Re: [CentOS-docs] Documentation proposal

2017-10-24 Thread Akemi Yagi 
On Tue, Oct 24, 2017 at 2:53 PM, Thibaut Perrin 
wrote:

> Hi everyone,
>
> ThibautPerrin here, I would like to propose a How-To to use php7.x on
> CentOS 7, using the SCL, as most of the articles you can find on the web
> offer to do this using third party repositories, which might not be the
> most appropriate thing to do :)
>
> The location would probably be in the How-Tos I'm guessing, unless
> somebody has a better location to offer ?
>
> I already wrote the document, and I'd be happy to submit it for review /
> discussion.
>
> Thanks,
>
> Thibaut
>

​How would you like to submit your writing for discussion? We can set up a
home page for you to place your draft if that works best for you.

Akemi​
___
CentOS-docs mailing list
CentOS-docs@centos.org
https://lists.centos.org/mailman/listinfo/centos-docs

Re: [CentOS-virt] Crash in CentOS 7 kernel-3.10.0-514.16.1.el7.x86_64 in Xen PV mode

2017-10-24 Thread Karl Johnson 
On Tue, Oct 24, 2017 at 3:09 PM, Karl Johnson 
wrote:

> On Tue, Oct 24, 2017 at 3:36 AM, Akemi Yagi  wrote:
>
>> On Mon, Oct 23, 2017 at 11:08 PM, Akemi Yagi  wrote:
>>
>>> On Mon, Oct 23, 2017 at 12:57 PM, Karl Johnson >> > wrote:
>>>
 On Sat, May 20, 2017 at 8:30 PM, Sarah Newman  wrote:

> I experienced a bug that is likely the same as
> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1350373 . Commit
> b7dd0e350e0bd4c0fddcc9b8958342700b00b168 , which is supposed to fix
> it, doesn't appear in this kernel and doesn't apply cleanly either.
> Is there any point in trying to backport the patch?
>
> I had the same kernel panic while booting a PV domU on
 3.10.0-693.2.2.el7.centos.plus.x86_64. I had to start the domU again
 to boot correctly. Can this patch be added to the CentOS 7 kernel-plus?

 Karl

>>>
>>> ​I can certainly add the patch (commit 
>>> b7dd0e350e0bd4c0fddcc9b8958342700b00b168)
>>> to the Plus kernel.​ It would be best if you could file a request on
>>> http://bugs.centos.org so that we can track it better.
>>>
>>> Akemi
>>>
>>
>> ​A CentOSPlus kernel ​set with the referenced patch applied is available
>> for testing at:
>>
>> https://people.centos.org/toracat/kernel/7/plus/xen/
>>
>> Feedback appreciated,
>>
>> Akemi
>>
>
> Thanks for the build Akemi. I will try to test this kernel in the next
> days however it will be hard to know if it fix the kernel panic because I
> can't reproduce it. It's seems to be random and pretty rare in my case.
>

The test kernel doesn't boot on my side:

