DevHeads.net

Postings by Johnny Hughes via CentOS

Type enforcement / mechanism not clear

Any SElinux expert here - briefly:

# getenforce
Enforcing

# sesearch -ACR -s httpd_t -c file -p read |grep system_conf_t
<no output>

# sesearch -ACR -s httpd_t -c file -p read |grep syslog_conf_t
<no output>

# ls -laZ /etc/sysctl.conf /etc/rsyslog.conf
-rw-r--r--. root root system_u:object_r:syslog_conf_t:s0 /etc/rsyslog.conf
-rw-r--r--.

Panic / EL6 / KVM / kernel-2.6.32-754.2.1.el6.x86_64

Since the update from kernel-2.6.32-754.2.1.el6.x86_64
to kernel-2.6.32-754.3.5.el6.x86_64 I can not boot my
KVM guests anymore!? The workstation panics immediately!

I would not have expected this behavior now (last phase of OS).
It was very robust until now (Optiplex Workstation). I see some KVM
related lines in the changelog.diff. Before swimming upstream:

Does some one have problems related to KVM with kernel-2.6.32-754.3.5.el6.x86_64 ??

kernel-plus (plus 1?)

hi guys

did you notice, if you use kernel-plus on 7.5 this

CentOS Linux (3.10.0-862.11.6.el7.centos.plus.1.x86_64) 7 (Core)
CentOS Linux (3.10.0-862.11.6.el7.centos.plus.x86_64) 7 (Core)

is that "plus.1" a new naming convention or just one off?

regards, L

Old kernel bug back in CentOS 6.10?

I updated a few hypervisors and their VMs to CentOS 6.10 on Monday;
today I awoke to an alert saying all VMs are down. It looks like a very
old bug crept back in.

The machine is a ProLiant DL380 G7 with Xeon X5675 and 96 GB, running
half a dozen smallish VMs. Hypervisor and all VMs have kernel
2.6.32-754.2.1.el6.x86_64.

grub2 - add NVME to boot from - how?

hi guys,

I thought I should ask before I start fiddling and break something - can
we tell grub2 to add nvme device as an option to boot from?

And if yes then what do tell grub?

many thanks, L.

ecryptfs (from centosplus) and libvirt lxc quest on it - quest upon start shoots host in the head

hi guys

I have a lxc guest on Dell's R815(AMD Opterons) which I just moved to an
ecryptfs mounted folder(using centosplus' kernel)

Copying data to that folder seems to work just fine, but I as soon as I
start the quest the host gets shot in the head, hard reboot, no dump.

I also have another, virtually identical guest but on Intel platform and
that one does not do anything but runs okey.

Any of you guys has experience such gross abnormality?

many thanks, L.

database node / possible SYN flooding on port 3306

Hi folks,

I have here a database node running

# rpm -qa | grep mysql-server
mysql55-mysql-server-5.5.52-1.el6.x86_64

on

# virt-what
vmware

that seems to have a connection problem:

# dmesg |grep SYN |tail -5
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306. Sending cookies.
possible SYN flooding on port 3306.

Solarflare SFC9000 direct connection

hi guys

I wonder if any of you might be using SFN6122F-R7 SFP+ (SFC9000, same
firmware everywhere, Centos 7.5 too.

I'm trying poor man's setup to get the servers onto 10GbE network.

Setup is such that three Dell R815 are connected to each other, each has
one Solarflare(SFP ports) and each Solarflare is set as net-team(both
ports on a card are net-team device) with runner in broadcast mode. And
it all seems to work, they ping each other, iperf okey.

The problem, big problem is that when traffic start to flow between all
three servers simultaneously, with rsync for example, then!!

shellinabox

hi guys,

shellinabox, do you use it?

I in pretty vanilla setup get selinux denials and cannot login.

Selinux says:

#============= unconfined_service_t ==============

#!!!! The file '/usr/bin/bash' is mislabeled on your system.
#!!!! Fix with $ restorecon -R -v /usr/bin/bash
allow unconfined_service_t unconfined_t:process transition;

but that does not seem right to me, to allow such a transition, right?

many thanks, L.

multipath recipe for an enclosure ?

hi guys,

In hope that some experts roam around I post this one question - how do
you multipath disks(all disks) that sit in one specific SAS enclosure?
Blacklist everything else.

And I'm hoping for something like "globing", so you do not want to go
through it on by single disk/wwin basis.

some experts?(or maybe even not, it could be that I do not get it)

many thanks, L.

CentOS-6.9 Bind-9.8.2 error messages

I am encountering messages similar to this in the system logfile:

Jun 20 13:38:18 inet03 named[3720]: malformed transaction:
dynamic/efa1f375d76194fa51a3556a97e641e61685f914d446979da50a551a4333ffd7.mkeys.jnl
last serial 103538 != transaction first serial 103361

I have no idea what this means, what caused it, nor how to fix it.
Any suggestions relevant to any of the above are most welcome.

CentOS-announce Digest, Vol 160, Issue 4

Send CentOS-announce mailing list submissions to
<a href="mailto:centos- ... at centos dot org">centos- ... at centos dot org</a>

To subscribe or unsubscribe via the World Wide Web, visit
<a href="https://lists.centos.org/mailman/listinfo/centos-announce" title="https://lists.centos.org/mailman/listinfo/centos-announce">https://lists.centos.org/mailman/listinfo/centos-announce</a>
or, via email, send a message with subject or body 'help' to
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

You can reach the person managing the list at
<a href="mailto:centos-announce- ... at centos dot org">centos-announce- ... at centos dot org</a>

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."

Today's Topics:

1.

About the membership issue

Concerning the disabled membership (yesterday). Is there anything that I should do?
Visiting the "re-enable" link shows only a plain site with meta information about
the list but without any feedback like "membership enabled". Albeit some postings are
coming in again now (with "normalized" sender address < ... at centos dot org>). Seems
the work to resolve this issue is in progress ...