[CentOS] Baffled by selinux

2012-02-16 Thread Lars Hecking 

 Apache DocumentRoot on an NFS directory:

[root@localhost ~]# service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
   [FAILED]
[root@localhost ~]# 

 After some research, I found this (dated) link

  http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html

 and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
 can't start httpd. Not sure what to make of the audit log:

type=AVC msg=audit(1329395502.678:61926): avc:  denied  { search } for  
pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 
tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c03e syscall=4 
success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 
a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 
fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1329395502.681:61927): avc:  denied  { search } for  
pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 
tclass=dir
type=SYSCALL msg=audit(1329395502.681:61927): arch=c03e syscall=4 
success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 
items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/16/2012 07:35 AM, Lars Hecking wrote:
> type=AVC msg=audit(1329395502.678:61926): avc:  denied  { search }
> for  pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL
> msg=audit(1329395502.678:61926): arch=c03e syscall=4 success=no
> exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370
> a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0
> euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
> msg=audit(1329395502.681:61927): avc:  denied  { search } for
> pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
> scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL
> msg=audit(1329395502.681:61927): arch=c03e syscall=4 success=no
> exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50
> items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd"
> exe="/usr/sbin/httpd" subj=unconfined_u:system_r:httpd_t:s0
> key=(null)

Have you tried httpd_use_nfs?
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89Ah4ACgkQrlYvE4MpobN49QCfd9MWBdZZM1xMBC1Fw3cWG7hx
iWoAoM8gCRon0jLK0S9wyzxw8hgddozG
=CSFc
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Lars Hecking 

> Have you tried httpd_use_nfs?

 Slam dunk. Thanks!

 Did this boolean exist before yesterdays kernel and selinux policy update?
 The setup was working until I rebooted.



pgpYmmLpiicbO.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] anyone else having flash trouble?

2012-02-16 Thread fred smith 
On Thu, Feb 16, 2012 at 07:50:11AM +, Jake Shipton wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> 
> On Wed, 15 Feb 2012 22:36:14 -0500
> fred smith  wrote:
> 
> > On my centos 5.7 system, using Firefox 10.1, suddenly flash videos
> > have stopped working, like, today. they worked yesterday. Now all I
> > get is an error message that the flash plugin has crashed, reload
> > page and try again.
> > 
> > strangely, my centos-6 machine using the same firefox and the same
> > flash plugin works fine.
> > 
> > Clues?
> > 
> 
> Hi there,
> 
> I had a similar issue to this a while back on a Fedora box, I found out
> it was not flash plugin or firefox causing the issue, it turned out
> that it was the proprietary Nvidia driver that I was using. So if you
> are using Nvidia driver, it might be worth looking into. My issue was
> resolved by updating the driver.
> 
> Your issue may be different, but I thought I would mention it just in
> case :-).

Yes, I'm using the nvidia driver bundle from Nvidia's web site. but
then I ALWAYS have been (this machine is something like 3 years old).
However, I did update it recently, I'll have to see if I can figure
out exactly when that was (less than a week...), and maybe reinstall
the one I had previously.

thanks for the hint!


-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us -
   I can do all things through Christ 
  who strengthens me.
-- Philippians 4:13 ---
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/16/2012 08:28 AM, Lars Hecking wrote:
> 
>> Have you tried httpd_use_nfs?
> 
> Slam dunk. Thanks!
> 
> Did this boolean exist before yesterdays kernel and selinux policy
> update? The setup was working until I rebooted.
> 
> 
> 
> ___ CentOS mailing
> list CentOS@centos.org 
> http://lists.centos.org/mailman/listinfo/centos

I see this boolean in RHEL5 and RHEl6.  So it has been there a while.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89EBMACgkQrlYvE4MpobPpkgCaA2Zq4kyCP6LBeZq5VKGJ1/Rc
ifEAoJKOfGjTL41OyRYQww1m7xFBiYPn
=YpLT
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] anyone else having flash trouble?

