[CentOS] CentOS-announce Digest, Vol 139, Issue 4
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org
You can reach the person managing the list at
centos-announce-ow...@centos.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."
Today's Topics:
1. Re: CentOS-announce Digest, Vol 139, Issue 3
(branko.zece...@pointer.hr)
2. CESA-2016:1850 Important CentOS 6 libarchive Security Update
(Johnny Hughes)
3. CEBA-2016:1833 CentOS 7 device-mapper-multipath BugFix Update
(Johnny Hughes)
4. CEBA-2016:1880 CentOS 7 fence-agents BugFix Update (Johnny Hughes)
5. CEBA-2016:1846 CentOS 7 dnsmasq BugFix Update (Johnny Hughes)
6. CEBA-2016:1877 CentOS 7 java-1.8.0-openjdk BugFix Update
(Johnny Hughes)
7. CEBA-2016:1832 CentOS 7 kmod BugFix Update (Johnny Hughes)
8. CESA-2016:1844 Important CentOS 7 libarchive Security Update
(Johnny Hughes)
9. CEBA-2016:1873 CentOS 7 libteam BugFix Update (Johnny Hughes)
10. CEBA-2016:1879 CentOS 7 ipmitool BugFix Update (Johnny Hughes)
11. CEBA-2016:1878 CentOS 7 memcached BugFix Update (Johnny Hughes)
12. CEBA-2016:1876 CentOS 7 dmraid BugFix Update (Johnny Hughes)
13. CEBA-2016:1843 CentOS 7 NetworkManager BugFix Update
(Johnny Hughes)
14. CEBA-2016:1834 CentOS 7 python BugFix Update (Johnny Hughes)
15. CEBA-2016:1881 CentOS 7 resource-agents BugFixUpdate
(Johnny Hughes)
16. CEBA-2016:1863 CentOS 7 selinux-policy BugFix Update
(Johnny Hughes)
17. CEBA-2016:1874 CentOS 7 spice BugFix Update (Johnny Hughes)
18. CEBA-2016:1835 CentOS 7 systemd BugFix Update (Johnny Hughes)
19. CEBA-2016:1848 CentOS 7 tuned BugFix Update (Johnny Hughes)
--
Message: 1
Date: Wed, 14 Sep 2016 14:02:35 +0200 (CEST)
From: branko.zece...@pointer.hr
To: centos-annou...@centos.org
Subject: Re: [CentOS-announce] CentOS-announce Digest, Vol 139, Issue
3
Message-ID: <20160914120235.4b7e0e0...@lin4.croadria.com>
Content-Type: text/plain; charset="UTF-8"
Dear sender,
I am out of the office until 19.9.2016.
Your e-mail will not be read or forwarded during this time!
In urgent cases kindly call me directly to my mobile phone +385 98 415 705.
Regards
Branko Zecevic
--
Message: 2
Date: Thu, 15 Sep 2016 22:26:12 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2016:1850 Important CentOS 6
libarchive Security Update
Message-ID: <20160915222612.ga7...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Security Advisory 2016:1850 Important
Upstream details at : https://rhn.redhat.com/errata/RHSA-2016-1850.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
i386:
840c6b0856315d2d4123fcf7dcf8a7deb6f4973ab421a389692c2a17c39b1c91
libarchive-2.8.3-7.el6_8.i686.rpm
8f07d9fa0c3e16d46e1e4c95e3c98f5c88863dd27bb41162f772968d2306a216
libarchive-devel-2.8.3-7.el6_8.i686.rpm
x86_64:
840c6b0856315d2d4123fcf7dcf8a7deb6f4973ab421a389692c2a17c39b1c91
libarchive-2.8.3-7.el6_8.i686.rpm
03d2002d99c4f5a122c8029864c1ef2e8f2e68ca7f164598599bc6998ebc24e2
libarchive-2.8.3-7.el6_8.x86_64.rpm
8f07d9fa0c3e16d46e1e4c95e3c98f5c88863dd27bb41162f772968d2306a216
libarchive-devel-2.8.3-7.el6_8.i686.rpm
1afe2653c0472a42f3204df0431a8d00b2c84a27e8ff72654887309eaec5bfaa
libarchive-devel-2.8.3-7.el6_8.x86_64.rpm
Source:
b2c1892e2df4f9286e94ecf76dc01393c68856ee056e9b0c66480d805ad06dcd
libarchive-2.8.3-7.el6_8.src.rpm
--
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS
--
Message: 3
Date: Fri, 16 Sep 2016 00:18:51 +
From: Johnny Hughes
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2016:1833 CentOS 7
device-mapper-multipath BugFix Update
Message-ID: <20160916001851.ga9...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii
CentOS Errata and Bugfix Advisory 2016:1833
Upstream details at : https://rhn.redhat.com/errata/RHBA-2016-1833.html