[0.00] Initializing cgroup subsys cpuset
[0.00] Initializing cgroup subsys cpu
[0.00] Initializing cgroup subsys cpuacct
[0.00] Linux version 3.10.0-693.5.2.el7.centos.plus.1.x86_64
(yagi2@h64r7) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP
Mon Oct 23 22:30:37 PDT 2017
[0.00] Command line: console=hvc0 xencons=tty0 root=/dev/xvda1 ro
LANG=en_CA.UTF-8 elevator=noop nohz=off
[0.00] ACPI in unprivileged domain disabled
[0.00] e820: BIOS-provided physical RAM map:
[0.00] Xen: [mem 0x-0x0009] usable
[0.00] Xen: [mem 0x000a-0x000f] reserved
[0.00] Xen: [mem 0x0010-0x3fff] usable
[0.00] NX (Execute Disable) protection: active
[0.00] DMI not present or invalid.
[0.00] e820: last_pfn = 0x4 max_arch_pfn = 0x4
[0.00] RAMDISK: [mem 0x0242d000-0x038e0fff]
[0.00] NUMA turned off
[0.00] Faking a node at [mem 0x-0x3fff]
[0.00] NODE_DATA(0) allocated [mem 0x3fe03000-0x3fe29fff]
[0.00] Zone ranges:
[0.00]   DMA  [mem 0x1000-0x00ff]
[0.00]   DMA32[mem 0x0100-0x]
[0.00]   Normal   empty
[0.00] Movable zone start for each node
[0.00] Early memory node ranges
[0.00]   node   0: [mem 0x1000-0x0009]
[0.00]   node   0: [mem 0x0010-0x3fff]
[0.00] Initmem setup node 0 [mem 0x1000-0x3fff]
[0.00] SFI: Simple Firmware Interface v0.81
http://simplefirmware.org
[0.00] No local APIC present
[0.00] APIC: disable apic facility
[0.00] APIC: switched to apic NOOP
[0.00] smpboot: Allowing 2 CPUs, 0 hotplug CPUs
[0.00] PM: Registered nosave memory: [mem 0x000a-0x000f]
[0.00] e820: [mem 0x4000-0x] available for PCI devices
[0.00] Booting paravirtualized kernel on Xen
[0.00] Xen version: 4.6.3-3.el6 (preserve-AD)
[0.00] setup_percpu: NR_CPUS:5120 nr_cpumask_bits:2 nr_cpu_ids:2
nr_node_ids:1
[0.00] PERCPU: Embedded 33 pages/cpu @88003f80 s97112 r8192
d29864 u1048576
[0.00] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes)
[0.00] Built 1 zonelists in Node order, mobility grouping on.
Total pages: 257930
[0.00] Policy zone: DMA32
[0.00] Kernel command line: console=hvc0 xencons=tty0
root=/dev/xvda1 ro LANG=en_CA.UTF-8 elevator=noop nohz=off
[0.00] PID hash table entries: 4096 (order: 3, 32768 bytes)
[0.00] x86/fpu: xstate_offset[2]: 0240, xstate_sizes[2]: 0100
[0.00] xsave: enabled xstate_bv 0x7, cntxt size 0x340 using
standard form
[0.00] Memory: 989236k/1048576k available (6954k kernel code, 388k
absent, 58952k reserved, 4575k data, 1768k init)
[0.00] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
[0.00] Hierarchical RCU implementation.
[0.00] RCU restricting CPUs from NR_CPUS=5120 to nr_cpu_ids=2.
[0.00] NR_IRQS:327936 nr_irqs:32 0
[0.00] Console: colour dummy device 80x25
[0.00] console [tty0] enabled
[0.00] console [hvc0] enabled
[

Re: [CentOS] Unable to apply mysqld_db_t to mysql directory

2017-10-24 Thread Bernard Fay 
James,

I read your email a couple of times.  There is so much to learn from it.

If I am right, the output of "semanage fcontext -l" is the content of the
SELinux database regarding the SELinux contexts.  Yet if I am right, when
we try to assign or verify what should be the contexts on files or
directories, a first look at the SELinux DB should be the first thing to
do. Right?

I have now a much better understanding of what is going on when I use
"semanage fcontext -a -t ..." then "restorecon -R".  "semanage fcontext -a"
add fcontext the SELinux DB and restorecon applies the fcontext to the
files or directory as defined in the DB.

In the past I have been confused by chcon and came to the conclusion this
command was totally useless.  But if the command exist, it should have a
use of it. What kind of situation could make chcon useful?

Regarding the equivalence, at first I understood it as "make this equal to
that". A bit like when using chmod --reference.  Wrong!!!

I didn't only have a slight misconception on label, I honestly would say I
was lost with the new lights you made on it.

Thanks a lot for your time James! I really appreciate it.

