From evilensky at gmail.com Tue Dec 3 20:36:55 2013 From: evilensky at gmail.com (Eugene Vilensky) Date: Tue, 3 Dec 2013 14:36:55 -0600 Subject: [rhelv6-list] Distributing SELinux policies Message-ID: How might one go about and taking a policy generated by 'grep xxx /var/log/audit/audit.log' and distributing it to a set of machines? Is there a particular location they should be deployed to if wrapped in the simplest of RPMs? Thanks! -Eugene From darn570-linux at yahoo.com Wed Dec 11 15:25:57 2013 From: darn570-linux at yahoo.com (darn570-linux at yahoo.com) Date: Wed, 11 Dec 2013 07:25:57 -0800 (PST) Subject: [rhelv6-list] Red Hat Common Channels redux Message-ID: <1386775557.76019.YahooMailNeo@web162103.mail.bf1.yahoo.com> I saw a post on March 10th, 2003 asking about what these common child channels are for. https://www.redhat.com/archives/rhelv6-list/2013-March/msg00002.html I thought they were just in the client/workstation rhel 6 channels but I see they are also listed under the 6 server base channels as well. For example, base rhel-x86_64-client-6 the common channel looks like it just has a couple python related rpms. python-backports-ssl_match_hostname python-chardet python-ordereddict python-requests python-six python-urllib3 Does anyone know the purpose of these? Thanks! Chad -------------- next part -------------- An HTML attachment was scrubbed... URL: From eng-partner-management at redhat.com Wed Dec 11 17:30:58 2013 From: eng-partner-management at redhat.com (Engineering Partner Management) Date: Wed, 11 Dec 2013 12:30:58 -0500 Subject: [rhelv6-list] Red Hat Enterprise Linux 7 Beta Now Available - Testers Wanted Message-ID: <52A8A152.4060200@redhat.com> Today marks an exciting milestone for Red Hat as we share news of the beta availability of Red Hat Enterprise Linux 7. Since its introduction more than a decade ago[1], Red Hat Enterprise Linux[2] has become the world?s leading enterprise Linux platform, and it has helped set industry standards for performance[3], capacity[4], capability[5] and security[6]. Red Hat Enterprise Linux is a leading force in enterprise datacenters; it spans nearly every industry and has advanced to deliver the original cloud operating system[7], powering many of the world?s largest clouds. With today?s announcement, we are inviting Red Hat customers, partners, and members of the public to provide feedback on what we believe is our most ambitious release to date. Red Hat Enterprise Linux 7 is designed to provide the underpinning for future application architectures while delivering the flexibility, scalability, and performance needed to deploy across bare metal, virtual machines, and cloud infrastructure. We believe that Red Hat Enterprise Linux 7 represents the future of IT. As hypervisors and cloud deployments become increasingly common and face integration with physical servers, Red Hat Enterprise Linux 7 continues Red Hat's track record of cultivating a foundation upon which to build next-generation IT infrastructure. No other Linux operating system combines the flexibility and stability needed to handle critical workloads across all environments with as extensive an ecosystem of solutions and support. Based on Fedora 19 and the upstream Linux 3.10 kernel, Red Hat Enterprise Linux 7 will provide users with powerful new capabilities that streamline and automate installation and deployment, simplify management, and enhance ease-of-use, all while delivering the stability that enterprises have come to expect from Red Hat. This further solidifies Red Hat Enterprise Linux?s place as the world?s leading Linux platform and a standard for the enterprise of the future. Whether rolling out new applications, virtualizing environments or scaling the business with cloud, Red Hat Enterprise Linux 7 delivers the keystone to IT success. The beta release of Red Hat Enterprise Linux 7 adds value to new and existing IT projects across industries by adding key capabilities to improve critical but often cumbersome IT tasks like virtualization and storage while offering a clear pathway to the open hybrid cloud[8]. Red Hat Enterprise Linux 7 Beta showcases hundreds of new features and enhancements, including: Linux Containers - With Red Hat Enterprise Linux 7, applications can be created and deployed in isolated environments using Linux Container technology, such as Docker. System resources can be partitioned to each application container, providing each application with the appropriate resources and security isolation that they require - a key capability for enterprises seeking more agility and scalability within their infrastructure. Performance Management - More than just benchmark results, Red Hat Enterprise Linux 7 helps customers optimize system performance out-of-the-box while helping reduce performance-related IT costs. In addition, users have the option to select the appropriate performance profile for their application that helps them to achieve optimal application results. Physical and Hosted In-place Upgrades - Red Hat Enterprise Linux 7 will offer an in-place upgrade feature for common server deployment types, allowing data centers to migrate existing Red Hat Enterprise Linux 6.5 systems to Red Hat Enterprise Linux 7. Additionally, Red Hat Enterprise Linux 7 enables virtual machine migration from a Red Hat Enterprise Linux 6 host to a Red Hat Enterprise Linux 7 host without virtual machine modification or downtime. File Systems - File systems within Red Hat Enterprise Linux 7 continue to be a major focus of development and innovation, with enhancements to the ext4 and btrfs file systems. Red Hat Enterprise Linux 7 will include XFS as the default file system, scaled to support file systems up to 500 TB. The ext4 file system adds scalability enhancements to increase the maximum standalone file system size from 16 TB to 50 TB, and gains support for block sizes of up to 1MB, considerably decreasing the time spent doing block allocation and reducing fragmentation. Btrfs, an emerging file system, will be available as a technology preview within Red Hat Enterprise Linux 7 and includes integrated basic volume management, snapshot support, and checksum capability to validate full data and metadata integrity. Networking - Red Hat Enterprise Linux 7 enhances networking configuration and operation and adds support for some of the latest networking standards. Performance improvements are delivered for network intensive applications with the availability of 40Gb Ethernet support, improved channel bonding, TCP performance improvements and low latency socket poll support. Storage - Storage receives significant updates within Red Hat Enterprise Linux 7 with support of very large scale storage configurations, including support for enterprise storage arrays. For more price-sensitive deployments, enhancements to Red Hat Enterprise Linux?s scalable storage stack provide an alternative to expensive storage arrays. New capabilities in storage management simplify the management of heterogeneous storage environments. Windows Interoperability - For datacenters where co-existence of Red Hat Enterprise Linux and Microsoft Windows ServerTM is a requirement, interoperability capabilities have been expanded within Red Hat Enterprise Linux 7. Specifically, IT professionals can bridge Windows and Linux infrastructure by integrating Red Hat Enterprise Linux 7 systems and SAMBA 4.1 with existing Microsoft Active Directory domains. Additionally, staff can choose to deploy Red Hat Enterprise Linux Identity Management in a parallel trust zone with Active Directory, allowing customers to leverage the investments they have already made. Subsystem Management - Red Hat Enterprise Linux 7 simplifies configuration and administration with uniform management tools for networking, storage, file systems, performance, identities and security. It does this by delivering a Linux management framework that also interfaces to popular system management frameworks via OpenLMI. Through OpenLMI, system administrators can use scripting and APIs to automate management across multiple systems. Today?s beta announcement marks the beginning of our public journey to introduce our vision for the future of enterprise computing. We?re excited to be starting this public journey, and look forward to sharing our vision starting with these key highlights of new and enhanced capabilities and continuing on our new Red Hat Enterprise Linux-focused blog, located at http://rhelblog.redhat.com/. AVAILABILITY The Red Hat Enterprise Linux 7 beta is available to Red Hat customers, partners, and members of the public. If you are interested in trying the Red Hat Enterprise Linux 7 Beta, we encourage you to download and install it, and tell us[9] what interests you the most about the Beta. You may download the beta from the "Get Beta" link provided below. ADDITIONAL RESOURCES Please visit the below resources for more information about Red Hat Enterprise Linux 7 Beta. Access the Red Hat Enterprise Linux 7 Beta today: https://access.redhat.com/site/products/Red_Hat_Enterprise_Linux/Get-Beta Access documentation for Red Hat Enterprise Linux 7 Beta (requires login): Red Hat Enterprise Linux 7 Beta release notes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.0_Release_Notes/index.html Red Hat Enterprise Linux 7 Beta technical notes: https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.0_Technical_Notes/index.html Red Hat Enterprise Linux documentation: https://access.redhat.com/knowledge/docs/Red_Hat_Enterprise_Linux/ Follow updates about the Beta via the Red Hat Enterprise Linux Blog: http://rhelblog.redhat.com Sincerely, The Red Hat Enterprise Linux Team [1] - http://www.redhat.com/10yearsofrhel [2] - http://rhel.redhat.com [3] - http://rhel.redhat.com/performance [4] - http://rhel.redhat.com/capacity [5] - http://rhel.redhat.com/capability [6] - http://www.redhat.com/solutions/industry/government/certifications.html [7] - http://rhel.redhat.com/sites/default/files/RHEL_Org_Cloud_OS_WP_10935437_0413_jw_WEB_0.pdf [8] - http://www.redhat.com/solutions/open-hybrid-cloud/ [9] - https://www.techvalidate.com/registration/Red-Hat-Enterprise-Linux-7-Beta From t.h.amundsen at usit.uio.no Mon Dec 16 12:50:26 2013 From: t.h.amundsen at usit.uio.no (Trond Hasle Amundsen) Date: Mon, 16 Dec 2013 13:50:26 +0100 Subject: [rhelv6-list] Distributing SELinux policies In-Reply-To: (Eugene Vilensky's message of "Tue, 3 Dec 2013 14:36:55 -0600") References: Message-ID: <15tvbypj6y5.fsf@tux.uio.no> Eugene Vilensky writes: > How might one go about and taking a policy generated by 'grep xxx > /var/log/audit/audit.log' and distributing it to a set of machines? > Is there a particular location they should be deployed to if wrapped > in the simplest of RPMs? I'll take a crack at answering this. We do exactly like you describe, i.e. distribute a set of SELinux policies in an RPM, as a module. The policies themselves are generated partly with audit2allow, and partly by other means. If you do cat /var/log/audit/audit.log | audit2allow -m foo Then you'll get a textual representation of the policy. This should go into the 'foo.te' file. In addition, you should create a 'foo.if' and 'foo.fc' file. They can be empty. These files are then compiled into a module that you'll load with 'semodule -i foo'. We do all this in an RPM package. In case you're interested, the package SRPM is available here: http://sterkvin.uio.no/pub/uio-free/6/SRPMS/uio-selinux-0.7-1.el6.src.rpm Feel free to grab it and do the necessary adjustments for your environment. In creating and maintaining the RPM, I've tried to follow the relevant documentation: - SELinux Policy Modules Packaging Draft: http://fedoraproject.org/wiki/PackagingDrafts/SELinux/PolicyModules - Packaging:ScriptletSnippets http://fedoraproject.org/wiki/Packaging/ScriptletSnippets Regards, -- Trond H. Amundsen Center for Information Technology Services, University of Oslo From lowen at pari.edu Mon Dec 16 16:04:45 2013 From: lowen at pari.edu (Lamar Owen) Date: Mon, 16 Dec 2013 11:04:45 -0500 Subject: [rhelv6-list] Red Hat Enterprise Linux 7 Beta Now Available - Testers Wanted In-Reply-To: <52A8A152.4060200@redhat.com> References: <52A8A152.4060200@redhat.com> Message-ID: <52AF249D.9060702@pari.edu> On 12/11/2013 12:30 PM, Engineering Partner Management wrote: > Access documentation for Red Hat Enterprise Linux 7 Beta (requires > login): > > Red Hat Enterprise Linux 7 Beta release notes: Hmm. Evolution as an alternative to thunderbird? In what universe? From linux at cmadams.net Wed Dec 18 15:41:44 2013 From: linux at cmadams.net (Chris Adams) Date: Wed, 18 Dec 2013 09:41:44 -0600 Subject: [rhelv6-list] Odd load average spikes Message-ID: <20131218154144.GA11457@cmadams.net> I have a system that is a NAT/LVS front-end for a bunch of servers (mail, web, etc.). I noticed in my monitoring that, about every 100 minutes, the load average is spiking up to around 3-4 (not just a steady number, it fluctuates between maybe 2.5 and 4) for around 10 minutes. Then it drops back to near 0 fairly quickly. The weird thing is that nothing unusual appears to be happening on the server during this time. I was logged in when it happened just now, and top, ps, vmstat, iostat, etc. showed absolutely nothing unusual, except for the load average spikes. There was no unusual traffic, no problems with the load balancing, no CPU spike (still around 97% idle), no I/O load, etc. I'm pretty stumped. It doesn't appear to be causing any problem, but it shouldn't do that, and I don't like my servers doing things I don't understand. This is a new setup (just in service for a week or so now) on a Dell PowerEdge R300. The server is running keepalived, dnsmasq (for internal hostname mappings only), and fail2ban (although SSH is actually limited in iptables so this is probably redundant). It does have SNMP enabled, and keepalived is running with SNMP turned on (although I haven't got anything monitoring that yet). There aren't any cron jobs running around the times of the spikes. It also is running SELinux in enforcing mode. I know load average is a relatively poor indicator of actual system load; AFAIK Linux calculates it as the average number of processes running, "ready to run", or "waiting to run" (i.e. states R and D in ps/top). How would the load average jump to 4 when "ps | grep -v S" shows only the "ps" command itself? Any suggestions or ideas on how to track this down? Anybody seen something like this before? -- Chris Adams From smooge at gmail.com Wed Dec 18 16:19:57 2013 From: smooge at gmail.com (Stephen John Smoogen) Date: Wed, 18 Dec 2013 09:19:57 -0700 Subject: [rhelv6-list] Odd load average spikes In-Reply-To: <20131218154144.GA11457@cmadams.net> References: <20131218154144.GA11457@cmadams.net> Message-ID: On 18 December 2013 08:41, Chris Adams wrote: > I have a system that is a NAT/LVS front-end for a bunch of servers > (mail, web, etc.). I noticed in my monitoring that, about every 100 > minutes, the load average is spiking up to around 3-4 (not just a steady > number, it fluctuates between maybe 2.5 and 4) for around 10 minutes. > Then it drops back to near 0 fairly quickly. > > It could be a number of processes hitting device wait at the same time. Every process in device wait seems to increase the load average by 1. I have seen servers with load averages of 100's running along fine but 100 processes stuck in device wait for a network connection or something and not lowering the average. I would check to see when this happens what is in D state. The next two areas would be looking at iostat and sar during those times to see what might be causing it to pop up. Hope this helps. -- Stephen J Smoogen. -------------- next part -------------- An HTML attachment was scrubbed... URL: From linux at cmadams.net Wed Dec 18 16:35:16 2013 From: linux at cmadams.net (Chris Adams) Date: Wed, 18 Dec 2013 10:35:16 -0600 Subject: [rhelv6-list] Odd load average spikes In-Reply-To: References: <20131218154144.GA11457@cmadams.net> Message-ID: <20131218163516.GB11457@cmadams.net> Once upon a time, Stephen John Smoogen said: > It could be a number of processes hitting device wait at the same time. > Every process in device wait seems to increase the load average by 1. I > have seen servers with load averages of 100's running along fine but 100 > processes stuck in device wait for a network connection or something and > not lowering the average. I would check to see when this happens what is in > D state. Yeah, I've seen that before (logged into a server last month with a load average of 463!), but it doesn't appear to be the case here. When this happens, everything is sleeping except my ps/top/etc. > The next two areas would be looking at iostat and sar during those times to > see what might be causing it to pop up. Neither of them show anything odd either. Since the only services running (keepalived, dnsmasq just doing DNS, snmpd) don't hit disk under normal conditions, it doesn't seem like it could be disk I/O. It could be network I/O related, but that's all in-kernel I guess (and I don't see any unusal network traffic spikes at those times). -- Chris Adams From rpjday at crashcourse.ca Fri Dec 20 15:47:51 2013 From: rpjday at crashcourse.ca (Robert P. J. Day) Date: Fri, 20 Dec 2013 10:47:51 -0500 Subject: [rhelv6-list] why are there still remnants of NFSv1 references in RHEL 6.5? Message-ID: <20131220104751.816219ew9nm0ct7o@crashcourse.ca> currently reading RHEL 6.5 "storage administration guide", the chapter on NFS, and it reads: "Currently, there are three versions of NFS. NFS version 2 (NFSv2) is older and widely supported..." and goes on to mention NFSv3 and NFSv4, of course. in addition, /etc/sysconfig/nfs mentions only the earlier versions NFSv2 and NFSv3, but the /etc/rc.d/init.d/nfs startup script contains the snippet: case $MOUNTD_NFS_V1 in no|NO) RPCMOUNTDOPTS="$RPCMOUNTDOPTS --no-nfs-version 1" ;; esac surely this test is obsolete by now. or is it? if it's still valid in some way, should it not be documented? rday