The following updated files have been uploaded and are currently
syncing to the mirrors: ( sha256sum Filename )
x86_64:
873a754d5e0ed4537e4ac66cda171c92502a351dc332511b1b2ee7a5202f5c60
device-mapper-multipath-0.4.9-85.el7_2.6.x86_64.rpm
97f88641281865fad58c9d803900cffe7311d598b2cbbb42595cc59964a961e5
device-mapper-multipath-libs-0.4.9-85.el7_2.6.i686.rpm
f6bb0983c4bd78d1865d9270764385c6e92993c10cfc77863c740e02c4f77ab6
device-mapper-multipath-libs-0.4.9-85.el7_2.6.x86_64.rpm
3226d0bd2b
[CentOS] SELinux module
Hello everyone,
I have a problem with oddjob_mkhomedir on a NFS mount point. The actual
context is nfs_t
drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/
With this type, oddjob_mkhomedir cannot do is job of creating home user
directories.
In the logs, I found about creating a new module with audi2allow and
semodule:
[root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598
X11 connection rejected because of wrong authentication.
SELinux is preventing /usr/libexec/oddjob/mkhomedir from setattr access on
the file .bash_logout.
* Plugin catchall_boolean (89.3 confidence) suggests
**
If you want to allow use to nfs home dirs
Then you must tell SELinux about this by enabling the 'use_nfs_home_dirs'
boolean.
You can read 'None' man page for more details.
Do
setsebool -P use_nfs_home_dirs 1
* Plugin catchall (11.6 confidence) suggests
**
If you believe that mkhomedir should be allowed setattr access on the
.bash_logout file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep mkhomedir /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context
system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c102
3
Target Contextsystem_u:object_r:nfs_t:s0
Target Objects.bash_logout [ file ]
Sourcemkhomedir
Source Path /usr/libexec/oddjob/mkhomedir
Port
Host
Source RPM Packages oddjob-mkhomedir-0.31.5-4.el7.x86_64
Target RPM Packages
Policy RPMselinux-policy-3.13.1-60.el7_2.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing ModePermissive
Host Name
Platform Linux 3.10.0-327.28.3.el7.x86_64 #1 SMP
Thu Aug 18 19:05:49 UTC 2016 x86_64 x86_64
Alert Count 1
First Seen2016-09-15 15:12:48 EDT
Last Seen 2016-09-15 15:12:48 EDT
Local ID fe2d7f60-d3ff-405b-b518-38d0cf021598
Raw Audit Messages
type=AVC msg=audit(1473966768.233:9091): avc: denied { setattr } for
pid=28565 comm="mkhomedir" name=".bash_logout" dev="0:40" ino=1048581
scontext=system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c1023
tcontext=system_u:object_r:nfs_t:s0 tclass=file
type=SYSCALL msg=audit(1473966768.233:9091): arch=x86_64 syscall=fchown
success=yes exit=0 a0=5 a1=2710 a2=2714 a3=5f7269645f656d6f items=0
ppid=1037 pid=28565 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mkhomedir
exe=/usr/libexec/oddjob/mkhomedir
subj=system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 key=(null)
Hash: mkhomedir,oddjob_mkhomedir_t,nfs_t,file,setattr
I then created the module and the te file says this:
[root@ selinux]# cat mkhomedir_nfs.te
module mkhomedir_nfs 1.0;
require {
type oddjob_mkhomedir_t;
type nfs_t;
class file { write create open setattr };
class dir { write create add_name setattr };
}
#= oddjob_mkhomedir_t ==
# This avc is allowed in the current policy
allow oddjob_mkhomedir_t nfs_t:dir { write create add_name setattr };
# This avc is allowed in the current policy
allow oddjob_mkhomedir_t nfs_t:file { write create open setattr };
Reading this output, I thought I had to add the context oddjob_mkhomedir_t to
the users directory but I got another problem:
[root@ home]# semanage fcontext -a -t oddjob_mkhomedir_t "./users"
ValueError: Type oddjob_mkhomedir_t is invalid, must be a file or device
type
What I do wrong?