Bernard



On Mon, Oct 23, 2017 at 5:13 PM, James Hogarth 
wrote:

> On 23 October 2017 at 19:18, Bernard Fay  wrote:
> > Thanks, I managed to fix /var/lib/mysql
> >
> > # ls -ldZ /var/lib/mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:mysqld_db_t:s0 /var/lib/mysql
> >
> > To fix it, I tried:
> > semanage fcontext -d -e /var/lib/mysql
> > this command returned:
> > KeyError: /var/lib/mysql
> > I tried restorecon anyway:
> > restorecon -Rv /var/lib/mysql
> > But not better:
> > ls -ldZ /var/lib/mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   /var/lib/mysql
> >
> > So I did the following:
> > semanage fcontext -d -t var_lib_t /var/lib/mysql
> > It started to look better:
> > ls -ldZ /var/lib/mysql
> > drwxr-xr-x. mysql mysql system_u:object_r:var_lib_t:s0   /var/lib/mysql
> > Then I ran restorecon
> > restorecon -Rv /var/lib/mysql
> > I got a lot of :
> > restorecon reset /var/lib/mysql/...
> >
> > And then I got the proper context on /var/lib/mysql.
> >
> >
> > I think there are still many things I do not understand about SELinux.
> >
> > I thought the equivalence thing I did with the command below was going to
> > assign the context of /var/lib/mysql.old to /var/lib/mysql. Obviously
> not!
> > semanage fcontext -a -e /var/lib/mysql.old /var/lib/mysql
> >
> >
>
> I think you have a slight misconception over how labels are determined.
>
> There's no relation between what is presently on the filesystem when
> you do ls -lZ and what the policy database thinks it ought to be.
>
> This is why you can chcon to change the label of something but a
> relabelling will change it back.
>
> When you run restorecon to relabel a path what happens is it takes the
> absolute (full) path and compares it against the regexes in the
> selinux policy database (see it with semanage fcontext -l for some,
> but now all, context matches) ...
>
> Then for the most specific match it will apply whatever label is in
> that database.
>
> When you do semanage fcontext -a -e /foo /bar to do an alias what you
> are telling selinux is that for every time that /bar is run through
> the regex replace bar with foo and check that instead.
>
> This is why when adding custom labelling you need to do a full regex
> path to match files under that directory too.
>
> When you moved /var/lib/mysql to /var/lib/mysql.old the labels moved
> with the files (this is the default unless you cross filesystems, you
> can force labelling as the destination with mv -Z).
>
> The selinux database still has /var/lib/mysql(/.*)? as being type
> mysqldb_db_t even if that directory doesn't exist.
>
> When the directory is created and put in place then it will get what
> policy says is right for that path.
>
> The point of using equivalence is when you move a default location -
> such as /home to /data/home or /var/lib/mysql to /data/mysql
>
> In that situation the default selinux policy doesn't know anything
> about /data or the contents of it so it'll end up with a default_t
> label ... not very useful.
>
> Now you could semanage fcontext -a -t mysqldb_db_t /data/mysql(/.*)?
> but quite often the 'story' of a directory tree isn't about just one
> label and it'd be tedious trying to match them all ...
>
> For the craziness that is $HOME for instance...
>
> CentOS7: cat /etc/selinux/targeted/contexts/files/file_contexts.homedirs
> Fedora: cat /usr/share/selinux/targeted/default/active/homedir_template
>
> There's a lot of different contexts depending on the file in that tree
> ... trying to mimic them all to move /home to /data/home would be a
> nightmare ...
>
> But this is made trivial with semanage fcontext -a -e /home /data/home
> to ensure ~/.ssh and ~/.gpg and ~/public_html and so on all get the
> right contexts.
>
> So based on that I hope you

Re: [CentOS-virt] Crash in CentOS 7 kernel-3.10.0-514.16.1.el7.x86_64 in Xen PV mode

2017-10-24 Thread Karl Johnson 
On Tue, Oct 24, 2017 at 3:36 AM, Akemi Yagi  wrote:

> On Mon, Oct 23, 2017 at 11:08 PM, Akemi Yagi  wrote:
>
>> On Mon, Oct 23, 2017 at 12:57 PM, Karl Johnson 
>> wrote:
>>
>>> On Sat, May 20, 2017 at 8:30 PM, Sarah Newman  wrote:
>>>
 I experienced a bug that is likely the same as
 https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1350373 . Commit
 b7dd0e350e0bd4c0fddcc9b8958342700b00b168 , which is supposed to fix
 it, doesn't appear in this kernel and doesn't apply cleanly either.
 Is there any point in trying to backport the patch?

