Hi,
I compiled a kernel from sources (2.6.30.5) and when system is booting shows these errors:
SELinux: 61 classes, 69080 rules SELinux: class peer not defined in policy SELinux: class capability2 not defined in policy SELinux: class kernel_service not defined in policy SELinux: permission open in class dir not defined in policy SELinux: permission open in class file not defined in policy SELinux: permission open in class chr_file not defined in policy SELinux: permission open in class blk_file not defined in policy SELinux: permission open in class sock_file not defined in policy SELinux: permission open in class fifo_file not defined in policy SELinux: permission recvfrom in class node not defined in policy SELinux: permission sendto in class node not defined in policy SELinux: permission ingress in class netif not defined in policy SELinux: permission egress in class netif not defined in policy SELinux: permission setfcap in class capability not defined in policy SELinux: permission nlmsg_tty_audit in class netlink_audit_socket not defined in policy SELinux: permission forward_in in class packet not defined in policy SELinux: permission forward_out in class packet not defined in policy SELinux: the above unknown classes and permissions will be denied
How can I fix these errors?
Thanks in advance!
On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkinsebelk@gmail.com wrote:
How can I fix these errors?
Easy. Use the kernel provided in the distribution.
2009/8/27 Jim Perrin jperrin@gmail.com:
On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkinsebelk@gmail.com wrote:
How can I fix these errors?
Easy. Use the kernel provided in the distribution.
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
So I'd be glad to hear other kind of solution :)
On Thu, Aug 27, 2009 at 9:46 AM, Sergio Belkinsebelk@gmail.com wrote:
2009/8/27 Jim Perrin jperrin@gmail.com:
On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkinsebelk@gmail.com wrote:
How can I fix these errors?
Easy. Use the kernel provided in the distribution.
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc.
Have you looked at dstat? If you find features that are not provided by the current version, you can always ask Dag. :)
And secondly and most important: my boss wants that :)
Then I suggest you have him read a statement in a box highlighted in eye-soaring red:
http://wiki.centos.org/HowTos/Custom_Kernel
So I'd be glad to hear other kind of solution :)
Akemi
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Filipe
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
On 27.8.2009 17:15, Sergio Belkin wrote:
2009/8/27 Filipe Brandenburgerfilbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
IO statistics by process will be included in 5.4....You could try to use the RHEL 5.4 beta kernels (Just remember, those are beta....).
Bgrds, Finnzi
On Thu, Aug 27, 2009 at 11:15 AM, Sergio Belkinsebelk@gmail.com wrote:
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
HTH, Felipe
I've just explained the reason why I've compiled.
What your boss wants and what you want will not work with CentOS in that case.
Short Answer: You will both be better off looking at a non-enterprise operating system. If the company has standardized on CentOS for long term support they could look at Fedora for this one off and then use CentOS-6 when that comes out.
Long Answer: You would need to basically compile newer glibc, newer ldconfig, gcc, etc etc etc until at which point you have a base Fedora-11 system and some CentOS stuff that might still work (but highly unlikely).
Sergio Belkin wrote:
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
Let me try it a different way.
The current kernel used by Red Hat in RHEL 4 is a 2.6.9-x kernel and it has 1973 patches. The one currently in use in RHEL 5 is a 2.6.18-x kernel with 2882 patches.
Many packages are compiled against kernel-headers and depend on the proc structure that is there.
SELinux is just one of many issues you will have if you try to use a main line kernel on CentOS. You will need to have several of the Red Hat patches (modified to work with the new kernel tree) incorporated in order to use a newer kernel on CentOS.
If you absolutely have to have a newer kernel (you should not do this ... but hey, it IS your machine) ... then instead of trying to use a main line kernel, instead try to use the latest one from here:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/
This kernel has been tested for use with RHEL-5 and is 2.6.24-x.
You still might have issues, but they should be far fewer than running a main line kernel on CentOS.
Would you, if you boss told you he wanted you to, try to make the Windows Vista system files run on Windows 95?
Thanks, Johnny Hughes
2009/8/27 Johnny Hughes johnny@centos.org:
Sergio Belkin wrote:
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
Let me try it a different way.
The current kernel used by Red Hat in RHEL 4 is a 2.6.9-x kernel and it has 1973 patches. The one currently in use in RHEL 5 is a 2.6.18-x kernel with 2882 patches.
Many packages are compiled against kernel-headers and depend on the proc structure that is there.
SELinux is just one of many issues you will have if you try to use a main line kernel on CentOS. You will need to have several of the Red Hat patches (modified to work with the new kernel tree) incorporated in order to use a newer kernel on CentOS.
If you absolutely have to have a newer kernel (you should not do this ... but hey, it IS your machine) ... then instead of trying to use a main line kernel, instead try to use the latest one from here:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/
This kernel has been tested for use with RHEL-5 and is 2.6.24-x.
