Postings by Paul Heinlein

Identifying Official CentOS AWS AMIs

I'm trying to automate identification of CentOS AWS images. It appears
that official CentOS AMIs have an OwnerID value of 410186602215, but
I'm not sure if that value is transient or specific to one or more
AWS regions.

Is there a maintainer lurking here that can confirm or deny?

Here's the base query I'm testing:

aws ec2 describe-images \
--owners 410186602215 \
--output text \
--query 'reverse(sort_by(Images, &CreationDate))[?starts_with(Description, `CentOS Linux 7`)].[ImageId, CreationDate, Description]'

nfsvers and nfs-utils-1.3.0-0.48.el7

We encountered a weird problem today, and I thought some of you might
like to hear the solution.

The underlying change was listed in the 7.4 changelog, so it's not a
bug, but it may drive you buggy.

The majority of our HPC cluster nodes run CentOS 7, though the exact
patch levels vary from node to node. None is older than 7.3, but a few
newer nodes were kickstarted right to 7.4.

The problem was that our mounts of Isilon NFS exports were failing
randomly among the nodes. Routing was fine.

libvirt machine type rhel6.6.0 on CentOS 7

One of our VM clusters has four CentOS 6.6 machines.

CentOS 6.6 Bacula-SELinux issue

I updated my backup server to CentOS 6.6 this morning. As usual, I
unmounted the current (nightly) tape from the changer before the
reboot. Now Bacula complains it cannot access the changer:

3301 Issuing autochanger "loaded? drive 0" command.
3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/changer' - Permission denied

SELinux is denying source context bacula_t from accessing target
context tape_device_t.

Booting OpenBSD with pxelinux

I've got PXE/TFTP setup for various Linux distributions and some
utilities (clonezilla, dban, etc). I'm now starting in on OpenBSD.

As far as I've been able to figure out via internet searches, pxelinux
(from the syslinux package) is unable to pass control of a machine
directly to a BSD kernel. Instead, you have to use the BSD-supplied
'pxeboot' loader.

kvm: vm root fs becomes ro

I've a the following happen a couple times now, and my internet
searches are failing to locate an answer to the problem.

We've got a few servers that primarily house VMs using KVM. They've
got E-3 cpus and 32 GB RAM, and they run stock CentOS 6.4, fully
patched (not yet migrated to 6.5). The VM disk images are housed on an
NFS server. None of the VMs is particularly resource-hungry. They run
a variety of Linux distros: CentOS 5/6, Debian 6/7.

I'll start to see the VMs fail to write files to their local

Thanks for the CR packages!

Thank you, developers, for the continuous release packages. It's nice
to get a head start on testing 6.5 for wider release.

So far -- one VM, one dev server -- so good!

Excellent 6.3 QA Status Updates

Jeff Sheltren has been providing timely and clear updates about the
status of the 6.3 release:

<a href="" title=""></a>

They're much appreciated! Thank you very, very much.

selinux context for mm-handler?

I've got a Mailman installation running on CentOS 4 that I'd like to
migrate to a CentOS 6 box.

My big obstacle at present is getting Mailman's mm-handler Perl
script to run as a Sendmail local mailer with SELinux enabled.

I've tried changing mm-handler's selinux context type a few times, but
nothing has resulted in success:

context result
etc_mail_t sendmail can't execute mm-handler
mailman_mail_exec_t mm-handler can't load perl modules
bin_t mm-handler can't read Mailman

yum - sqlite SIGSEVG

I've got a CentOS 6.1 x86_64 VM running atop CentOS 6.1 x86_64 KVM
host. The VM is in production, so any fix needs to be fairly

In the VM, yum consistently segfaults when reading non-base
repositories. The problem appears to be related to the faulty creation


The latest installment of this problem is related to the 6.1 cr
repository, but it's happened with other non-base repos in the past.

Steps to duplicate, fix, and re-duplicate the problem:

1. "yum clean all && yum update" will segfault.

problem in cr: nfs-utils-lib-1.1.5-3.el6.x86_64

I ran yum update on a CentOS 6.0 machine against the CR repository
and noticed that the nfs-utils-lib update broke my rcp.idmap settings:

rpc.idmapd: libnfsidmap: processing 'Method' list
rpc.idmapd: libnfsidmap: Unable to get init function: /usr/lib64/libnfsidmap/ undefined symbol: libnfsidmap_plugin_init
rpc.idmapd: libnfsidmap: requested translation method, 'umich_ldap', is not available
rpc.idmapd: Unable to create name to user id mappings.

The /usr/lib64/libnfsidmap/ library included with the
1.1.5-3.el6 update is noticably smaller than the one included in t

IE 9 not sending digest auth info

I migrated our internal wiki server last week, and some IE users
aren't able to authenticate.

The service is hosted by Apache using Digest authentication. It
migrated from Apache 2.2.9 (Debian 5) to Apache 2.2.15 (CentOS 6). The
internal hostname for the wiki server is a DNS CNAME that was
repointed from one host to another during the cutover.

In a normal session,

1. Client sends GET
2. Server sends 401 with WWW-Authenticate header
3. Client sends GET with Authorization header

selinux prohibiting sssd usage

I've got a CentOS 6 machine that's slated to go into production
providing some web and development-repository services.

Part of the environment is gitweb, which works as expected with one
glitch: SELinux doesn't allow gitweb.cgi to query sssd to display who
owns the repositories.

The audit log entries are pretty straightforward, e.g.,

type=AVC msg=audit(XXXXXXXXXXXX): avc: denied { search } for
pid=XXXX comm="gitweb.cgi" name="sss" dev=XXX ino=XXXXXXXXXXX
tcontext=system_u:object_r:sssd_var_lib_t:s0 tclass=dir

I'll use audit2allow

Effecting CentOS change

CentOS has a clear mission. It's the first paragraph on the
home page:

CentOS is an Enterprise-class Linux Distribution derived from
sources freely provided to the public by a prominent North American
Enterprise Linux vendor.

Initial 6.0 trees in QA

In case you didn't see it, the initial CentOS 6 trees have been
released to QA:

<a href="" title=""></a>