 I had the same kernel panic while booting a PV domU on
>>> 3.10.0-693.2.2.el7.centos.plus.x86_64. I had to start the domU again to
>>> boot correctly. Can this patch be added to the CentOS 7 kernel-plus?
>>>
>>> Karl
>>>
>>
>> ​I can certainly add the patch (commit 
>> b7dd0e350e0bd4c0fddcc9b8958342700b00b168)
>> to the Plus kernel.​ It would be best if you could file a request on
>> http://bugs.centos.org so that we can track it better.
>>
>> Akemi
>>
>
> ​A CentOSPlus kernel ​set with the referenced patch applied is available
> for testing at:
>
> https://people.centos.org/toracat/kernel/7/plus/xen/
>
> Feedback appreciated,
>
> Akemi
>

Thanks for the build Akemi. I will try to test this kernel in the next days
however it will be hard to know if it fix the kernel panic because I can't
reproduce it. It's seems to be random and pretty rare in my case.
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS] [OT]: scp setup jailed chroot on Centos7

2017-10-24 Thread John R Pierce 

On 10/24/2017 7:40 AM, Valeri Galtsev wrote:

[Sorry about "top posting": my OT question arises from the subject..]

Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD
jails, and as I run CentOS and some other Linuxes for quite some time I
was under impression that there is no such thing as jail under Linux [at
least those flavors I run]. Under Linux I did use in variety of places
chrooted environment, but that only separates stuff on the filesystem
level (and other things such as devices and others accessed via
filesystem). There is no other resource separation (which I'm used to have
control over in case of FreeBSD jail).

Am I wrong, and what am I wrong about?



while I've never used them, my understanding is, lxcontainers are at the 
level of a jail, network isolation as well as file system.



--
john r pierce, recycling bits in santa cruz

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Docker log level

2017-10-24 Thread m . roth 
Hi, folks,

   Just installed and fired up docker for a user, and the default log
level is stupidly noisy. Now, doing some googling, I see that I can set
the log level on the command line. What I'd *like* to do is set the log
level in the appropriate config file, which I gather is
/etc/docker/daemon.json. So far, though, I can't find anything that
suggests I can do that.

   Anyone here know if I can, and if so, what the correct syntax is?

   Thanks in advance.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Not Able to Configure Nagios Server 4.3.4 in Centos 7

2017-10-24 Thread Chris Beattie 
> As per the installation instructions I ran the commands in the concerned
> folders of ./configure , make , make install for both the core and the Nagios
> plugins.
> 
> I am not able to figure out the issue behind that it is not working It did got
> installed using yum which was a previous 4.3.2 that that had it's own errors
> and wanted me to update with no update of it available in the epel
> repository.

What's not working?  Did it compile correctly?  Nagios needs some extra 
packages to for all of its features to work.  These can be installed via YUM 
even if you compile Nagios itself from source.

Also, if you install Nagios from source, SELinux will prevent it from doing a 
lot of stuff by default.  However, it's entirely possible to run Nagios with 
SELinux in Enforcing mode with the right policy.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] [OT]: scp setup jailed chroot on Centos7

2017-10-24 Thread Valeri Galtsev 

[Sorry about "top posting": my OT question arises from the subject..]

Could someone elaborate on the "jail" under CentOS. I'm used to FreeBSD
jails, and as I run CentOS and some other Linuxes for quite some time I
was under impression that there is no such thing as jail under Linux [at
least those flavors I run]. Under Linux I did use in variety of places
chrooted environment, but that only separates stuff on the filesystem
level (and other things such as devices and others accessed via
filesystem). There is no other resource separation (which I'm used to have
control over in case of FreeBSD jail).

Am I wrong, and what am I wrong about?

