[CentOS] PAM unable to dlopen(/lib64/security/pam_fprintd.so)
Hello the logwatch from my CentOS 6 / 64 bit machine (minimal install, with permissive SELinux) keeps reporting me: **Unmatched Entries** PAM adding faulty module: /lib64/security/pam_fprintd.so: 9 Time(s) PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory: 9 Time(s) I've found this bug report - https://bugzilla.redhat.com/show_bug.cgi?id=656434 But I'm not sure what's the best workaround for me - if I'm just running an Apache (Drupal) + PostgreSQL website? Should I install fprintd-pam (got that from "yum whatprovides") Thank you Alex ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] [HW] Do the HDD cages in rack mount chassis indicate visual/audio HDD failure?
Dear Arun, On Tuesday, October 11, 2011 you wrote: > I would appreciate clarification on the following: > (a) Indicate disk failure. LED lights up and/or audio alarm? > (b) The failed HDD can be swapped. Don't rely on the LED going on. I mark all my hot swap disks with labels with their serial number. This label is visible from the outside without removing the HD. That way, I can double check that I remove the faulty disk. Pulling the wrong disk is the last thing you want to risk in a RAID setup. Relying on a fault LED is close to that. Also make a list of the HD serial numbers and their position within the RAID in time. Store that in a safe place. I pulled ONCE the wrong disk out of a Raid5 array. :-( You know what that means? best regards --- Michael Schumacher PAMAS Partikelmess- und Analysesysteme GmbH Dieselstr.10, D-71277 Rutesheim Tel +49-7152-99630 Fax +49-7152-996333 Geschäftsführer: Gerhard Schreck Handelsregister B Stuttgart HRB 252024 ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtual host package, command line, I need help
On Thursday, October 13, 2011 02:32:05 AM Bob Hoffman wrote: > There has to be a way to get a video or text install locally from the default > virt host package without > installing x windows system, gnome, or kdealthough many little bits of > those packages were installed. > > it really feels like my user is not allowed to go into a graphic view of > anything relating to guests. > at least not locally (the only way I would rather do it, do not know how to > x-tunnel and all that) What kind of guests are you installing? If CentOS, and you can get the console at all, use the vnc installation method and bring up the VNC GUI on a workstation. Also see the virt-install man page and the --vnc command-line option. The upstream Beta 6.2 docs may have some information that might help you, assuming it doesn't require beta 6.2 packages to do it http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Virtualization_Host_Configuration_and_Guest_Installation_Guide/index.html http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6-Beta/html/Virtualization_Administration_Guide/index.html Also: http://linuxexchange.org/questions/1265/virt-install-with-vnc-how-can-i-connect-to-the-vnc-port-from-a-remote-computer Hope that helps. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 80, Issue 4
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. CEBA-2011:1368 CentOS 5 x86_64 aspell-sr FASTTRACK Update
(Johnny Hughes)
2. CEBA-2011:1368 CentOS 5 i386 aspell-sr FASTTRACK Update
(Johnny Hughes)
3. CEBA-2011:1367 CentOS 5 i386 man-pages-ja FASTTRACK Update
(Johnny Hughes)
4. CEBA-2011:1367 CentOS 5 x86_64 man-pages-ja FASTTRACK Update
(Johnny Hughes)
--
Message: 1
Date: Thu, 13 Oct 2011 21:10:27 +
From: Johnny Hughes
Subject: [CentOS-announce] CEBA-2011:1368 CentOS 5 x86_64 aspell-sr
FASTTRACK Update
To: centos-annou...@centos.org
Message-ID: <20111013211027.ga22...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1368
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1368.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
7241fbc998c534f156d836abef3cee1a aspell-sr-0.02-2.x86_64.rpm
Source:
298c2c9564bc4e96345c409c31b48295 aspell-sr-0.02-2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 2
Date: Thu, 13 Oct 2011 21:10:26 +
From: Johnny Hughes
Subject: [CentOS-announce] CEBA-2011:1368 CentOS 5 i386 aspell-sr
FASTTRACK Update
To: centos-annou...@centos.org
Message-ID: <20111013211026.ga22...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1368
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1368.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
e05670c8c1de2f31d98c993e3694d163 aspell-sr-0.02-2.i386.rpm
Source:
298c2c9564bc4e96345c409c31b48295 aspell-sr-0.02-2.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 3
Date: Thu, 13 Oct 2011 21:13:19 +
From: Johnny Hughes
Subject: [CentOS-announce] CEBA-2011:1367 CentOS 5 i386 man-pages-ja
FASTTRACK Update
To: centos-annou...@centos.org
Message-ID: <20111013211319.ga22...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1367
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1367.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
i386:
32499a74b1829f7aeb3f18057ea0ff96 man-pages-ja-20060815-15.el5.noarch.rpm
Source:
7ca197c4e3e5d7a7db11e4d2a04a0ac7 man-pages-ja-20060815-15.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
Message: 4
Date: Thu, 13 Oct 2011 21:13:19 +
From: Johnny Hughes
Subject: [CentOS-announce] CEBA-2011:1367 CentOS 5 x86_64 man-pages-ja
FASTTRACK Update
To: centos-annou...@centos.org
Message-ID: <20111013211319.ga23...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2011:1367
Upstream details at : http://rhn.redhat.com/errata/RHBA-2011-1367.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( md5sum Filename )
x86_64:
32499a74b1829f7aeb3f18057ea0ff96 man-pages-ja-20060815-15.el5.noarch.rpm
Source:
7ca197c4e3e5d7a7db11e4d2a04a0ac7 man-pages-ja-20060815-15.el5.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
--
___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
End of CentOS-announce Digest, Vol 80, Issue 4
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
[CentOS] SELinux triggered during Libvirt snapshots
I recently began getting periodic emails from SEalert that SELinux is
preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store
all my virtual machines for KVM.
