, for a particular groupid. However, we have two things that remain u/s, no doubt due to some omission on my part. Basically, we would like our users to be able to tunnel their https over the ssh connection to this server and be able to do X11 forwarding as well. At the moment both work when the user connects without chroot and neither works if they are chroot, even when the chroot directory is the actual system /. The Match statements are: Match Group wheel AllowTcpForwarding yes ChrootDirectory / PermitOpen any X11Forwarding yes X11UseLocalhost no Match Group !wheel,sftp ChrootDirectory %h ForceCommand internal-sftp AllowTcpForwarding no There are SELinux issues: /var/log/messages Jul 9 09:22:43 inet02 setroubleshoot: SELinux is preventing /usr/sbin/sshd from create access on the udp_socket . For complete SELinux messages. run sealert -l 91eae747-73dc-43d8-8af9-0601e726f233 Jul 9 09:22:43 inet02 setroubleshoot: SELinux is preventing /usr/sbin/sshd from create access on the tcp_socket . For complete SELinux messages. run sealert -l c5d4049e-cffb-4cfb-a243-135c7b297e8b Jul 9 09:22:44 inet02 setroubleshoot: SELinux is preventing /usr/sbin/sshd from open access on the chr_file 5. For complete SELinux messages. run sealert -l d77a3254-8aba-4a13-bd78-0bcf14e67035 /var/log/secure Jul 9 09:22:34 inet02 sshd[17681]: error: socket: Permission denied Jul 9 09:22:34 inet02 sshd[17684]: error: /dev/pts/5: Permission denied # grep sshd /var/log/audit/audit.log | audit2allow #============= chroot_user_t ============== #!!!! This avc is allowed in the current policy allow chroot_user_t admin_home_t:dir search; #!!!! This avc is allowed in the current policy allow chroot_user_t net_conf_t:file read; allow chroot_user_t self:netlink_route_socket create; allow chroot_user_t self:tcp_socket create; allow chroot_user_t self:udp_socket create; allow chroot_user_t user_devpts_t:chr_file open; allow chroot_user_t user_home_t:chr_file { read write }; #!!!! This avc is allowed in the current policy allow chroot_user_t xauth_exec_t:file getattr; #============= xauth_t ============== allow xauth_t chroot_user_t:process sigchld; # getsebool -a | grep ssh allow_ssh_keysign --> off fenced_can_ssh --> off ssh_chroot_full_access --> on ssh_chroot_manage_apache_content --> off ssh_chroot_rw_homedirs --> on ssh_sysadm_login --> off These are definitely involved with the X11 forwarding issue because if I use: setenforce Permissive then gvim works for a chrooted session. However, when setenforce Enforcing is set then gvim fails with: 'E233: cannot open display'. I have not tried the https tunnelling without SELinux but I suspect that the problem is similar if not identical. Do I generate a custom policy or are there some other SSH/SELinux settings that I am missing? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

5 5

CentOS-announce Digest, Vol 125, Issue 3
by centos-announce-request＠centos.org 09 Jul '15

09 Jul '15

Send CentOS-announce mailing list submissions to centos-announce(a)centos.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-request(a)centos.org You can reach the person managing the list at centos-announce-owner(a)centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2015:1212 CentOS 5 dhcpv6 BugFix Update (Johnny Hughes) ---------------------------------------------------------------------- Message: 1 Date: Wed, 8 Jul 2015 12:20:08 +0000 From: Johnny Hughes <johnny(a)centos.org> To: centos-announce(a)centos.org Subject: [CentOS-announce] CEBA-2015:1212 CentOS 5 dhcpv6 BugFix Update Message-ID: <20150708122008.GA2676(a)chakra.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2015:1212 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1212.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 59346288516ea2b78d52e60a4c6f57efaf5fd52e2439b31c9d1d72007479ed93 dhcpv6-1.0.10-22.el5_11.i386.rpm a45f38d962896c9caf159a6031457795937eeab0b1ea81efb48b880a3e484dad dhcpv6-client-1.0.10-22.el5_11.i386.rpm 1cc7830722ec93f2f4781044dc24fe3ba4b5001f1de1219d58017073cc1af327 libdhcp6client-1.0.10-22.el5_11.i386.rpm 76c5877358fe5c298d351dc710f7b5e2d31cfe8a2ca2bbc5fca75bb6d252acb4 libdhcp6client-devel-1.0.10-22.el5_11.i386.rpm x86_64: 992236c4c294ca5e3fbb3883f0f0af5f1779eaad470f8736fcca02c7f4172f1a dhcpv6-1.0.10-22.el5_11.x86_64.rpm 867c0a09c213e28ce32203aa2db7a92c7f49daeaa412a400285e9576c5361bd2 dhcpv6-client-1.0.10-22.el5_11.x86_64.rpm 1cc7830722ec93f2f4781044dc24fe3ba4b5001f1de1219d58017073cc1af327 libdhcp6client-1.0.10-22.el5_11.i386.rpm 0a0da012999941c3cfcc93eb3781279882145f6ceb7507de6d95133607f91b09 libdhcp6client-1.0.10-22.el5_11.x86_64.rpm 76c5877358fe5c298d351dc710f7b5e2d31cfe8a2ca2bbc5fca75bb6d252acb4 libdhcp6client-devel-1.0.10-22.el5_11.i386.rpm d702b9e1a65d997ed463adda32c8b12c4d8e7be88d291d4d052520da75047ab0 libdhcp6client-devel-1.0.10-22.el5_11.x86_64.rpm Source: 785a27201af8b94e4f03d8cc0f08d6bf39b4730402e6290ee0e7614c80dde2e3 dhcpv6-1.0.10-22.el5_11.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #centos(a)irc.freenode.net ------------------------------ _______________________________________________ CentOS-announce mailing list CentOS-announce(a)centos.org http://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 125, Issue 3 ***********************************************