Valeri

On Tue, October 24, 2017 8:24 am, rai...@ultra-secure.de wrote:
> Am 2017-10-24 12:19, schrieb Adrian Jenzer:
>
>> Hi Rainer
>> I would if I could but external offers only FTP and SCP...
>>
>> Regards Adrian
>
>
> AFAIK, for scp you need a proper shell.
>
> I've done that exactly once (chrooted ssh) and it was such a pain that I
> vowed to never do it again.
>
> The problem is that inside the chroot, you need:
>
>   - nameresolution
>   - a minimal passwd/shadow/group file (or ldap)
>   - maybe for scp, you can get away with a rather minimal device-tree -
> but for actual SSH access, I needed a fairly complete device tree inside
> the chroot (ttys ...).
>   - that was with FreeBSD 10, I never tried it with anything else (due to
> its history with jails, creating functional, limited chroot-environments
> is somewhat in its genes, so to speak)
>
> Somebody sent me the link to these scripts:
>
> https://github.com/codelibre-net/schroot
>
> Maybe you can use those scripts - I've never tried them.
>
>
> Also, there's scp-only:
> https://github.com/scponly/scponly/wiki
>
> Haven't used that in years, either.
> Concern over that one seemed to be that it's "another" shell and nobody
> had apparently done a thorough audit of it.
> ___
> CentOS mailing list
> CentOS@centos.org
> https://lists.centos.org/mailman/listinfo/centos
>



Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-24 Thread Adrian Jenzer 
That's correct, forgot to mention it. We ended up using SFTP (or at least 
offering it to external).


-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of 
rai...@ultra-secure.de
Sent: Dienstag, 24. Oktober 2017 15:24
To: CentOS mailing list
Subject: Re: [CentOS] scp setup jailed chroot on Centos7

Am 2017-10-24 12:19, schrieb Adrian Jenzer:

> Hi Rainer
> I would if I could but external offers only FTP and SCP...
> 
> Regards Adrian


AFAIK, for scp you need a proper shell.

I've done that exactly once (chrooted ssh) and it was such a pain that I 
vowed to never do it again.

The problem is that inside the chroot, you need:

  - nameresolution
  - a minimal passwd/shadow/group file (or ldap)
  - maybe for scp, you can get away with a rather minimal device-tree - 
but for actual SSH access, I needed a fairly complete device tree inside 
the chroot (ttys ...).
  - that was with FreeBSD 10, I never tried it with anything else (due to 
its history with jails, creating functional, limited chroot-environments 
is somewhat in its genes, so to speak)

Somebody sent me the link to these scripts:

https://github.com/codelibre-net/schroot

Maybe you can use those scripts - I've never tried them.


Also, there's scp-only:
https://github.com/scponly/scponly/wiki

Haven't used that in years, either.
Concern over that one seemed to be that it's "another" shell and nobody 
had apparently done a thorough audit of it.
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-24 Thread rainer 

Am 2017-10-24 12:19, schrieb Adrian Jenzer:


Hi Rainer
I would if I could but external offers only FTP and SCP...

Regards Adrian



AFAIK, for scp you need a proper shell.

I've done that exactly once (chrooted ssh) and it was such a pain that I 
vowed to never do it again.


The problem is that inside the chroot, you need:

 - nameresolution
 - a minimal passwd/shadow/group file (or ldap)
 - maybe for scp, you can get away with a rather minimal device-tree - 
but for actual SSH access, I needed a fairly complete device tree inside 
the chroot (ttys ...).
 - that was with FreeBSD 10, I never tried it with anything else (due to 
its history with jails, creating functional, limited chroot-environments 
is somewhat in its genes, so to speak)


Somebody sent me the link to these scripts:

https://github.com/codelibre-net/schroot

Maybe you can use those scripts - I've never tried them.


Also, there's scp-only:
https://github.com/scponly/scponly/wiki

Haven't used that in years, either.
Concern over that one seemed to be that it's "another" shell and nobody 
had apparently done a thorough audit of it.

