Re: [CentOS] After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote: What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot. Running the service script manually may not give you the same selinux context as on boot. Services should be started using "run_init" to ensure they get the correct context. I think this is legitimately the most confusing aspect of SELinux, and it's one of the things that systemd fixed properly. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
Hi. I am stuck with this one and I do not know where and how to search for this problem nor do I know how to fix it. When I reboot one of our servers (CentOS 6.7, selinux target, yum fully updated) the http server loads fine (no erros) but when accessing one of the server's websites it displays "Forbidden", restarting the httpd server (command line) will give full access and all is fine. What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot. [Sat Nov 07 13:02:44 2015] [notice] caught SIGTERM, shutting down [Sat Nov 07 13:02:45 2015] [notice] SELinux policy enabled; httpd running as context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 [Sat Nov 07 13:02:45 2015] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Nov 07 13:02:45 2015] [notice] Digest: generating secret for digest authentication ... [Sat Nov 07 13:02:45 2015] [notice] Digest: done [Sat Nov 07 13:02:45 2015] [notice] Apache/2.2.15 (Unix) PHP/5.4.45 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_wsgi/3.2 Python/2.6.6 mod_perl/2.0.4 Perl/v5.10.1 configured -- resuming normal operations I started it with an strace but I cant find anything that looks suspicious ... Putting selinux into permissive mode starts the server right from boot. Looking at all the logs I cannot see anything. Any ideas? Jobst -- Though the pen IS mightier than the sword, the sword is mightier at any given moment. | |0| | Jobst Schmalenbach, jo...@barrett.com.au, General Manager | | |0| Barrett Consulting Group P/L & The Meditation Room P/L |0|0|0| +61 3 9532 7677, POBox 277, Caulfield South, 3162, Australia ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] NetworkManager and network service
Hi, folks, I 've created interfaces files with the NM_CONTROLLED=no statement and I've found that even after restarting network services changes are not commited. Only it worked after running nmcli connection reload restart of the network service worked. I wonder if it's either a feature or a bug... Could you help me? Thanks in advance! -- -- Sergio Belkin LPIC-2 Certified - http://www.lpi.org ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld being stupid
On 6 November 2015 at 21:49, Pete Travis wrote: > On Nov 6, 2015 3:31 PM, "Nick Bright" wrote: >> >> Greetings, >> >> One of my biggest frustrations with CentOS 7 has been firewalld. >> >> Essentially all of the documentation just flat doesn't work. >> >> One common thing that needs to be done is to change the zone of an > interface, however I've tried: >> >> firewall-cmd --permanent --zone=internal --change-interface=ens192 >> firewall-cmd --permanent --zone=internal --add-interface=ens192 >> >> I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192: >> >> ZONE=internal >> ZONE="internal" >> >> No matter what, when firewalld starts, ens192 will be in the public zone. >> >> What am I doing wrong? Why does the documented command structure not work? >> >> -- >> --- >> - Nick Bright- > > Firewalld does physical interfaces, NetworkManager has profiles on top of > them. NM can specify a zone and communicate it to firewalld - which should > work from your ifcfg edit - but the reverse currently doesn't happen. Try > with nmcli: > > nmcli con modify ens19p0 connection.zone internal > > ...btw, the insertion of the 'p' was deliberate, I've seen more device > names of that form. doublecheck your device name too. > > I have a couple of relevant articles you may be interested in ... On assigning the zone via NM: https://www.hogarthuk.com/?q=node/8 Look down to the "Specifying a particular firewall zone" bit ... remember that if you edit the files rather than using nmcli you must reload NM (or do nmcli reload) for that to take effect. If you specify a zone in NM then this will override the firewalld configuration if the zone is specified there. Here's some firewalld stuff: https://www.hogarthuk.com/?q=node/9 Don't forget that if you use --permanent on a command you need to do a reload for it to read the config from disk and apply it. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld being stupid