In the other hand, is it possible to disable SELinux to a directory and all
is subdirectories?
Thanks,
Bernard
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux module
I do not want to disable SELinux at large but only for a directory and its
sub-directories.
On Fri, Sep 16, 2016 at 8:31 AM, Eddie G. O'Connor Jr. wrote:
> Not sure about most others, but I was always told that you never disable
> Selina. Of course that is in a business/corporate setting. If it's just
> you at home with a few servers? Then yeah I guess disabling it would be
> the "quickest" route around this problem. On Sep 16, 2016 8:25 AM, Bernard
> Fay wrote:
> >
> > Hello everyone,
> >
> > I have a problem with oddjob_mkhomedir on a NFS mount point. The actual
> > context is nfs_t
> >
> > drwxr-xr-x. root root system_u:object_r:nfs_t:s0 users/
> >
> >
> > With this type, oddjob_mkhomedir cannot do is job of creating home user
> > directories.
> >
> > In the logs, I found about creating a new module with audi2allow and
> > semodule:
> >
> > [root@ audit]# sealert -l fe2d7f60-d3ff-405b-b518-38d0cf021598
> > X11 connection rejected because of wrong authentication.
> > SELinux is preventing /usr/libexec/oddjob/mkhomedir from setattr access
> on
> > the file .bash_logout.
> >
> > * Plugin catchall_boolean (89.3 confidence) suggests
> > **
> >
> > If you want to allow use to nfs home dirs
> > Then you must tell SELinux about this by enabling the 'use_nfs_home_dirs'
> > boolean.
> > You can read 'None' man page for more details.
> > Do
> > setsebool -P use_nfs_home_dirs 1
> >
> > * Plugin catchall (11.6 confidence) suggests
> > **
> >
> > If you believe that mkhomedir should be allowed setattr access on the
> > .bash_logout file by default.
> > Then you should report this as a bug.
> > You can generate a local policy module to allow this access.
