DevHeads.net

Postings by m.roth

An selinux issue

CentUS 7.4

From sealert:
SELinux is preventing /usr/sbin/sshd from read access on the file
/etc/ssh/moduli.

***** Plugin restorecon (94.8 confidence) suggests
************************

If you want to fix the label.
/etc/ssh/moduli default label should be etc_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /etc/ssh/moduli
<...>
Additional Information:
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023
Target Context system_u:object_r:unlabeled_t:s0
Target Objects /etc/ssh/moduli [ file ]
Source sshd
Source Pat

A question about smb.conf between C6 and c7

Are there any? Will a C 6 conf work under C 7?

A pointer to a README would be appreciated on configuration differences,
if any.

Thanks in advance.

mark

Two MACs for one IP

The reason I want to assign one IP to two MAC addresses is that I have one
(and only one) user for whom I have to spoof the MAC address (it's a case
of stupid software licensing). But... his system is encrypted. Now, we're
using clevis to allow reboots without someone being at the keyboard to
type in the password. Those of you who've looked at clevis see where this
is going: clevis uses the *real* firmware MAC address to get the key from
the latchset server...

OT: configuring xming to know putty's not in a std. location

Is there some way to do this? I've got the current putty (actually,
putty-cac), pageant, and plink in my user's Downlods directory - neither
he nor I have admin authority on his laptop, and Desktop support's
teleworking today - but I can't seem to find a way to configure xming to
look there for putty.

Or is it start putty, *then* start xming?

mark

logging in

This is.... odd.

We're seeing a *lot* of
sshd[8400]: Timeout, client not responding.
So I'm trying to find out whose client is having issues. Trying to figure
that, after processes are gone, I tried looking in lastlog, which is where
it gets odd. lastlog shows root coming in, and it shows a security account
coming in... years ago.

I see one of our users logging in a goodly number of times... but lastlog
doesn't show him.

An rpm specfile quesstion

I've built an rpm package to distribute an executable and datafiles, but I
need to link to the executable, with the symlink with a different name,
into /usr/sbin/

If I make the symlink in the %post, it doesn't show if you do rpm -ql, and
/usr/sbin/link gives "not owned by any package".

CentOS 7 autofs flakyness

I have a user who couldn't get in via WinSCP to a server. Got him to log
in via putty, and that was fine. But he still couldn't get in the other
way. At my manager's suggestion, I restarted autofs... and everything
worked.

Note that his home director5y was already automounted via NFS, after he
logged in via putty. We've seen other, similar oddities with NFS.

An rpmbuild spec question

I'm trying to build a package to create a directory and install some
files. My rpmbuild keeps failing, unable to cd into the directory, "no
such". Now, in the tmpfile, I *see* it cd'ing into BUILD/opt, and the
source was unzipped and untared into BUILD/opt/smipmicfg-1.27.0. In the
spec file, I've even added a cd $RPM_BUILD_ROOT/opt, and I see it cd to
there... and then it says it fails cd'ing into the directory under it.

I've been doing a lot of googling, but nothing seems to fix this.

Re: [CentOS] C7 and docker storage

Gianluca Cecchi <gianluca. ... at gmail dot com> wrote:

C 7, docker, and storage

I may have missed some overnight replies to my question from yesterday -
if so, sorry.

From my googling, it looks like I should change from the loopback device
to overlayFS (with overlay2).

C7 and docker storage

Was working on docker on a server, and on startup, I see
Nov 29 10:58:27 <servername> dockerd-current:
time="2017-11-29T10:58:27.612849959-05:00" level=warning msg="devmapper:
Usage of loopback devices is strongly discouraged for production use.
Please use `--storage-opt dm.thinpooldev` or use `man docker` to refer to
dm.thinpooldev section."
Nov 29 10:58:27 <servername> dockerd-current:
time="2017-11-29T10:58:27.655600686-05:00" level=warning msg="devmapper:
Base device already exists and has filesystem xfs on it.

C 7, lockd issue

I thnk I posted this last week, but to refresh your minds (for Americans,
after all the turkey): two C7 boxes, updated. box 1 is exporting
directories; box 2 is not running nfs. From box 1, every minute, I get
<...> kernel: lockd: server fred.local not responding, timed out

Now, on box 2, fred is eth0:fred, and is one of five secondaries on eth0.
When I do an ip a, it shows as the last one.

semi-OT:apcupsd

I can't seem to find apcupsd for C 6. Just went to epel's website, and not
visible. Anyone have a clue?

mark

C6 and xfce

Hi, folks,

So I installed xfce on my Netbook. While I was in Chicago, I worked out
how to tell it to bring it up. It came up.

As root. With no obvious way to tell it to show a login screen first.

Did I miss something?

mark

yum-cron

Hi, folks,

Has anyone else seen the issue of having an excludes= in /etc/yum.conf,
but yum-cron appears to be ignoring it?

This may have been the case earlier this year, where it seemed to
partly install a new kernel, then not done the post-install.

C6, lightweight window managers - opinions?

So, on my old Netbook, now happily running C6.9, I'm looking for opinions
for a lightweight window manager. Gnome surely ain't it....