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] Not Able to Configure Nagios Server 4.3.4 in Centos 7

2017-10-24 Thread Abhinay Khanna 
Hi Team,


I was trying to install the Nagios server in Centos 7.
I had downloaded and unzipped the Nagios server and it's plugins file.

As per the installation instructions I ran the commands in the concerned 
folders of ./configure , make , make install for both the core and the Nagios 
plugins.

I am not able to figure out the issue behind that it is not working
It did got installed using yum which was a previous 4.3.2 that that had it's 
own errors and wanted me to update with no update of it available in the epel 
repository.

Can anyone help with this ?

TIA
Abhinay

Get Outlook for Android

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 152, Issue 9

2017-10-24 Thread centos-announce-request 
Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
https://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEBA-2017:2950 CentOS 7 grub2 BugFix Update (Johnny Hughes)
   2. CESA-2017:2930 Important CentOS 7 kernel Security Update
  (Johnny Hughes)


--

Message: 1
Date: Mon, 23 Oct 2017 17:03:59 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CEBA-2017:2950 CentOS 7 grub2 BugFix Update
Message-ID: <20171023170359.ga53...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2017:2950

Upstream details at : https://access.redhat.com/errata/RHBA-2017:2950

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
828d60fc0272f1a012a0533b962b53721bd77f819c7ba217a65031740a375a12  
grub2-2.02-0.65.el7.centos.2.x86_64.rpm
ee389998b8ff255e61b6c4bfd6f6fce09591c6e3c15044175ff550b54fdd3ae0  
grub2-common-2.02-0.65.el7.centos.2.noarch.rpm
3bb8b2b0298e4700ef0ac3980736c6a3845fd34a29bde15bf7d76e44b55307c8  
grub2-efi-ia32-2.02-0.65.el7.centos.2.x86_64.rpm
34e35799c77a9c8a3916f08da92016dd19b4d7980daf20abdd1b2231994fe3c7  
grub2-efi-ia32-cdboot-2.02-0.65.el7.centos.2.x86_64.rpm
f719906d6debf2a8bb715eb03d4c19bce769d62a3561c8b51f32be57fc771b39  
grub2-efi-ia32-modules-2.02-0.65.el7.centos.2.noarch.rpm
6645e7cd5e05a6fa37e88d3d46f0a7498f7d496a9dcf5728fe9a53c538af63b2  
grub2-efi-x64-2.02-0.65.el7.centos.2.x86_64.rpm
f825027ee0125dc485e73705e7508828fdf4d109104b51e8b014cfc21154f4ac  
grub2-efi-x64-cdboot-2.02-0.65.el7.centos.2.x86_64.rpm
cabf5e1c2a01d30eec7a804d800c4c950a092bae3cbb4dd5ab019b23d069f555  
grub2-efi-x64-modules-2.02-0.65.el7.centos.2.noarch.rpm
2384f834cb14c7a0e49f2afe0ba83ee169a9d0df6321bba3321712e2eeb48c6e  
grub2-pc-2.02-0.65.el7.centos.2.x86_64.rpm
0c992f97bd2c9fb66279c8d94b62649b9569e4b33b16f39f438780b5f451b534  
grub2-pc-modules-2.02-0.65.el7.centos.2.noarch.rpm
2f18437001dcd0f12e9afbf08df4d10b4088afc16e2a988910465321f435ba71  
grub2-tools-2.02-0.65.el7.centos.2.x86_64.rpm
263667918eeb5da77c65f6b4e8870cfd78394cdc6e45d6b04a7ee85fb27575e0  
grub2-tools-extra-2.02-0.65.el7.centos.2.x86_64.rpm
253dde9ab41549c1f8be2701b3cc66556761489b6991141345dd28c39511b8b0  
grub2-tools-minimal-2.02-0.65.el7.centos.2.x86_64.rpm

Source:
6d4c2d84aaf26a610749a535ea09576377558fc369c4429962b2b5273578ba3d  
grub2-2.02-0.65.el7.centos.2.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #cen...@irc.freenode.net
Twitter: @JohnnyCentOS