> > Do
> > allow this access for now by executing:
> > # grep mkhomedir /var/log/audit/audit.log | audit2allow -M mypol
> > # semodule -i mypol.pp
> >
> >
> > Additional Information:
> > Source Context
> > system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c102
> > 3
> > Target Contextsystem_u:object_r:nfs_t:s0
> > Target Objects.bash_logout [ file ]
> > Sourcemkhomedir
> > Source Path /usr/libexec/oddjob/mkhomedir
> > Port
> > Host
> > Source RPM Packages oddjob-mkhomedir-0.31.5-4.el7.x86_64
> > Target RPM Packages
> > Policy RPMselinux-policy-3.13.1-60.el7_2.7.noarch
> > Selinux Enabled True
> > Policy Type targeted
> > Enforcing ModePermissive
> > Host Name
> > Platform Linux 3.10.0-327.28.3.el7.x86_64 #1 SMP
> > Thu Aug 18 19:05:49 UTC 2016 x86_64 x86_64
> > Alert Count 1
> > First Seen2016-09-15 15:12:48 EDT
> > Last Seen 2016-09-15 15:12:48 EDT
> > Local ID fe2d7f60-d3ff-405b-b518-38d0cf021598
> >
> > Raw Audit Messages
> > type=AVC msg=audit(1473966768.233:9091): avc: denied { setattr } for
> > pid=28565 comm="mkhomedir" name=".bash_logout" dev="0:40" ino=1048581
> > scontext=system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:nfs_t:s0 tclass=file
> >
> >
> > type=SYSCALL msg=audit(1473966768.233:9091): arch=x86_64 syscall=fchown
> > success=yes exit=0 a0=5 a1=2710 a2=2714 a3=5f7269645f656d6f items=0
> > ppid=1037 pid=28565 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
> > egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=mkhomedir
> > exe=/usr/libexec/oddjob/mkhomedir
> > subj=system_u:system_r:oddjob_mkhomedir_t:s0-s0:c0.c1023 key=(null)
> >
> > Hash: mkhomedir,oddjob_mkhomedir_t,nfs_t,file,setattr
> >
> >
> >
> > I then created the module and the te file says this:
> >
> > [root@ selinux]# cat mkhomedir_nfs.te
> >
> > module mkhomedir_nfs 1.0;
> >
> > require {
> > type oddjob_mkhomedir_t;
> > type nfs_t;
> > class file { write create open setattr };
> > class dir { write create add_name setattr };
> > }
> >
> > #= oddjob_mkhomedir_t ==
> >
> > # This avc is allowed in the current policy
> > allow oddjob_mkhomedir_t nfs_t:dir { write create add_name setattr };
> >
> > # This avc is allowed in the current policy
> > allow oddjob_mkhomedir_t nfs_t:file { write create open setattr };
> >
> >
> > Reading this output, I thought I had to add the context
> oddjob_mkhomedir_t to
> > the users directory but I got another problem:
> >
> > [root@ home]# semanage fcontext -a -t oddjob_mkhomedir_t "./users"
> > ValueError: Type oddjob_mkhomedir_t is invalid, must be a file or device
> > type
> >
> >
> > What I do wrong?
> >
> > In the other hand, is it possible to disable SELinux to a directory and
> all
> > is subdirectories?
> >
> > Thanks,
> > Bernard
> > ___
> > CentOS mailing list
> > CentOS@centos.org
> > https://lists.centos.org/mailman/listinf
Re: [CentOS] SELinux module
If you are using NFS homedirs, you should run: setsebool -P use_nfs_home_dirs 1 -- Jonathan Billings > On Sep 16, 2016, at 08:25, Bernard Fay wrote: > > setsebool -P use_nfs_home_dirs 1 > > * Plugin catchall (11.6 confidence) suggests > ** > > If you believe that mkhomedir should be allowed setattr access on the > .bash_logout file by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] SELinux module
Thanks a lot Jonathan, It was that simple!!! Problem fixed! On Fri, Sep 16, 2016 at 10:05 AM, Jonathan Billings wrote: > If you are using NFS homedirs, you should run: > > setsebool -P use_nfs_home_dirs 1 > > -- > Jonathan Billings > > > On Sep 16, 2016, at 08:25, Bernard Fay wrote: > > > > setsebool -P use_nfs_home_dirs 1 > > > > * Plugin catchall (11.6 confidence) suggests > > ** > > > > If you believe that mkhomedir should be allowed setattr access on the > > .bash_logout file by default. > > Then you should report this as a bug. > > You can generate a local policy module to allow this access. > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] An m4 question
Does anyone know what, if any, the limits are in m4 on the length of
strings, such as in defines?
That is, if I were to do
define('LINUX', 'machine1, machine2,...machine120...')
Is there a limit to how many I could put in that one define?
mark
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
[CentOS] Centos 7: Notification of available updates in KDE?
Hi, I recently upgraded from CentOS 5 to 7. I have been running KDE. In version 5, if there was a pending update, an icon would appear in the panel, notifying about the update. There is no such icon in CentOS 7 - KDE 4. Is there a way to get this very convenient function? Thanks Frank -- ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
