DevHeads.net

Postings by Sean

Re: [CentOS] SElinux AVC signull

Hi Leon,

I don't have access to a CentOS 6.10 system handy, but it looks like a
policy issue. If I take you're ausearch output and pipe it to
audit2allow on my CentOS 7.6 system, I get the following:

#============= httpd_t ==============

#!!!! This avc is allowed in the current policy
allow httpd_t httpd_sys_script_t:process signull;

Noting that on my 7.6 system with selinux enforcing with selinux
policy packages at version 3.13.1-229, it notes that your denial would
not happen.

high kworker CPU usage in 3.10.0-957 w/ Xorg nouveau driver?

Hi all,

I have a number of Gnome/X desktop workstations with NVidia GeForce GT
1030 adapters, dual monitors, Core I7 3770 quad-core hyper-threaded
CPUs, with 32GB of RAM. Most (haven't checked them all yet) are
exhibiting problems that include significant sluggish-ness with mouse
movement and typing as well as screen rendering problems happening
since upgrading from kernel 3.10.0-862.14.4.el7.x86_64 to
3.10.0-957.1.3.el7.x86_64. The users have seen this behavior after
logging into Gnome, but with out any additional applications running
(Chrome/Firefox/LibreOffice, etc.).

NetworkManager, multiple IPs, and selinux...

Hello,

I was wondering if any one has seen issues with selinux name_bind denials
that result from having IP:PORT bindings for services to specific IP
addresses managed on an interface under NetworkManager's control?

I do realize that people will probably say stop using NetworkManager, and I
may, but the behavior is strange, and I'd like to have a better
understanding of what's going on.

The config is like so:

# nmcli c mod eth0 ipv4.addresses 192.168.1.10/24,192.168.1.11/24
# nmcli c down eth0
# nmcli c up eth0
# getenforce
Enforcing
# systemctl start httpd
<errors> permission denied bindi

Firefox 60.0.1.0 ESR Progress?

Is there a way to track CentOS's progress on RHSA-2018-2113?

<a href="https://access.redhat.com/errata/RHSA-2018:2113" title="https://access.redhat.com/errata/RHSA-2018:2113">https://access.redhat.com/errata/RHSA-2018:2113</a>

Thanks!

Will RHSA-2018:0980 hit Centos repos soon?

Hi all,

RH published the advisory 2 weeks ago, according to
<a href="https://access.redhat.com/errata/RHSA-2018:0980" title="https://access.redhat.com/errata/RHSA-2018:0980">https://access.redhat.com/errata/RHSA-2018:0980</a>. The main repo does not
appear to have the packages noted yet -
<a href="http://mirror.centos.org/centos/7/updates/x86_64/Packages/" title="http://mirror.centos.org/centos/7/updates/x86_64/Packages/">http://mirror.centos.org/centos/7/updates/x86_64/Packages/</a>

We've been waiting on a few of these bugs to be fixed for some time. I
don't mean to be impatient, just looking for an ETA.

Thanks for all the great work the team does!