Years back, I used to like IceWM, but not sure it's been kept up.

So, opinions?

mark

Semi-OT: a docker log question

Hi, folks,

Is there *any* way, other than writing my own logging driver, to get
the docker daemon to write to its very own file, like, say,
/var/log/docker, so that it doesn't spew crap into /var/log/messages?

Thanks in advance.

mark

C7, docker, logging

Hi, folks,

Well my user had errors, so I got to restart the docker daemon with
--log-level=warn.

Docker log level

Hi, folks,

Just installed and fired up docker for a user, and the default log
level is stupidly noisy. Now, doing some googling, I see that I can set
the log level on the command line. What I'd *like* to do is set the log
level in the appropriate config file, which I gather is
/etc/docker/daemon.json.

CentOS 6 for ARM?

Hi, folks,

So, I want to rebuild my "ancient" HP netbook, from the ancient ubuntu
netbook remix. Is there an *ARM* .iso, or net install somewhere? I'm not
finding it, googling. Lots of Raspberry Pi, but....

mark

Odd C7 userspace issue

I've seen this a couple of times, and do not understand what it's trying
to tell me:
journal: unable to create file '/run/user/200236571/dconf/user':
Permission denied. dconf will not work properly.

Now, it exists, and the ownership and permissions seem correct.
drwx------. 2 <user> <user> 60 Oct 18 06:43 ./
drwx------. 8 <user> <user> 160 Oct 6 14:42 ../
-rw-------. 1 <user> <user> 2 Oct 18 09:42 user

Anyone have any thoughts on this?

I do not love thee, kernel-3.10.0-693.2.2.el7.x86_64

I've been having a lot of issues with video, for example. However, this
one... I have a user with a Dell R730. I install kernel and kernel devel,
and the rest of the full update, and rebooted.

Nope. 100% kernel panic, right around the time it switches root.

CUDA tools?

Hi, again.

So, kmod-nvidia installed. Trouble is, I have no tool to test it. And my
user might need nvcc, which, of course, is only provided by the NVidia
CUDA, which won't install, because it conflicts with kmod-nvidia.

Has *anyone* dealt with this? If so, what was your solution?

mark

Missing file in current kernel-devel package

Ok, folks,

I've identified what my problem is, trying to install the NVidia
proprietary drivers: in kernel-devel-3.10.0-514.26.2.el7.x86_64, there
is a file
/usr/src/kernels/3.10.0-514.26.2.el7.x86_64/include/linux/fence.h

It does not exist in the kernel-devel-3.10.0-693.2.2.el7.x86_64
package. Is this something that got missed, or did HR drop it, or....?

mark

C7: kernel-3.10.0-693.2.2, huh?

Ok... I just fully updated a user's machine. And got a kernel panic on
reboot. So, having run into this earlier this year, I tried to reinstall
the kernel.
yum reinstall kernel-3.10.0-693.2.2.el7.x86_64
Installed package kernel-3.10.0-693.2.2.el7.x86_64 (from updates) not
available.
Error: Nothing to do

Huh? Anyone?

mark

Default value of SELinux boolean httpd_graceful_shutdown will changed.]

httpd_graceful_shutdown will changed.
"Selinux List at Fedora Project" < ... at lists dot fedoraproject.org>
On 09/29/2017 03:57 PM, Alexander Bokovoy wrote:

Re: [CentOS] Semi-OT: hardware: NVidia proprietary driver, C7.4

Hi, folks,

Well, still more fun (for values of fun approaching zero):

1. Went to install CUDA 9.0... well, gee, there is *no* CUDA 9.0.
Even though I installed the 9 repo, all that I get is 8. I've
used their webform, and an waiting on a reply.
2. I remove all nvidia packages.
3. It appears that the kmod-nvidia is what I need; that's what
nvidia-detect says. So I try to install...

Semi-OT: hardware: NVidia proprietary driver, C7.4

This is really frustrating. I've got a server with two K20c Tesla cards. I
need to use the proprietary drivers to use the CUDA toolkit. Btw, I had no
trouble at all with building for CentOS 7.3

I have what NVidia claims is the correct driver package, a 340 series. It
appears to build, but then fails to load. The only error I see is "no such
device", which makes no sense to me, esp.

rkhunter and prelink

Can't remember if I posted this before... We're getting warnings from
rkhunterWarning: Checking for prerequisites [ Warning ]
All file hash checks will be skipped because:
This system uses prelinking, but the hash function command does not
look like SHA1 or MD5.

Now, googling, I find people saying to rm /etc/prelink.cache, then run
rkhunter --propupd.

Works. And then, prelink runs in the middle of the night, via
/etc/cron.daily, and when the cron job of rkhunter runs, it's back to
complaining.

Anyone have any ideas what's going on here?

CentOS 7, nfs & autofs

Hi, folks,

We've been seeing this almost since we started rolling out C7: for no
apparent reason, it will automount *everyone* in /etc/auto.home, even
though most of those folks not only have never logged onto that server
or workstation, but are not allowed to.

We distribute to all our systems the same auto.home, and we certainly
don't want to customize it for nearly 200 systems, we like it under
central control.

Any clues as to why it does this?