All VMs are stored under /vmstore , which is it's own mount point, and
every file and folder under /vmstore currently has the correct context that
was set by doing the following:
semanage fcontext -a -t virt_image_t "/vmstore(/.*)?"
restorecon -R /vmstore
So far I've noticed then when taking snapshots and also when using virsh to
make changes to a domain's XML file. I haven't had any problems for the 3
or 4 months I've run this KVM server using SELinux on Enforcing, and so I'm
not really sure what information is helpful to debug this. The server is
CentOS 6 x86_64 updated to CR. This is the raw audit entry, (hostname
removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied {
getattr } for pid=1842 comm="qemu-kvm" name="/" dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28): arch=c03e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0 a3=7fff1cf15170
items=0 ppid=1 pid=1842 auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
comm="qemu-kvm" exe="/usr/libexec/qemu-kvm"
subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
I've attached the alert email as a quote below, (hostname removed)
Any help is greatly appreciated, I've had to deal little with SELinux
fortunately, but at the moment am not really sure if my snapshots are
actually functional or if this is just some false positive.
Thanks
- Trey
Summary
>
> SELinux is preventing /usr/libexec/qemu-kvm "getattr" access on /vmstore.
>
> Detailed Description
>
> SELinux denied access requested by qemu-kvm. It is not expected that this
>> access is required by qemu-kvm and this access may signal an intrusion
>> attempt. It is also possible that the specific version or configuration of
>> the application is causing it to require additional access.
>
> Allowing Access
>
> You can generate a local policy module to allow this access - see FAQ
>> Please file a bug report.
>
> Additional Information
>
> Source Context: system_u:system_r:svirt_t:s0:c772,c779
>
> Target Context: system_u:object_r:fs_t:s0
>
> Target Objects: /vmstore [ filesystem ]
>
> Source: qemu-kvm
>
> Source Path: /usr/libexec/qemu-kvm
>
> Port:
>
> Host: kvmhost.tld
>
> Source RPM Packages: qemu-kvm-0.12.1.2-2.160.el6_1.8
>
> Target RPM Packages:
>
> Policy RPM: selinux-policy-3.7.19-93.el6_1.7
>
> Selinux Enabled: True
>
> Policy Type: targeted
>
> Enforcing Mode: Enforcing
>
> Plugin Name: catchall
>
> Host Name: kvmhost.tld
>
> Platform: Linux kvmhost.tld 2.6.32-71.29.1.el6.x86_64 #1 SMP Mon Jun 27
>> 19:49:27 BST 2011 x86_64 x86_64
>
> Alert Count: 1
>
> First Seen: Fri Oct 14 18:20:50 2011
>
> Last Seen: Fri Oct 14 18:20:50 2011
>
> Local ID: c73c7440-06ee-4611-80ac-712207ef9aa6
>
> Line Numbers:
>
> Raw Audit Messages :
>
>
>> node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied {
>> getattr } for pid=1842 comm="qemu-kvm" name="/" dev=dm-2 ino=2
>> scontext=system_u:system_r:svirt_t:s0:c772,c779
>> tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
>
> node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28): arch=c03e
>> syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0 a3=7fff1cf15170
>> items=0 ppid=1 pid=1842 auid=4294967295 uid=107 gid=107 euid=107 suid=107
>> fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=4294967295
>> comm="qemu-kvm" exe="/usr/libexec/qemu-kvm"
>> subj=system_u:system_r:svirt_t:s0:c772,c779 key=(null)
>
>
>
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Virtual host package, command line, I need help
Lamar owen wrote What kind of guests are you installing? .. The upstream Beta 6.2 docs may have s.. == It took a long time, but I finally think I got it working. I found a way to bootup to a pretty minimal set up, command line I found a very minimal desktop install setup that does not boot up. I just startx, have a small desktop to do installs, then just close the desktop. Perfect for local installs (everyone who keeps talking about remote installs missed my point...I wanted to do local, same computer) this still needs some testing, but it really works great with early testing. Now I can protect my host by killing all ports coming in, including ssh, and take care of the guests, guest installs, from the ipmi card. what a bear that was...that dang video card issue really made it hard. will post a vid for what I did. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