2012-02-16 Thread m . roth 
fred smith wrote:
> On Thu, Feb 16, 2012 at 07:50:11AM +, Jake Shipton wrote:
>> On Wed, 15 Feb 2012 22:36:14 -0500
>> fred smith  wrote:
>>
>> > On my centos 5.7 system, using Firefox 10.1, suddenly flash videos
>> > have stopped working, like, today. they worked yesterday. Now all I
>> > get is an error message that the flash plugin has crashed, reload
>> > page and try again.

> Yes, I'm using the nvidia driver bundle from Nvidia's web site. but
> then I ALWAYS have been (this machine is something like 3 years old).
> However, I did update it recently, I'll have to see if I can figure
> out exactly when that was (less than a week...), and maybe reinstall
> the one I had previously.

Strong recommendation: enable elrepo, at least for kmod-nvidia and
xorg-x11-drv-nvidia. That way, when you update, it will autoupdate and
autorebuild for you. I've just started moving that was for my people (and
me) who have nvidia (esp old nvidia) cards.

   mark

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] anyone else having flash trouble?

2012-02-16 Thread Johnny Hughes 
On 02/16/2012 08:25 AM, m.r...@5-cent.us wrote:
> fred smith wrote:
>> On Thu, Feb 16, 2012 at 07:50:11AM +, Jake Shipton wrote:
>>> On Wed, 15 Feb 2012 22:36:14 -0500
>>> fred smith  wrote:
>>>
 On my centos 5.7 system, using Firefox 10.1, suddenly flash videos
 have stopped working, like, today. they worked yesterday. Now all I
 get is an error message that the flash plugin has crashed, reload
 page and try again.
> 
>> Yes, I'm using the nvidia driver bundle from Nvidia's web site. but
>> then I ALWAYS have been (this machine is something like 3 years old).
>> However, I did update it recently, I'll have to see if I can figure
>> out exactly when that was (less than a week...), and maybe reinstall
>> the one I had previously.
> Strong recommendation: enable elrepo, at least for kmod-nvidia and
> xorg-x11-drv-nvidia. That way, when you update, it will autoupdate and
> autorebuild for you. I've just started moving that was for my people (and
> me) who have nvidia (esp old nvidia) cards.

I echo this recommendation.

I used to use the NVIDIA drivers directly from the nvidia.com, but since
I upgraded my workstation to CentOS-6.x I have been using elrepo's rpms
for nvidia with no issues.

I certainly know how to build things (being that I build most of the c4
and c5 updates that we release), but I love the convenience that elrepo
provides.  I highly recommend the elrepo site for anything that they
currently maintain, they do a great job.



signature.asc
Description: OpenPGP digital signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 84, Issue 9

2012-02-16 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CESA-2012:0137 Moderate CentOS 6 texlive Update (Johnny Hughes)


--

Message: 1
Date: Thu, 16 Feb 2012 13:36:55 +
From: Johnny Hughes 
Subject: [CentOS-announce] CESA-2012:0137 Moderate CentOS 6 texlive
Update
To: centos-annou...@centos.org
Message-ID: <20120216133655.ga3...@chakra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2012:0137 Moderate

Upstream details at : https://rhn.redhat.com/errata/RHSA-2012-0137.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 