--

Message: 2
Date: Mon, 23 Oct 2017 17:05:09 +
From: Johnny Hughes 
To: centos-annou...@centos.org
Subject: [CentOS-announce] CESA-2017:2930 Important CentOS 7 kernel
SecurityUpdate
Message-ID: <20171023170509.ga53...@n04.lon1.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Security Advisory 2017:2930 Important

Upstream details at : https://access.redhat.com/errata/RHSA-2017:2930

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
cbcf80a045ddf5b6604f169cb4dfafc3289dc7415d3e325c35f39e5183d0b9ff  
kernel-3.10.0-693.5.2.el7.x86_64.rpm
293281676d31bacce91acde6543fcc120916839b0535a4626c61df22e405d455  
kernel-abi-whitelists-3.10.0-693.5.2.el7.noarch.rpm
fe6ab3882763b2b44b018bc17e011f0d18e1346e21eb15842bdc7c70bb71c482  
kernel-debug-3.10.0-693.5.2.el7.x86_64.rpm
12a1c7b5b51977f4c06eaa46ddd817936ae79d06e5f4d54aed291aabb92f048f  
kernel-debug-devel-3.10.0-693.5.2.el7.x86_64.rpm
45c462433548861502ea8aecc9819813eafb195fe7f847cd4ba061bc912cdad1  
kernel-devel-3.10.0-693.5.2.el7.x86_64.rpm
dad242aabbd78994d2d1e31f9ed115909c2712c0fc2d5f0d3a475ff7fff771a2  
kernel-doc-3.10.0-693.5.2.el7.noarch.rpm
9bc5325cf78d0b72989ef9a31013f295119ffad25dbd266d9d1ece25f4d6fc7f  
kernel-headers-3.10.0-693.5.2.el7.x86_64.rpm
8fd1f5a3de7ec2e8e000281dc06d52c62d8cfb4431fdaa4dff19d25748fd19a8  
kernel-tools-3.10.0-693.5.2.el7.x86_64.rpm
c841e5094aefb04c073356099ed14d2f88ac50f81fd1349e857f2afb05ad998f  
kernel-tools-libs-3.10.0-693.5.2.el7.x86_64.rpm
31e38bd0c6cf6248f831f67cc914335223783551f9e6c026e3ef7e3fb09dc7f2  
kernel-tools-libs-devel-3.10.0-693.5.2.el7.x86_64.rpm
3928e3784c6c695ddf02f840493e16c691a2e59e9e0bd74cb4d8825bf848161a  
perf-3.10.0-693.5.2.el7.x86_64.rpm
bb2fa1dd3cc798fdea47b3d0749731876ad276474dc0bb9d5070dbd32d4ccde9

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-24 Thread Adrian Jenzer 


-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of tbucha...@vinu.edu
Sent: Samstag, 21. Oktober 2017 02:14
To: CentOS mailing list
Subject: Re: [CentOS] scp setup jailed chroot on Centos7

-"CentOS"  wrote: -To: CentOS mailing list 

From: Rainer Duffner 
Sent by: "CentOS" 
Date: 10/20/2017 08:00PM
Subject: Re: [CentOS] scp setup jailed chroot on Centos7

> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer :
> 
> Dear all
> 
> I'm looking for instructions on how to setup a jailed chroot directory for 
> user which needs to upload via scp to the server.
> Especially I miss clear instructions about what needs to be in the jailed 
> directory available, like binaries, libraries, etc...
> Without jail I get it to work, but I want to prevent user downloading for 
> example /etc folder from the server.
> 
> Does anybody have a link or list valid for Centos7
> 



Cant you use SFTP?

AFAIK, sftp automatically chroots a user with no valid shell (provided the home 
directory is owned by root and not writeable by the user and you use Subsystem 
internal-sftp).



___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


https://github.com/mysecureshell/mysecureshell
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos


Thanks for this. Didn't know about it. And setup is pretty straight forward. 
The repo for Centos6 works with 7 too.

