Postings by Leon Fauster

place of other RH sources

Out of curiosity - does someone known where the sources of other RH products
are placed? RHEL sources are going into but what about e.g. RH
OpenStack Platform packages or others products?

kpartx can not detach

kpartx -a /mnt/.../lvdisk.img

to map the partitions and mount them via


After using the disk (unmounting it) I noticed that
detaching such mapping via kpartx -d does not result
in freeing up the loop devices. Results: System reboots
shows that the filesystem where lvdisk.img is located
can't be unmounted.

lsof, fuser, ps does not show any usage. Even removing the
device node via

dmsetup remove /dev/mapper/loop0pX

does not help. Trying to unmount the underlying filesystem
still shows /mnt: device is busy.

Any other suggestions would be greatly appreciated!

CentOS 6 / Intel CPU support

<a href="" title=""></a>

shows mainly Xeon CPUs. What about

Intel Core i7-6700 Quad-Core Skylake

has the current EL6 variant support for it?

Any experience? Feedback would be greatly appreciated.


centosplus version of firefox

I known its lower prioritized but any signs of the centosplus
version of firefox? Just asking because of the severity class.

Thanks for the effort!


tmp option of crypttab

I have successfully used the swap option of crypttab (# man crypttab)
to encrypt the swap partition dynamically. rc.sysinit enables that
swap partition successfully at the right point (after encryption).

The same doesn't work for the tmp option of crypttab (# man crypttab).
The encrypted partition is present after booting the system. Manually
mounting it works but adding "/dev/mapper/luks-tmp" into fstab shows that
the boot process tries to mount it to early (not encrypted yet).

This is confusing because other encrypted volumes (not dynamically)
in fstab are successfully mounted.

How to follow upstream updates?

Sorry, if it was answered already elsewhere.

Where exactly are the current EL6 builds done?
Or rephrased: I would like to look into the state
of following security update:


Looking into

<a href="" title=""></a>
<a href="" title=""></a>
<a href="" title=""></a>

shows mostly EL7 stuff.

Just curious,

Plain requirement: desktop search

Just wondering, what exactly is supported/suggested:

I need a comprehensive desktop search functionality. Not only
searching for file names but also for content and meta data. The
environment is EL6.8 / Gnome2. I have noticed that "beagle" is
not part of the distro anymore. Any suggestions for such requirement?


anaconda pgp rpm verification

Does anaconda verifies gpg signatures to ensure the integrity of the packages?

Are the keys already imported or how does anaconda do this job?

Any suggestions to improve the integrity while kickstarting a system?

Do you use repo_gpgcheck?

tool for a comprehensive list of the storage structure

I would like to have a smart cli tool, that shows a
comprehensive list about the local storage structure:

An output like:

/dev/mapper/luks-f85b7a2c-...: UUID="ca924fad-..." TYPE="ext4"
/dev/mapper/vg_internal_e-lv_internal_srv: UUID="f85b7a2c-..." TYPE="crypto_LUKS"
/dev/md3: UUID="1Fi2Ex-..." TYPE="LVM2_member"
/dev/sda4: UUID="00029bd4-..." UUID_SUB="d0024074-..." LABEL="e.ld:3" TYPE="linux_raid_member"
/dev/sdb4: UUID="00029bd4-..." UUID_SUB="bf98fc79-..." LABEL="e.ld:3" TYPE="linux_raid_member"

beside blkid any other to

SElinux suggestions needed: migrating backup service

Hi folks,

normally I have not so much to do with SElinux but I expected to get in touch sooner or later :-)

I migrated a backup-system from El5 to EL6 and the rsync backup process is complaining about selinux attr's now.

cosmetic: missing vendor tag

While making some sanity checks, I noticed that ...

devtoolset-3 application execution

Its seems challenging to maintain applications with a long term vision.

For EL6 I want to use devtoolset-3-gcc-c++-4.9.2-6.2.el6.x86_64 to compile
some binaries. Here my question: will the binaries execute flawless on a
plain EL6 system without additional libraries (stdc++ etc.)?

Example: scl enable devtoolset-3 'rpmbuild -ba local-app1.spec'

rpm requires logic

Exists the possibility to define an RPM requires
statement with a logic? Like:

Requires: mysql-server OR mysql55-mysql-server

MTAs like postfix have "Provides: MTA" to provide
such facility. I do not see such possibility for
DB packages ...


Compile for C6 / glibc

In the hope that some skilled developers are here:

We have a commercial product that do not run under CentOS6

/lib64/ version `GLIBC_2.14' not found

Is it possible to compile software (compile switch?) on a system that
uses a newer glibc but in such a way that can be used (executed) on
a system with an older glibc (like here: compiled on glibc 2.14
based system but C6 is on 2.12)?

EL6 SCL packages

This place may be more appropriate then centos-list.
My subscription is new therefore sorry, if already asked:

How is the centos policy for EL6 SCL packages? I see some
activities about a sclo7 branch but how is the status for
rhscl especially el6's ones?


Status: openssl security update

Hello CentOS-Team,

is <a href="" title=""></a> in the pipeline?


LF repo

Does anyone known whats going on with ? I see an unreachability
since some days ...

kvm_intel: disagrees about version of symbol struct_module

I updated a C5 system to 2.6.18-406.el5 (from 404) and the kvm_intel module doesn't load anymore:

# dmesg |grep kvm
kvm_intel: disagrees about version of symbol struct_module

anyone seeing similarities?

unreachable peer

Hey all,

I have a public peer system (yy.yy.yy.yy) that is reachable
via my home uplink (

15:59:30.244199 IP > yy.yy.yy.yy.https: tcp 0
15:59:30.281931 IP yy.yy.yy.yy.https > tcp 0
15:59:30.281945 IP > yy.yy.yy.yy.https: tcp 0
15:59:30.305020 IP > yy.yy.yy.yy.https: tcp 105
15:59:30.344004 IP yy.yy.yy.yy.https > tcp 1412
15:59:30.344013 IP > yy.yy.yy.yy.https: tcp 0
15:59:30.344016 IP yy.yy.yy.yy.https > tcp 23

At the office we have a EL5 b

unable to umount


on an EL5 XEN DOM0 system I have following volume

$ df -h /srv
Filesystem Size Used Avail Use% Mounted on
/dev/sdc1 917G 858G 60G 94% /srv

that partition was used by virtual machines but they were all halted.

service xendomains stop

$ xm list
Name ID Mem(MiB) VCPUs State Time(s)
Domain-0 0 3000 2 r----- 695.1

$ service xend stop

nothing is using the partition
$ lsof |grep srv

$ fuser -m /srv

$ fuser -km /srv

but i can not umount /srv

$ umount

info/EL5: subversion / mod_dav_svn

Just to point out that EL5 does not get this patch:

<a href="" title=""></a>

"A NULL pointer dereference flaw was found in the way the mod_dav_svn module
handled REPORT requests. A remote, unauthenticated attacker could use a
specially crafted REPORT request to crash mod_dav_svn. (CVE-2014-3580)"

<a href="" title=""></a>

LUKS on EL6 / enable block device after reboot

Is there an easy way (cli) to enable a luks encrypted partition
after reboot (a partition that was not enabled while booting,
because not in the crypttab).

I can execute the necessary command stack [1] but just wondering if
there is an "enterprise/easy" way to do that ...

[1] cryptsetup luksOpen $(blkid -t TYPE="crypto_LUKS" -o device) \
luks-$(cryptsetup luksUUID $(blkid -t TYPE="crypto_LUKS" -o device))

tg3 network link unstable

Full updated EL6: Does someone have the same behaviour, unstable eth interface (tg3/no dhcp)?

Jan 19 18:01:46 ane kernel: tg3 0000:04:00.0: eth0: Link is up at 1000 Mbps, full duplex
Jan 19 18:01:46 ane kernel: tg3 0000:04:00.0: eth0: Flow control is on for TX and on for RX
Jan 19 18:01:46 ane kernel: tg3 0000:04:00.0: eth0: EEE is enabled
Jan 19 18:01:46 ane NetworkManager[1735]: <info> (eth0): carrier now ON (device state 8)
Jan 19 18:02:17 ane kernel: tg3 0000:04:00.0: eth0: Link is down
Jan 19 18:02:17 ane NetworkManager[1735]: <info> (eth0): carrier now OFF (device state 8, deferring act

older distro have newer package in base repo

Just wondering why in EL5's base repo the latest supported mysql
package is 5.5 and in EL6's base repo it is 5.1? Seems strange to me.

(it is clear that the SCL of EL6 has version 5.5 but that implies a
different update policy).

"power outage"-save / like embedded systems

I would like to setup a small system based on CentOS6
"power outage"-save as possible. The hardware will be
switch off by pulling the plug.

To accomplishing this goal, I would mounting some fs parts
readonly (e.g. /usr) and thinking about tmpfs for volatile
parts (e.g. lock, run under var). Additionally "optimize"
some vm.dirty_* kernel- and fs/ext4 parameters. /persistent
would be used with jffs2 on a CF card. So far the theory.

Does anyone have some experience with such type of systems?
Any pointer to pitfalls are welcome.

Needs: i686 without pae (nonpae kernel)

Hi folks,

just curious about the requirement having a nonpae kernel for i686 hw (el6).
Are there any one outside that have the need for such a kernel?

It would be great having such kernels in the plus channel (yum).

assessment free information for repository decision making

<a href="" title=""></a>

htdocs on NFS share / any pitfalls?

Hi all,

i have a new setup where the htdocs directory for the webserver
is located on a nfs share. Client has cachefilesd configured.
Compared to the old setup (htdocs directory is on the local disk)
the performance is not so gratifying. The disk is "faster" compared
to the ethernet link but the cache should at least compensate this
a bit. Do they exist more pitfalls for such configurations?



PS: checking httpd's caching system now ...

bonding interface instable

Hi all,

i recently found that some frontend servers (Centos6) show:

kernel: bonding: bond0: link status definitely up for interface eth2.
kernel: bonding: bond0: link status definitely down for interface eth2, disabling it
kernel: bonding: bond0: link status definitely up for interface eth2.

On some days frequently and on others none.

But there is no hw failure or similar.

cross link connection fall down

Hey all,

i am fighting with a strange behavior here - i have two systems
connected via a direct crosslink wire. After booting, the connection
is up and both systems can reach the other one. After a small time window
the interface is down.