i386:
406a29cf1e1d670947152626b4c065c1a2c3152e7a0e8716fbcc03c06ef4552f  
kpathsea-2007-57.el6_2.i686.rpm
376f2c7c3b2db9cb371c79c698b89b9b7bc16980965d6fafe4891b94000a16eb  
kpathsea-devel-2007-57.el6_2.i686.rpm
383da1ce73b5e83fc779b00c4e5d3e81bcaca29ca38b85b725b90d6cc172c2ca  
mendexk-2.6e-57.el6_2.i686.rpm
1b3ce4a5a0abc594630c5610fc8af68c6a7e8341797bf42a99a14ac2f73d8b44  
texlive-2007-57.el6_2.i686.rpm
21ce278b35896a763bad3cfe09496b22326a50f40b1fe476bf41ab53f35903b5  
texlive-afm-2007-57.el6_2.i686.rpm
ff4345df827f7bf7621ec014112760135d820e271f3e51bbd2ab3fcad433cf49  
texlive-context-2007-57.el6_2.i686.rpm
b1a86a1dba98a0c12c7b1204f860a8de379b69f142f8e4e158d48a1764c88d61  
texlive-dvips-2007-57.el6_2.i686.rpm
70eec46e8e88cba74831ef64744ef4fdba91a84c480d5b0ed0fc13c9db6e941b  
texlive-dviutils-2007-57.el6_2.i686.rpm
0c014cd50bccd509e9440d970a8ea895177c461de81df9d78c9e0dd3d6a76385  
texlive-east-asian-2007-57.el6_2.i686.rpm
360600ae26f25b515ec871ce145a1247880a1212ad0b411ffb1372c970824bd0  
texlive-latex-2007-57.el6_2.i686.rpm
73c8b97406bf24fc9c1fefd98869804d01593e430868bfbcabc147e6811a3beb  
texlive-utils-2007-57.el6_2.i686.rpm
2b87981ba3a4819619df7d757f5c5b08e6eb26893da90b20c8aedb714a169251  
texlive-xetex-2007-57.el6_2.i686.rpm

x86_64:
406a29cf1e1d670947152626b4c065c1a2c3152e7a0e8716fbcc03c06ef4552f  
kpathsea-2007-57.el6_2.i686.rpm
b78f1c2e62eb21c3efdb2d55246b91db2c8f15ae5e34bd768c46d14da3f2d741  
kpathsea-2007-57.el6_2.x86_64.rpm
376f2c7c3b2db9cb371c79c698b89b9b7bc16980965d6fafe4891b94000a16eb  
kpathsea-devel-2007-57.el6_2.i686.rpm
95bb39f6fc523c274dc1f64bcb291933037ad6cd3e5be1d8c0b2a97b85e4fcb0  
kpathsea-devel-2007-57.el6_2.x86_64.rpm
012210632c9d8f232fbc5895089f44030ea2c5850cd071c988486d6c99f3a1c4  
mendexk-2.6e-57.el6_2.x86_64.rpm
d8e5a34a56aca3588b5ae31667b6e5d637042a6b358d0df621d9f8a08ad39f6e  
texlive-2007-57.el6_2.x86_64.rpm
03843785389fe72aadfeacf4d3cd57eebf05e9d5b3f6041edaada8b1a565fc49  
texlive-afm-2007-57.el6_2.x86_64.rpm
043abe275970f3283888d17d2126fde2c5d174d2e05a1e1157d2f9ef3c77c7fc  
texlive-context-2007-57.el6_2.x86_64.rpm
5fe03179de87d4d6240beee8815570a5297d35e937084d1acd793fda9c883f42  
texlive-dvips-2007-57.el6_2.x86_64.rpm
91d166905ad7253383657f6d9145cd56aa54e6cb13db7112e828e237041506b7  
texlive-dviutils-2007-57.el6_2.x86_64.rpm
2e5b054bb9e05760c7599faec8b16a65cfca93fc34a01261fc6a7f06658412e0  
texlive-east-asian-2007-57.el6_2.x86_64.rpm
30143ce4ae1096f28132e7be4492dd36e12f70eb6c2650e45b95c63453d2d018  
texlive-latex-2007-57.el6_2.x86_64.rpm
f7f7746f1859b0f2007f04578a9f24bbc734ade08463d15fdc38bd1407b231ad  
texlive-utils-2007-57.el6_2.x86_64.rpm
df15dacff74951879af09826e25d28a77aa20865a6efb225493742163d7fe147  
texlive-xetex-2007-57.el6_2.x86_64.rpm