On Nov 6, 2015 3:31 PM, "Nick Bright" wrote: > > Greetings, > > One of my biggest frustrations with CentOS 7 has been firewalld. > > Essentially all of the documentation just flat doesn't work. > > One common thing that needs to be done is to change the zone of an interface, however I've tried: > > firewall-cmd --permanent --zone=internal --change-interface=ens192 > firewall-cmd --permanent --zone=internal --add-interface=ens192 > > I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192: > > ZONE=internal > ZONE="internal" > > No matter what, when firewalld starts, ens192 will be in the public zone. > > What am I doing wrong? Why does the documented command structure not work? > > -- > --- > - Nick Bright- Firewalld does physical interfaces, NetworkManager has profiles on top of them. NM can specify a zone and communicate it to firewalld - which should work from your ifcfg edit - but the reverse currently doesn't happen. Try with nmcli: nmcli con modify ens19p0 connection.zone internal ...btw, the insertion of the 'p' was deliberate, I've seen more device names of that form. doublecheck your device name too. --Pete ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] firewalld being stupid
On 11/6/2015 1:31 PM, Nick Bright wrote: One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192: ZONE=internal ZONE="internal" No matter what, when firewalld starts, ens192 will be in the public zone. What am I doing wrong? Why does the documented command structure not work? I haven't messed with firewalld yet, so the following is purely conjecture... does firewall-cmd --get-zones list this "internal" zone ? if not, you may need to create it first, firewall-cmd --permanent --new-zone=internal firewall-cmd --reload THEN assign your interface to it, firewall-cmd --permanent --zone=internal --change-interface=ens192 -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] firewalld being stupid
Greetings, One of my biggest frustrations with CentOS 7 has been firewalld. Essentially all of the documentation just flat doesn't work. One common thing that needs to be done is to change the zone of an interface, however I've tried: firewall-cmd --permanent --zone=internal --change-interface=ens192 firewall-cmd --permanent --zone=internal --add-interface=ens192 I've also tried setting in /etc/sysconfig/network-scripts/ifcfg-ens192: ZONE=internal ZONE="internal" No matter what, when firewalld starts, ens192 will be in the public zone. What am I doing wrong? Why does the documented command structure not work? -- --- - Nick Bright- - Vice President of Technology - - Valnet -=- We Connect You -=- - - Tel 888-332-1616 x 315 / Fax 620-331-0789 - - Web http://www.valnet.net/ - --- - Are your files safe?- - Valnet Vault - Secure Cloud Backup - - More information & 30 day free trial at - - http://www.valnet.net/services/valnet-vault - --- This email message and any attachments are intended solely for the use of the addressees hereof. This message and any attachments may contain information that is confidential, privileged and exempt from disclosure under applicable law. If you are not the intended recipient of this message, you are prohibited from reading, disclosing, reproducing, distributing, disseminating or otherwise using this transmission. If you have received this message in error, please promptly notify the sender by reply E-mail and immediately delete this message from your system. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] c++ Development question
On 11/6/2015 10:05 AM, Leandro wrote: Im learning about c/c++ , so far every thing works great. The problem begins when I try to install a new library or a third party api. For example now I need to install the jsoncpp implementation in my centos box but I have no idea how to do it. I realized that my knolowge about those things is very poor. I would like to ask you for some documentation about libraries directories layout regarding c/c++ programing. Im not interested in the languaje it self but how to prepare my server to succesfully compile c/c++ programas. DO not put anything you've built in any of the system libraries (/usr/lib, etc) unless you package your code as RPM for deployment. Libraries you compile for your own use would normally be put in a lib directory somewhere under your own home directory, perhaps under your project directory, and they should be referenced in your make file. .a, .o libraries that are in, say, $HOME/lib, can be referenced by -L$HOME/lib ... if these are .so libraries, if you specify the path to your /lib/ directory in the --rpath option to ld (the gnu linker) or -Wl,--rpath= when you use gcc++ to link for you, then at runtime it will look for the .so files in that path. if the programs you're compiling will be installed under /usr/local for system-wide use, then the required shared libraries should also be installed under /usr/local/something and that path should be passed to --rpath -- john r pierce, recycling bits in santa cruz ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] c++ Development question