[mysecureshell]
name=MySecureShell
baseurl=http://mysecureshell.free.fr/repository/index.php/centos/6.4/
enabled=1
gpgcheck=0


regards Adrian

___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] scp setup jailed chroot on Centos7

2017-10-24 Thread Adrian Jenzer 


-Original Message-
From: CentOS [mailto:centos-boun...@centos.org] On Behalf Of Rainer Duffner
Sent: Samstag, 21. Oktober 2017 00:41
To: CentOS mailing list
Subject: Re: [CentOS] scp setup jailed chroot on Centos7


> Am 20.10.2017 um 15:58 schrieb Adrian Jenzer :
> 
> Dear all
> 
> I'm looking for instructions on how to setup a jailed chroot directory for 
> user which needs to upload via scp to the server.
> Especially I miss clear instructions about what needs to be in the jailed 
> directory available, like binaries, libraries, etc...
> Without jail I get it to work, but I want to prevent user downloading for 
> example /etc folder from the server.
> 
> Does anybody have a link or list valid for Centos7
> 



Can’t you use SFTP?

AFAIK, sftp automatically chroots a user with no valid shell (provided the home 
directory is owned by root and not writeable by the user and you use Subsystem 
internal-sftp).



Hi Rainer
I would if I could but external offers only FTP and SCP...

Regards Adrian
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos
___
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Re: [CentOS-virt] Crash in CentOS 7 kernel-3.10.0-514.16.1.el7.x86_64 in Xen PV mode

2017-10-24 Thread Akemi Yagi 
On Mon, Oct 23, 2017 at 11:08 PM, Akemi Yagi  wrote:

> On Mon, Oct 23, 2017 at 12:57 PM, Karl Johnson 
> wrote:
>
>> On Sat, May 20, 2017 at 8:30 PM, Sarah Newman  wrote:
>>
>>> I experienced a bug that is likely the same as
>>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1350373 . Commit
>>> b7dd0e350e0bd4c0fddcc9b8958342700b00b168 , which is supposed to fix it,
>>> doesn't appear in this kernel and doesn't apply cleanly either.
>>> Is there any point in trying to backport the patch?
>>>
>>> I had the same kernel panic while booting a PV domU on
>> 3.10.0-693.2.2.el7.centos.plus.x86_64. I had to start the domU again to
>> boot correctly. Can this patch be added to the CentOS 7 kernel-plus?
>>
>> Karl
>>
>
> ​I can certainly add the patch (commit 
> b7dd0e350e0bd4c0fddcc9b8958342700b00b168)
> to the Plus kernel.​ It would be best if you could file a request on
> http://bugs.centos.org so that we can track it better.
>
> Akemi
>

​A CentOSPlus kernel ​set with the referenced patch applied is available
for testing at:

https://people.centos.org/toracat/kernel/7/plus/xen/

Feedback appreciated,

Akemi
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt

Re: [CentOS-virt] Crash in CentOS 7 kernel-3.10.0-514.16.1.el7.x86_64 in Xen PV mode

2017-10-24 Thread Akemi Yagi 
On Mon, Oct 23, 2017 at 12:57 PM, Karl Johnson 
wrote:

> On Sat, May 20, 2017 at 8:30 PM, Sarah Newman  wrote:
>
>> I experienced a bug that is likely the same as
>> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1350373 . Commit
>> b7dd0e350e0bd4c0fddcc9b8958342700b00b168 , which is supposed to fix it,
>> doesn't appear in this kernel and doesn't apply cleanly either.
>> Is there any point in trying to backport the patch?
>>
>> I had the same kernel panic while booting a PV domU on
> 3.10.0-693.2.2.el7.centos.plus.x86_64. I had to start the domU again to
> boot correctly. Can this patch be added to the CentOS 7 kernel-plus?
>
> Karl
>

​I can certainly add the patch (commit
b7dd0e350e0bd4c0fddcc9b8958342700b00b168)
to the Plus kernel.​ It would be best if you could file a request on
http://bugs.centos.org so that we can track it better.

Akemi
___
CentOS-virt mailing list
CentOS-virt@centos.org
https://lists.centos.org/mailman/listinfo/centos-virt