Source:
7e9502ce9718dc5f85b70d7ab15666c7504fb39fd68b02d6ec785d84df417306  
texlive-2007-57.el6_2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net



--

___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 84, Issue 9
**
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread James B. Byrne 

On Thu, February 16, 2012 07:35, Lars Hecking wrote:
>
>  Apache DocumentRoot on an NFS directory:
>
> [root@localhost ~]# service httpd start
> Starting httpd: Warning: DocumentRoot [/home/www/html]
> does not exist
> Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
> DocumentRoot must be a directory
>[FAILED]
> [root@localhost ~]#
>
>  After some research, I found this (dated) link
>
>   http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
>
>  and followed the suggestion, setsebool -P
> use_nfs_home_dirs=1. But I still
>  can't start httpd. Not sure what to make of the audit
> log:
>
> type=AVC msg=audit(1329395502.678:61926): avc:  denied  {
> search } for  pid=25674 comm="httpd" name="" dev=0:23
> ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=dir
> type=SYSCALL msg=audit(1329395502.678:61926):
> arch=c03e syscall=4 success=no exit=-13
> a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370
> a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0
> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0
> ses=2 comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
> type=AVC msg=audit(1329395502.681:61927): avc:  denied  {
> search } for  pid=25674 comm="httpd" name="" dev=0:23
> ino=3471615 scontext=unconfined_u:system_r:httpd_t:s0
> tcontext=system_u:object_r:nfs_t:s0 tclass=dir
> type=SYSCALL msg=audit(1329395502.681:61927):
> arch=c03e syscall=4 success=no exit=-13
> a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50
> items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0
> suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2
> comm="httpd" exe="/usr/sbin/httpd"
> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
>
>
>
>

Try this:

yum install policycoreutils-python setroubleshoot-server

Now use the audit2allow and semanage utilities to tell you
what SEbooleans to set or what to include in a custom
policy.  Information from 2010 is out of date for SELinux
on CentOS-6, assuming that you are in fact running the
latest version, much less stuff from 2005.

HTH

-- 
***  E-Mail is NOT a SECURE channel  ***
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited  http://www.harte-lyne.ca
9 Brockley Drive  vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada  L8E 3C3

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/16/2012 12:13 PM, James B. Byrne wrote:
> 
> On Thu, February 16, 2012 07:35, Lars Hecking wrote:
>> 
>> Apache DocumentRoot on an NFS directory:
>> 
>> [root@localhost ~]# service httpd start Starting httpd: Warning:
>> DocumentRoot [/home/www/html] does not exist Syntax error on line
>> 292 of /etc/httpd/conf/httpd.conf: DocumentRoot must be a
>> directory [FAILED] [root@localhost ~]#
>> 
>> After some research, I found this (dated) link
>> 
>> http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html
>> 
>> and followed the suggestion, setsebool -P use_nfs_home_dirs=1.
>> But I still can't start httpd. Not sure what to make of the
>> audit log:
>> 
>> type=AVC msg=audit(1329395502.678:61926): avc:  denied  { search
>> } for  pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
>> scontext=unconfined_u:system_r:httpd_t:s0 
>> tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL
>> msg=audit(1329395502.678:61926): arch=c03e syscall=4
>> success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370
>> a2=7fffaf747370 a3=7fef30c65c30 items=0 ppid=25673 pid=25674
>> auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
>> tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" 
>> subj=unconfined_u:system_r:httpd_t:s0 key=(null) type=AVC
>> msg=audit(1329395502.681:61927): avc:  denied  { search } for
>> pid=25674 comm="httpd" name="" dev=0:23 ino=3471615
>> scontext=unconfined_u:system_r:httpd_t:s0 
>> tcontext=system_u:object_r:nfs_t:s0 tclass=dir type=SYSCALL
>> msg=audit(1329395502.681:61927): arch=c03e syscall=4
>> success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630
>> a2=7fffaf747630 a3=50 items=0 ppid=25673 pid=25674 auid=0 uid=0
>> gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 
>> comm="httpd" exe="/usr/sbin/httpd" 
>> subj=unconfined_u:system_r:httpd_t:s0 key=(null)
>> 
>> 
>> 
>> 
> 
> Try this:
> 
> yum install policycoreutils-python setroubleshoot-server
> 
> Now use the audit2allow and semanage utilities to tell you what
> SEbooleans to set or what to include in a custom policy.
> Information from 2010 is out of date for SELinux on CentOS-6,
> assuming that you are in fact running the latest version, much less
> stuff from 2005.
> 
> HTH
> 