Leandro wrote: > Hello Centos user. > Im learning about c/c++ , so far every thing works great. > The problem begins when I try to install a new library or a third party > api. > For example now I need to install the jsoncpp implementation in my > centos box but I have no idea how to do it. > I realized that my knolowge about those things is very poor. > I would like to ask you for some documentation about libraries > directories layout regarding c/c++ programing. > Im not interested in the languaje it self but how to prepare my server > to succesfully compile c/c++ programas. > Read the manpage on yum to start. Do you have gcc++ installed? If not, yum install "Development tools" (assuming you're running CentOS 7; if you're on 6, it's yum groupinstall I suppose, if you really, *really* need a 2GB text editor, you could install eclipse. Then, understand that any package *should* install in the correct place. For some oddities, you might have to set the environment variable LD_LIBRARY_PATH. Finally, to see what libraries or compiler tools are available, yum list lib\*, etc. Also, check to see if you have rpmfusion and epel repos enabled. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getting a CentOS6 VM on VMware ESXi platform to recognize a new disk device
On Fri, Nov 6, 2015 at 9:56 AM, Boris Epstein wrote: > > > On Thu, Nov 5, 2015 at 8:23 AM, Tris Hoar wrote: > >> On 04/11/2015 20:59, John R Pierce wrote: >> >>> On 11/4/2015 12:52 PM, Boris Epstein wrote: >>> I don't get this for some reason... not even sure why. ESXi's default behaviour seems to be to allow hotplug, that does not seem to be deactivated. I am just not sure. Wonder if this could be the Centos 7 vs 6 - perhaps that is what I ought to test for. >>> >>> what virtual SCSI controller type are you using for these VM's? Mine are >>> 'paravirtual'. >>> >>> >> Also, what guest OS and VM hardware version is the guest running as? >> >> Tris >> >> >> * >> This email and any files transmitted with it are confidential >> and intended solely for the use of the individual or entity to whom they >> are addressed. If you have received this email in error please notify >> postmas...@bgfl.org >> >> The views expressed within this email are those of the individual, and >> not necessarily those of the organisation >> * >> >> ___ >> CentOS mailing list >> CentOS@centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > > Tris, John, > > Thanks! > > I blew away the original VM I was using for testing as it came time to do > the things for real in production - and, as much as I hated it, I just > added the disk and rebooted the production machine to make it "see" that > disk. > > However, I have then decided to investigate the matter further. So I > created a new one. It is running on an ESXi 5.5 server, VM Version 10, > VMware Paravirtual SCSI controller, configured for RedHat 6/64-bit OS, > running Centos 6/64 bit. And it worked perfectly when it came to "seeing" a > hotplugged disk drive. > > So I am not sure what to make of all of it - but it looks like freshly > created VM's are OK and it was indeed something to do with the VM settings. > > Cheers, > > Boris. > > Hello all, OK, looks like I have figured it out. It seems to be a matter of the SCSI bus emulation: things work fine with the Paravirtual but do not with the LSI Parallel. Good to know:) Thanks for all your help, everybody. Cheers, Boris. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] c++ Development question
Hello Centos user. Im learning about c/c++ , so far every thing works great. The problem begins when I try to install a new library or a third party api. For example now I need to install the jsoncpp implementation in my centos box but I have no idea how to do it. I realized that my knolowge about those things is very poor. I would like to ask you for some documentation about libraries directories layout regarding c/c++ programing. Im not interested in the languaje it self but how to prepare my server to succesfully compile c/c++ programas. I hope someone can help my on this. Regards, Leo. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7, ATI card, 30" monitor
Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote: >> -Original Message- >> From: m.r...@5-cent.us [mailto:m.r...@5-cent.us] >> Sent: Thursday, November 05, 2015 10:23 AM >> To: CentOS mailing list >> Subject: Re: [CentOS] Centos 7, ATI card, 30" monitor > >> That's why I said that at some point I was going to hand-craft an >> xorg.conf. Do you know if there's a way to dump the current settings to >> a file? I know I can do it with NVidia, but this is just KDE's settings. > > Last I knew, you could > 1) go into multi user mode (no x running) > systemctl isolate multi-user #graphical is probably the default > 2) Ask Xorg what it would do by default > run 'Xorg --config > mynewxorg.conf.file' #this is IIRC without looking > at man or Xorg --help > #but I think you'll get the idea here. :) > 3) go back to graphical > systemctl isolate graphical > > hope this helps Yeah, thanks. Googling, I found Xorg :1 --configure, and it crashed every time, so I was wondering if I had to be in runlevel 3 for that to work. mark ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Centos 7, ATI card, 30" monitor
> -Original Message- > From: m.r...@5-cent.us [mailto:m.r...@5-cent.us] > Sent: Thursday, November 05, 2015 10:23 AM > To: CentOS mailing list > Subject: Re: [CentOS] Centos 7, ATI card, 30" monitor > That's why I said that at some point I was going to hand-craft an > xorg.conf. Do you know if there's a way to dump the current settings to a > file? I know I can do it with NVidia, but this is just KDE's settings. Last I knew, you could 1) go into multi user mode (no x running) systemctl isolate multi-user #graphical is probably the default 2) Ask Xorg what it would do by default run 'Xorg --config > mynewxorg.conf.file' #this is IIRC without looking at man or Xorg --help #but I think you'll get the idea here. :) 3) go back to graphical systemctl isolate graphical hope this helps Even when this disclaimer is not here: I am not a contracting officer. I do not have authority to make or modify the terms of any contract. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] getting a CentOS6 VM on VMware ESXi platform to recognize a new disk device
On Thu, Nov 5, 2015 at 8:23 AM, Tris Hoar wrote: > On 04/11/2015 20:59, John R Pierce wrote: > >> On 11/4/2015 12:52 PM, Boris Epstein wrote: >> >>> I don't get this for some reason... not even sure why. ESXi's default >>> behaviour seems to be to allow hotplug, that does not seem to be >>> deactivated. I am just not sure. Wonder if this could be the Centos 7 >>> vs 6 >>> - perhaps that is what I ought to test for. >>> >> >> what virtual SCSI controller type are you using for these VM's? Mine are >> 'paravirtual'. >> >> > Also, what guest OS and VM hardware version is the guest running as? > > Tris > > > * > This email and any files transmitted with it are confidential > and intended solely for the use of the individual or entity to whom they > are addressed. If you have received this email in error please notify > postmas...@bgfl.org > > The views expressed within this email are those of the individual, and not > necessarily those of the organisation > * > > ___ > CentOS mailing list > CentOS@centos.org > https://lists.centos.org/mailman/listinfo/centos > Tris, John, Thanks! I blew away the original VM I was using for testing as it came time to do the things for real in production - and, as much as I hated it, I just added the disk and rebooted the production machine to make it "see" that disk. However, I have then decided to investigate the matter further. So I created a new one. It is running on an ESXi 5.5 server, VM Version 10, VMware Paravirtual SCSI controller, configured for RedHat 6/64-bit OS, running Centos 6/64 bit. And it worked perfectly when it came to "seeing" a hotplugged disk drive. So I am not sure what to make of all of it - but it looks like freshly created VM's are OK and it was indeed something to do with the VM settings. Cheers, Boris. ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
[CentOS] CentOS-announce Digest, Vol 129, Issue 3
Send CentOS-announce mailing list submissions to centos-annou...@centos.org To subscribe or unsubscribe via the World Wide Web, visit https://lists.centos.org/mailman/listinfo/centos-announce or, via email, send a message with subject or body 'help' to centos-announce-requ...@centos.org You can reach the person managing the list at centos-announce-ow...@centos.org When replying, please edit your Subject line so it is more specific than "Re: Contents of CentOS-announce digest..." Today's Topics: 1. CEBA-2015:1988 CentOS 7 screen FASTTRACK BugFix Update (Johnny Hughes) -- Message: 1 Date: Thu, 5 Nov 2015 14:01:16 + From: Johnny Hughes To: centos-annou...@centos.org Subject: [CentOS-announce] CEBA-2015:1988 CentOS 7 screen FASTTRACK BugFix Update Message-ID: <20151105140116.ga...@n04.lon1.karan.org> Content-Type: text/plain; charset=us-ascii CentOS Errata and Bugfix Advisory 2015:1988 Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1988.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 92057de1fcc98976f307be19cf298640a1fb6975d526ea947d42d2cef3100f22 screen-4.1.0-0.22.20120314git3c2946.el7.x86_64.rpm Source: de2b9e8d133cd88512293cbf63962f44797d8d8433766edcb3945758c133ed6f screen-4.1.0-0.22.20120314git3c2946.el7.src.rpm -- Johnny Hughes CentOS Project { http://www.centos.org/ } irc: hughesjr, #cen...@irc.freenode.net Twitter: @JohnnyCentOS -- ___ CentOS-announce mailing list centos-annou...@centos.org https://lists.centos.org/mailman/listinfo/centos-announce End of CentOS-announce Digest, Vol 129, Issue 3 *** ___ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos