Postings by Sean

What is the proper place for GDM related dconf settings now?


It seems that with CentOS 7.6 and Gnome 3.28, a clean install of a
Workstation package profile does not build the /etc/dconf/db/gdm.d/
directory tree. I have several desktops in operation which we
kickstart built with an older 7.3/4/5 version of CentOS as the base
install media. These all have a dconf directory for gdm, and I assume
a dconf profile directory for gdm as well (though I admit it always
worked so I never cared about looking for it).

Is it possible to simulate mod_ssl crl checks by hand?


Question: How do I craft an `openssl verify` command to test
validating the client's ssl cert in a way mimics what apache is
actually doing based on the configuration directives in use?

I have been looking through the source code, but its been over 25
years since I studied Kernighan and Ritche in college and I'm
struggling to follow it through.

My assumption has been that `SSLCARevocationCheck chain` is equivalent
to `openssl verify -crl_check_all` whereas `SSLCARevocationCheck leaf`
is equivalent to `openssl verify -crl_check`, but this seems to be
complicated by the SSLCARevocationPat

Re: [CentOS] SElinux AVC signull

Hi Leon,

I don't have access to a CentOS 6.10 system handy, but it looks like a
policy issue. If I take you're ausearch output and pipe it to
audit2allow on my CentOS 7.6 system, I get the following:

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_script_t:process signull;

Noting that on my 7.6 system with selinux enforcing with selinux
policy packages at version 3.13.1-229, it notes that your denial would
not happen.

high kworker CPU usage in 3.10.0-957 w/ Xorg nouveau driver?

Hi all,

I have a number of Gnome/X desktop workstations with NVidia GeForce GT
1030 adapters, dual monitors, Core I7 3770 quad-core hyper-threaded
CPUs, with 32GB of RAM. Most (haven't checked them all yet) are
exhibiting problems that include significant sluggish-ness with mouse
movement and typing as well as screen rendering problems happening
since upgrading from kernel 3.10.0-862.14.4.el7.x86_64 to
3.10.0-957.1.3.el7.x86_64. The users have seen this behavior after
logging into Gnome, but with out any additional applications running
(Chrome/Firefox/LibreOffice, etc.).

NetworkManager, multiple IPs, and selinux...


I was wondering if any one has seen issues with selinux name_bind denials
that result from having IP:PORT bindings for services to specific IP
addresses managed on an interface under NetworkManager's control?

I do realize that people will probably say stop using NetworkManager, and I
may, but the behavior is strange, and I'd like to have a better
understanding of what's going on.

The config is like so:

# nmcli c mod eth0 ipv4.addresses,
# nmcli c down eth0
# nmcli c up eth0
# getenforce
# systemctl start httpd
<errors> permission denied bindi

Firefox ESR Progress?

Is there a way to track CentOS's progress on RHSA-2018-2113?

<a href="" title=""></a>


Will RHSA-2018:0980 hit Centos repos soon?

Hi all,

RH published the advisory 2 weeks ago, according to
<a href="" title=""></a>. The main repo does not
appear to have the packages noted yet -
<a href="" title=""></a>

We've been waiting on a few of these bugs to be fixed for some time. I
don't mean to be impatient, just looking for an ETA.

Thanks for all the great work the team does!