Actually the combination of two booleans would have also allowed this
access.

tunable_policy(`httpd_enable_homedirs && use_nfs_home_dirs',`
fs_list_auto_mountpoints(httpd_t)
fs_read_nfs_files(httpd_t)
fs_read_nfs_symlinks(httpd_t)
')

But if you are not allowing apache to look in users homedirs,
httpd_use_nfs is more secure.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAk89O2YACgkQrlYvE4MpobO2QACgh4bXtGnbl3tR79dVb8uq42Jt
dlEAljnV14BDxlFELIRC6GHffqIyyqU=
=j+oC
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Les Mikesell 
On Thu, Feb 16, 2012 at 11:13 AM, James B. Byrne wrote:


> Information from 2010 is out of date for SELinux
> on CentOS-6,



I thought the whole point of enterprise distributions was to not have
behavior changes for a major version release, which would, in fact have
been in 2010 for the upstream copy.

-- 
   Les Mikesell
 lesmikes...@gmail.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] [RESOLVED] -- Re: anyone else having flash trouble?

2012-02-16 Thread fred smith 
On Thu, Feb 16, 2012 at 09:15:18AM -0600, Johnny Hughes wrote:
> On 02/16/2012 08:25 AM, m.r...@5-cent.us wrote:
> > fred smith wrote:
> >> On Thu, Feb 16, 2012 at 07:50:11AM +, Jake Shipton wrote:
> >>> On Wed, 15 Feb 2012 22:36:14 -0500
> >>> fred smith  wrote:
> >>>
>  On my centos 5.7 system, using Firefox 10.1, suddenly flash videos
>  have stopped working, like, today. they worked yesterday. Now all I
>  get is an error message that the flash plugin has crashed, reload
>  page and try again.
> > 
> >> Yes, I'm using the nvidia driver bundle from Nvidia's web site. but
> >> then I ALWAYS have been (this machine is something like 3 years old).
> >> However, I did update it recently, I'll have to see if I can figure
> >> out exactly when that was (less than a week...), and maybe reinstall
> >> the one I had previously.
> > Strong recommendation: enable elrepo, at least for kmod-nvidia and
> > xorg-x11-drv-nvidia. That way, when you update, it will autoupdate and
> > autorebuild for you. I've just started moving that was for my people (and
> > me) who have nvidia (esp old nvidia) cards.
> 
> I echo this recommendation.
> 
> I used to use the NVIDIA drivers directly from the nvidia.com, but since
> I upgraded my workstation to CentOS-6.x I have been using elrepo's rpms
> for nvidia with no issues.
> 
> I certainly know how to build things (being that I build most of the c4
> and c5 updates that we release), but I love the convenience that elrepo
> provides.  I highly recommend the elrepo site for anything that they
> currently maintain, they do a great job.

without having yet switched to a repo instead of using the package
from nvidia's web site, I just reinstalled the previous version of
the nvidia drivers and now flash works. go figure.

the one that was NOT working for me was 290.10, and the next newest one I had
(the one I am now using again) is 285.05.09.

of course, that doesn't say it's an nvidia bug, it may well be a flash
problem. time will tell, perhaps.

thanks for the advise to all of you!