You still might have issues, but they should be far fewer than running a main line kernel on CentOS.
Would you, if you boss told you he wanted you to, try to make the Windows Vista system files run on Windows 95?
Thanks, Johnny Hughes
Thanks for provide the more smart and constructive answer so far.
On ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ I've only found kernel-rt, are they real time kernels?
Sergio Belkin wrote:
2009/8/27 Johnny Hughes johnny@centos.org:
Sergio Belkin wrote:
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
Let me try it a different way.
The current kernel used by Red Hat in RHEL 4 is a 2.6.9-x kernel and it has 1973 patches. The one currently in use in RHEL 5 is a 2.6.18-x kernel with 2882 patches.
Many packages are compiled against kernel-headers and depend on the proc structure that is there.
SELinux is just one of many issues you will have if you try to use a main line kernel on CentOS. You will need to have several of the Red Hat patches (modified to work with the new kernel tree) incorporated in order to use a newer kernel on CentOS.
If you absolutely have to have a newer kernel (you should not do this ... but hey, it IS your machine) ... then instead of trying to use a main line kernel, instead try to use the latest one from here:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/
This kernel has been tested for use with RHEL-5 and is 2.6.24-x.
You still might have issues, but they should be far fewer than running a main line kernel on CentOS.
Would you, if you boss told you he wanted you to, try to make the Windows Vista system files run on Windows 95?
Thanks, Johnny Hughes
Thanks for provide the more smart and constructive answer so far.
On ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/ I've only found kernel-rt, are they real time kernels?
Yes, those are real time kernels.
2009/8/27 Johnny Hughes johnny@centos.org:
Sergio Belkin wrote:
2009/8/27 Filipe Brandenburger filbranden@gmail.com:
Hi,
On Thu, Aug 27, 2009 at 12:46, Sergio Belkinsebelk@gmail.com wrote:
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
Then CentOS is not what you want.
There is a reason why RHEL/CentOS does not ship with the latest kernel (and other components) and backports fixes instead. It's not trivial to make different versions of these components work together. If you try to replace the kernel (or other core components) you will see how painful it is. In fact, you started to see it already. You may try to continue to go that way, but I doubt anyone in this list will be able to help you there... you're pretty much on your own.
So I'd be glad to hear other kind of solution :)
Look at the latest Fedora or Ubuntu or another one of the "cutting edge" distributions that ship with more recent versions of components.
Or ask yourself (or your boss) *WHY* you think you really need a later version of a certain component. What is your real problem? Is it support to a certain hardware? Is it network related? Is it (unfounded) fear that the kernel in CentOS might be vulnerable? It might be possible to solve your problem using CentOS in another way, if you come back to the list with the real problem we might be able to help you better.
HTH, Felipe
I've just explained the reason why I've compiled.
Let me try it a different way.
The current kernel used by Red Hat in RHEL 4 is a 2.6.9-x kernel and it has 1973 patches. The one currently in use in RHEL 5 is a 2.6.18-x kernel with 2882 patches.
Many packages are compiled against kernel-headers and depend on the proc structure that is there.
SELinux is just one of many issues you will have if you try to use a main line kernel on CentOS. You will need to have several of the Red Hat patches (modified to work with the new kernel tree) incorporated in order to use a newer kernel on CentOS.
If you absolutely have to have a newer kernel (you should not do this ... but hey, it IS your machine) ... then instead of trying to use a main line kernel, instead try to use the latest one from here:
ftp://ftp.redhat.com/pub/redhat/linux/enterprise/5Server/en/RHEMRG/SRPMS/
This kernel has been tested for use with RHEL-5 and is 2.6.24-x.
You still might have issues, but they should be far fewer than running a main line kernel on CentOS.
Would you, if you boss told you he wanted you to, try to make the Windows Vista system files run on Windows 95?
Of course I wouldn't it. I think that the comparison has little to do. Windows it's very different from Linux. MS it's product developed by an only company and closed souce. I think that the difference from using some distro with different kernel is far smaller that running "Vista" apps on Windows 95. Of course I don't expect support in the sense that someone solve my problems, I'm only was asking suggestions...
Sergio Belkin wrote:
2009/8/27 Jim Perrin jperrin@gmail.com:
On Thu, Aug 27, 2009 at 9:01 AM, Sergio Belkinsebelk@gmail.com wrote:
How can I fix these errors?
Easy. Use the kernel provided in the distribution.
Jim, thanks for the suggestion, but Firstly: I need a newer kernel in order to get IO statistics from tools like atop, pidstat, etc. And secondly and most important: my boss wants that :)
So I'd be glad to hear other kind of solution :)
1) New expectations and/or 2) New boss and/or 3) New distribution
-
Akemi Yagi -
Filipe Brandenburger -
Finnur Örn Guðmundsson -
Jim Perrin -
Johnny Hughes -
Robert -
Sergio Belkin -
Stephen John Smoogen