1 0

CentOS Pre Release Updates CI tests
by Johnny Hughes 08 Jul '15

08 Jul '15

The CentOS project has been running Continuous Integration (aka CI) process where we run checks from our t_functional suite on a daily basis for quite a while now: https://ci.centos.org/view/CentOS-Core-QA/ We will continue to run these daily as they provide good historical info, but recently, we have adopted a practice of "Pre Release" testing using the same t_functional suite. So, from now on, we will need to get a "Green" result on t_functional (or know what is failing and make a decision that it is false positive) BEFORE we release any updates to CentOS-5, CentOS-6 or CentOS-7. Pre Release Update tests are here and now part of the updates process before release of the packages: https://ci.centos.org/view/CentOS-Core/ If you have issues that need to be checked for, that we sometimes get wrong (in this case, wrong means broken in CentOS an not in RHEL) .. then you can update t_functional suite to test for that issue and we can integrate it into the test suite. You can checkout and run t_functional here: https://github.com/CentOS/sig-core-t_functional * NOTE:* These tests make major changes on the machine where they are run .. so they are *DESTRUCTIVE* to that environment and should only be used on machines specifically built for testing that can be rebuilt/reinstalled after the tests complete. Info on how to use t_functional is here: http://wiki.centos.org/QaWiki/AutomatedTests/WritingTests/t_functional We will accept new tests and changes that make sense via github with discussions about the changes taking place on the CentOS-Devel mailing list. If there is a nagging issue that you want tested for, feel free to fork t_functional and create tests to make CentOS Linux better in the future. Thanks, Johnny Hughes

1 0

Successful installation
by michael wright 08 Jul '15

08 Jul '15

Hi i have installed centos but i need to know how i can do a grub 2 can somebody help me please Mike

3 2

where can i find fbset package
by kqt4at5v＠gmail.com 08 Jul '15

08 Jul '15

where can i find the fbset package for centos 6

3 5

Installing Centos Server Problems
by michael wright 08 Jul '15

08 Jul '15

Hi Can some one help me please. I am trying to install Centos 7.0 server but every time I install centos I keep loosing my windows 7 ? I have a 2TB Hard-Drive, Window 7 64 bit Operating System with Intel Core i5 2300 Processor when I reboot I loose windows and I have no dual-boot can anybody help me please this is the 7 time I have tried this and still fail Michael Wright

2 2

successful installation
by michael wright 08 Jul '15

08 Jul '15

1 0

Re: [CentOS] Prompt for chrooted users
by James B. Byrne 07 Jul '15

07 Jul '15

Well, I seem to have resolved most of this. In the end I had to create a separate logical link for the chrooted users' home directories that pointed back to their actual directory. It sounds confusing because it is. I first tried this in sshd_conf ChrootDirectory %h and in ~/%h I had created the following mount points: bin dev etc lib lib64 tmp usr Upon which I had hung mounts to directories containing the chroot reduced functionality. mount --bind /path/to/chroot/bin bin However, that did not work. I next tried this: ChrootDirectory /path/to/chroot And that did not work either. By not work I really mean did not execute the user's bash_profile script at login, which is why the prompt was screwed up. Of course that was simply the most immediately visible problem. What did work, eventually, was this combination: In sshd_conf ChrootDirectory /path/to/chroot plus: cd /path/to/chroot mkdir -p path/to/chroot cd /path/to/chroot//path/to/chroot ln -s ../../user_home_dir user_home_dir I infer from the documentation that sshd first switches to the chroot and then to the user's home directory from within the chroot. Which makes sense but the implications for correct implementation are not exactly obvious. The result of not recreating the home directory path under chroot was that the programs in chroot/bin were not found and did not execute while the user stayed in chroot. This is also why using %h in sshd_conf did not work. For that to succeed I need to recreate the user's entire home directory tree inside each user's home directory. Since using a common root and logical links is less burdensome from a maintenance point of view I choose the later. I was also too lazy to return to the first approach once I got the second working. So, that mystery is cleared up. I have others, and of course SELinux is in there, but this one is put to bed. -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

1 0

Prompt for chrooted users
by James B. Byrne 07 Jul '15

07 Jul '15

We have a requirement to allow ssh access to a server in order to provide a secure link to one of our legacy systems. I would like to chroot these accounts. I have this working except for one small detail, the user's prompt in the ssh session. Each user has their shell set to /bin/bash in /etc/passwd. However, instead of getting the prompt defined in their .bash_profiles we see this: -bash-4.1$ when we are expecting this: [username@hostname dir]$ So, before I go messing around moving files I would some information from you as tio what I have overlooked. Do I need to move something like etc/passwd and /etc/group into the chroot/etc? TIA -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB@Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3

4 3

← Newer
1
...
6
7
8
9
10
11
12
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Discuss July 2015