Fred

-- 
---
 .Fred Smith   /  
( /__  ,__.   __   __ /  __   : / 
 //  /   /__) /  /  /__) .+'   Home: fre...@fcshome.stoneham.ma.us 
//  (__ (___ (__(_ (___ / :__ 781-438-5471 
 Jude 1:24,25 -
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Bob Hoffman 
*Lars Hecking*  wrote

===
pache DocumentRoot on an NFS directory:

[root at localhost    ~]# 
service httpd start
Starting httpd: Warning: DocumentRoot [/home/www/html] does not exist
Syntax error on line 292 of /etc/httpd/conf/httpd.conf:
DocumentRoot must be a directory
[FAILED]
[root at localhost    ~]#

  After some research, I found this (dated) link

   http://www.redhat.com/archives/rhl-list/2005-July/msg02443.html

  and followed the suggestion, setsebool -P use_nfs_home_dirs=1. But I still
  can't start httpd. Not sure what to make of the audit log:

type=AVC msg=audit(1329395502.678:61926): avc:  denied  { search } for  
pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 
tclass=dir
type=SYSCALL msg=audit(1329395502.678:61926): arch=c03e syscall=4 
success=no exit=-13 a0=7fef342bc080 a1=7fffaf747370 a2=7fffaf747370 
a3=7fef30c65c30 items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 
fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
type=AVC msg=audit(1329395502.681:61927): avc:  denied  { search } for  
pid=25674 comm="httpd" name="" dev=0:23 ino=3471615 
scontext=unconfined_u:system_r:httpd_t:s0 tcontext=system_u:object_r:nfs_t:s0 
tclass=dir
type=SYSCALL msg=audit(1329395502.681:61927): arch=c03e syscall=4 
success=no exit=-13 a0=7fef342eae68 a1=7fffaf747630 a2=7fffaf747630 a3=50 
items=0 ppid=25673 pid=25674 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
sgid=0 fsgid=0 tty=pts0 ses=2 comm="httpd" exe="/usr/sbin/httpd" 
subj=unconfined_u:system_r:httpd_t:s0 key=(null)
===

/home/www/html does not exist.
Whether redhat did this on purpose or by mistake, the directory should be
/var/www/html.

IT is not selinux, it is the wrong non existing directory in the httpd.conf 
file.

oopsy on someone's part. Happened to me too...took me a while to see the 
installed
conf file directory was the wrong folder path.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [RESOLVED] -- Re: anyone else having flash trouble?

2012-02-16 Thread Akemi Yagi 
On Thu, Feb 16, 2012 at 12:34 PM, fred smith
 wrote:
> On Thu, Feb 16, 2012 at 09:15:18AM -0600, Johnny Hughes wrote:

>> I used to use the NVIDIA drivers directly from the nvidia.com, but since
>> I upgraded my workstation to CentOS-6.x I have been using elrepo's rpms
>> for nvidia with no issues.
>>
>> I certainly know how to build things (being that I build most of the c4
>> and c5 updates that we release), but I love the convenience that elrepo
>> provides.  I highly recommend the elrepo site for anything that they
>> currently maintain, they do a great job.
>
> without having yet switched to a repo instead of using the package
> from nvidia's web site, I just reinstalled the previous version of
> the nvidia drivers and now flash works. go figure.
>
> the one that was NOT working for me was 290.10, and the next newest one I had
> (the one I am now using again) is 285.05.09.

Now that you know which version of the Nvidia driver to use, it is
time to switch to ELRepo. :-)  Otherwise you have to keep
re-installing it for each kernel update. You can see here (for
example):

http://elrepo.org/linux/elrepo/el6/x86_64/RPMS/

that ELRepo maintains earlier versions of the driver. Install the one
you want, and exclude it in yum.conf so that the "good" one stays on
your system.

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] [RESOLVED] -- Re: anyone else having flash trouble?

