I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
mark
On 20/11/12 20:56, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
mark
No.
what's the error? How do you produce it?
------------ Banyan He Blog: http://www.rootong.com Email: banyan@rootong.com
On 2012-11-21 4:56 AM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 11/21/12 00:55, Banyan He wrote:
On 2012-11-21 4:56 AM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
what's the error? How do you produce it?
1. Please don't top post. 2. I'm an admin these days, not a developer. I don't "produce" it, someone's presumably doing something, and I see the logs fill up. I haven't dug down into what's doing it; I'm perplexed as to why it's suddenly happening.
Dan Walsh suggests I may have only needed to set the boolean; if that's the case, then I question why the upgrade of the package didn't do that.
mark
tried to install a new centos6.3 and apache. No luck to reproduce what you've been through. Don't know what the error is you had but I dont get any error from my log files.
------------ Banyan He Blog: http://www.rootong.com Email: banyan@rootong.com
On 2012-11-21 9:08 PM, mark wrote:
On 11/21/12 00:55, Banyan He wrote:
On 2012-11-21 4:56 AM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
what's the error? How do you produce it?
- Please don't top post.
- I'm an admin these days, not a developer. I don't "produce" it,
someone's presumably doing something, and I see the logs fill up. I haven't dug down into what's doing it; I'm perplexed as to why it's suddenly happening.
Dan Walsh suggests I may have only needed to set the boolean; if that's the case, then I question why the upgrade of the package didn't do that.
mark _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/20/2012 03:56 PM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
mark
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I would doubt you needed to downgrade the policy. I would figure you got a new version of apache or some application that was requiring httpd to setrlimit.
On 11/21/12 05:17, Daniel J Walsh wrote:
On 11/20/2012 03:56 PM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
I would doubt you needed to downgrade the policy. I would figure you got a new version of apache or some application that was requiring httpd to setrlimit.
You mean *all* that garbage was because setrlimit needed to be set? If so, I would have expected the installation or upgrade of the package to do that in the postinstall.
Thanks.
mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/21/2012 08:05 AM, mark wrote:
On 11/21/12 05:17, Daniel J Walsh wrote:
On 11/20/2012 03:56 PM, m.roth@5-cent.us wrote:
I upgraded a development server last week, and it started spewing selinux errors to the log. I googled. What finally *seems* to have stopped it was a) setsebool -P httpd_setrlimit 1 b) yum downgrade selinux-policy*
This is on a 6.3 box. Has anyone else seen this behaviour?
I would doubt you needed to downgrade the policy. I would figure you got a new version of apache or some application that was requiring httpd to setrlimit.
You mean *all* that garbage was because setrlimit needed to be set? If so, I would have expected the installation or upgrade of the package to do that in the postinstall.
Thanks.
mark
I have no idea what happened to cause the problem. But I do know that selinux-policy releases always loosen policy on minor releases. Since there is no tightening of selinux-policy I don't see where upgrading or downgrading policy would suddenly cause apache to want to setrlimit. Other packages within the same update like potentially the kernel, httpd or perhaps the apps you are running in httpd could have caused it.