2012-02-16 Thread Jake Shipton 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Thu, 16 Feb 2012 13:09:08 -0800
Akemi Yagi  wrote:

> On Thu, Feb 16, 2012 at 12:34 PM, fred smith
>  wrote:
> > On Thu, Feb 16, 2012 at 09:15:18AM -0600, Johnny Hughes wrote:
> 
> >> I used to use the NVIDIA drivers directly from the nvidia.com, but
> >> since I upgraded my workstation to CentOS-6.x I have been using
> >> elrepo's rpms for nvidia with no issues.
> >>
> >> I certainly know how to build things (being that I build most of
> >> the c4 and c5 updates that we release), but I love the convenience
> >> that elrepo provides.  I highly recommend the elrepo site for
> >> anything that they currently maintain, they do a great job.
> >
> > without having yet switched to a repo instead of using the package
> > from nvidia's web site, I just reinstalled the previous version of
> > the nvidia drivers and now flash works. go figure.
> >
> > the one that was NOT working for me was 290.10, and the next newest
> > one I had (the one I am now using again) is 285.05.09.
> 
> Now that you know which version of the Nvidia driver to use, it is
> time to switch to ELRepo. :-)  Otherwise you have to keep
> re-installing it for each kernel update. You can see here (for
> example):
> 
> http://elrepo.org/linux/elrepo/el6/x86_64/RPMS/
> 
> that ELRepo maintains earlier versions of the driver. Install the one
> you want, and exclude it in yum.conf so that the "good" one stays on
> your system.
> 
> Akemi
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos

Glad to hear Fred fixed his issue :-).

Just for the record, I too manually install Nvidia drivers without a
repo on all my machines (Both CentOS & Fedora). This issue can be
triggered by xorg updates etc. It can be a bit of a pain having to
reinstall the drivers manually, but for me I always run into some weird
problem or other with the repository versions. So I just keep a good
version of the driver at "/nv.run" and run it after each xorg or kernel
update :-). But that is my personal preference.

But if you do not get problems with the RPM versions I would recommend
you get them :-). 

- -- 
Jake Shipton (JakeMS)
GPG Key: 0xE3C31D8F
GPG Fingerprint: 7515 CC63 19BD 06F9 400A DE8A 1D0B A5CF E3C3 1D8F


-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.18 (GNU/Linux)

iQEcBAEBAgAGBQJPPXMDAAoJEB0Lpc/jwx2P8tcIAL5sjpLM9Mwb4UklXIJeKvC6
jd3DP01M5zO4XY01vb4GnmapSeH0Fkk2PQWrOCA92tEY5/Je6HMDuepHKl3icTtL
SKTy9+vkD533XAwivx1/SaZL4lf8Xrglv9u2Tuh8gSwlW23W164sY+JMH4M0UduP
1cRGMlK95ZSppkx4BwiiwGttuwnY3vP6cHnhqYTwMzX6VIMei5fU13vKl5lOBISD
gu+7K5YRDoxWHEfvOWXECutc0KVXRbgpeBNxNcKEcAMOJHVnS4pbLkzAzCAuF9Dc
C8SVlZgMNFW0b34K42nOnlf5vbN5tMn4Pp7kTOiNERTZ71G8V5i/tnLeomvHWAE=
=0Lsf
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Baffled by selinux

2012-02-16 Thread Daniel J Walsh 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On 02/16/2012 12:52 PM, Les Mikesell wrote:
> On Thu, Feb 16, 2012 at 11:13 AM, James B. Byrne
> wrote:
> 
> 
>> Information from 2010 is out of date for SELinux on CentOS-6,
> 
> 
> 
> I thought the whole point of enterprise distributions was to not
> have behavior changes for a major version release, which would, in
> fact have been in 2010 for the upstream copy.
> 

The data from 2010 is still current, but you need to change both booleans.

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk89iMYACgkQrlYvE4MpobPKyQCg3s+IL6Gsaob5np1Yva+O+fiq
W9kAoLiQXFA6wU+l3jVuzfjVOAsn2QNx
=oM7A
-END PGP SIGNATURE-
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos