Description of problem:<br />
removed with snap<br />
SELinux is preventing /usr/libexec/snapd/snapd from 'write' accesses on the directory dconf.<br />
<br />
***** Plugin catchall (100. confidence) suggests **************************<br />
<br />
If you believe that snapd should be allowed write access on the dconf directory by default.<br />
Then you should report this as a bug.<br />
You can generate a local policy module to allow this access.<br />
Do<br />
allow this access for now by executing:<br />
# ausearch -c 'snapd' --raw | audit2allow -M my-snapd<br />
# semodule -i my-snapd.pp<br />
<br />
Additional Information:<br />
Source Context system_u:system_r:snappy_t:s0<br />
Target Context unconfined_u:object_r:config_home_t:s0<br />
Target Objects dconf [ dir ]<br />
Source snapd<br />
Source Path /usr/libexec/snapd/snapd<br />
Port <Unknown><br />
Host (removed)<br />
Source RPM Packages snapd-2.39.2-1.el7.x86_64<br />
Target RPM Packages <br />
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch<br />
Selinux Enabled True<br />
Policy Type targeted<br />
Enforcing Mode Enforcing<br />
Host Name (removed)<br />
Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu<br />
Nov 8 23:39:32 UTC 2018 x86_64 x86_64<br />
Alert Count 1<br />
First Seen 2019-07-11 17:51:52 EEST<br />
Last Seen 2019-07-11 17:51:52 EEST<br />
Local ID 79b2edc9-5441-421a-bf11-7709fca4085a<br />
<br />
Raw Audit Messages<br />
type=AVC msg=audit(1562856712.628:4460): avc: denied { write } for pid=8269 comm="snapd" name="dconf" dev="tmpfs" ino=155355 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir permissive=1<br />
<br />
<br />
type=AVC msg=audit(1562856712.628:4460): avc: denied { remove_name } for pid=8269 comm="snapd" name="user" dev="tmpfs" ino=155356 scontext=system_u:system_r:snappy_t:s0 tcontext=unconfined_u:object_r:config_home_t:s0 tclass=dir permissive=1<br />
<br />
<br />
type=SYSCALL msg=audit(1562856712.628:4460): arch=x86_64 syscall=unlinkat success=yes exit=0 a0=ffffffffffffff9c a1=c0005d5080 a2=0 a3=0 items=0 ppid=1 pid=8269 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=snapd exe=/usr/libexec/snapd/snapd subj=system_u:system_r:snappy_t:s0 key=(null)<br />
<br />
Hash: snapd,snappy_t,config_home_t,dir,write<br />
<br />
Version-Release number of selected component:<br />
selinux-policy-3.13.1-229.el7_6.12.noarch
↧
0016261: SELinux is preventing /usr/libexec/snapd/snapd from 'write' accesses on the directory dconf.
↧
0016262: Packages installation fails from buildlogs repos
When installing packages from different buildlogs repos, in some cases (not every installation, but a high percentage) fails with "Error 302 - Maximum (5) redirects followed " <br />
<br />
Examples:<br />
<br />
From: <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/</a> (mapped to cloud7-openstack-queens-testing), <br />
<br />
<br />
Dependencies Resolved<br />
<br />
===================================================================================================================================================================================================================<br />
Package Arch Version Repository Size<br />
===================================================================================================================================================================================================================<br />
Installing:<br />
mariadb-server-galera x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 41 k<br />
Installing for dependencies:<br />
mariadb x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 6.3 M<br />
mariadb-common x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 62 k<br />
mariadb-errmsg x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 199 k<br />
mariadb-libs x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 643 k<br />
mariadb-server x86_64 3:10.1.20-2.el7 centos-openstack-queens-test 19 M<br />
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 base 32 k<br />
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 base 57 k<br />
perl-DBD-MySQL x86_64 4.023-6.el7 base 140 k<br />
perl-DBI x86_64 1.627-4.el7 base 802 k<br />
perl-Data-Dumper x86_64 2.145-3.el7 base 47 k<br />
perl-IO-Compress noarch 2.061-2.el7 base 260 k<br />
perl-Net-Daemon noarch 0.48-5.el7 base 51 k<br />
perl-PlRPC noarch 0.2020-14.el7 base 36 k<br />
socat x86_64 1.7.3.2-2.el7 base 290 k<br />
<br />
Transaction Summary<br />
===================================================================================================================================================================================================================<br />
Install 1 Package (+14 Dependent packages)<br />
<br />
Total download size: 28 M<br />
Installed size: 142 M<br />
Is this ok [y/d/N]: y<br />
Downloading packages:<br />
(1/15): mariadb-10.1.20-2.el7.x86_64.rpm | 6.3 MB 00:00:00 <br />
(2/15): mariadb-errmsg-10.1.20-2.el7.x86_64.rpm | 199 kB 00:00:00 <br />
(3/15): mariadb-libs-10.1.20-2.el7.x86_64.rpm | 643 kB 00:00:00 <br />
(4/15): mariadb-server-10.1.20-2.el7.x86_64.rpm | 19 MB 00:00:00 <br />
(5/15): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm | 32 kB 00:00:00 <br />
(6/15): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm | 57 kB 00:00:00 <br />
(7/15): perl-Data-Dumper-2.145-3.el7.x86_64.rpm | 47 kB 00:00:00 <br />
(8/15): perl-IO-Compress-2.061-2.el7.noarch.rpm | 260 kB 00:00:00 <br />
(9/15): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:00:00 <br />
(10/15): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00:00 <br />
(11/15): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00:00 <br />
(12/15): socat-1.7.3.2-2.el7.x86_64.rpm | 290 kB 00:00:00 <br />
(13/15): perl-DBD-MySQL-4.023-6.el7.x86_64.rpm | 140 kB 00:00:00 <br />
mariadb-common-10.1.20-2.el7.x FAILED <br />
<a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-common-10.1.20-2.el7.x86_64.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-common-10.1.20-2.el7.x86_64.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA <br />
Trying other mirror.<br />
mariadb-server-galera-10.1.20- FAILED <br />
<a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-server-galera-10.1.20-2.el7.x86_64.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-queens/mariadb-server-galera-10.1.20-2.el7.x86_64.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA <br />
Trying other mirror.<br />
<br />
<br />
Error downloading packages:<br />
3:mariadb-server-galera-10.1.20-2.el7.x86_64: [Errno 256] No more mirrors to try.<br />
3:mariadb-common-10.1.20-2.el7.x86_64: [Errno 256] No more mirrors to try.<br />
<br />
<br />
<br />
From <a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/</a><br />
<br />
<br />
# yumdownloader GitPython<br />
Loaded plugins: fastestmirror, priorities<br />
Loading mirror speeds from cached hostfile<br />
* base: centos-distro.cavecreek.net<br />
* centos-ceph-nautilus: centos-distro.cavecreek.net<br />
* centos-nfs-ganesha28: mirror.sjc02.svwh.net<br />
* centos-qemu-ev: mirror.keystealth.org<br />
* extras: mirrors.usc.edu<br />
* updates: mirror.hostduplex.com<br />
GitPython-1.0.1-5.el7.noarch.r FAILED <br />
<a href="https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/GitPython-1.0.1-5.el7.noarch.rpm:">https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-stein/GitPython-1.0.1-5.el7.noarch.rpm:</a> [Errno 14] Error 302 - Maximum (5) redirects followed ] 0.0 B/s | 0 B --:--:-- ETA <br />
Trying other mirror.<br />
GitPython-1.0.1-5.el7.noarch: [Errno 256] No more mirrors to try.
↧
↧
0016263: Access to Fedora CoreOS Jenkins Instance
Hi,<br />
<br />
I work on the Fedora CoreOS project and need access granted on my account (my apps.ci.centos.org account name is also slowrie) for this server (<a href="https://jenkins-fedora-coreos.apps.ci.centos.org">https://jenkins-fedora-coreos.apps.ci.centos.org</a>).<br />
<br />
Thanks,<br />
--Stephen
↧
0016242: SMB/CIFS server connection stalls accessing files using kernel-3.10.0-957.21.3.el7
When accessing files on a SMB share on a CentOS server running kernel 3.10.0-957.21.3.el7 the connection appears to stall. The client will hang and eventually log something along the line of:<br />
<br />
kernel: CIFS VFS: Server *** has not responded in 120 seconds. Reconnecting...<br />
kernel: CIFS VFS: Send error in read = -11<br />
<br />
- The issue does not occur when the server is running an older kernel, including kernel-3.10.0-957.21.2.el7.x86_64. <br />
- Reliably triggered by reading several files (e.g. `grep "something" * -R` or `git status`) <br />
- Listing files does not appear to trigger the issue<br />
- Tested with fully patched CentOS 7 and Ubuntu 18.04 as clients
↧
0016131: CentOS7 AWS Marketplace AMI only supports some of the x1e class of instances.
When attempting to spin up an x1e.xlarge in US-EAST-1 (N. Virginia) with the Centos Image listed here: <a href="https://aws.amazon.com/marketplace/pp/B00O7WM7QW?qid=1559154080727&sr=0-1&ref_=srh_res_product_title">https://aws.amazon.com/marketplace/pp/B00O7WM7QW?qid=1559154080727&sr=0-1&ref_=srh_res_product_title</a> you will be presented with an error.
↧
↧
0016264: Add bgilbert to Fedora CoreOS projects
Please add `bgilbert` to the `fedora-coreos` and `fedora-coreos-devel` projects. Thanks!
↧
0016265: kernel panics in fsnotify_connector_destroy_workfn/kmem_cache_free
The kernel version is 3.10.0-862.el7.x86_64.<br />
<br />
We have k8s pods running on this, kubelet version 1.13.7. And quite ocassionally, we encountered kernel panic, like the following:<br />
<br />
[97056.631232] Workqueue: events_unbound fsnotify_connector_destroy_workfn<br />
[97056.632214] task: ffff95a43f6c8fd0 ti: ffff95a34e244000 task.ti: ffff95a34e244000<br />
[97056.632827] RIP: 0010:[<ffffffff9d1f6663>] [<ffffffff9d1f6663>] kmem_cache_free+0x143/0x200<br />
[97056.633493] RSP: 0018:ffff95a34e247de0 EFLAGS: 00010286<br />
[97056.634485] RAX: ffffe3f4e8000000 RBX: ffff95a400000000 RCX: 0000000000000000<br />
[97056.635527] RDX: ffffe3f4e8000000 RSI: ffff95a400000000 RDI: 0000000000000000<br />
[97056.636575] RBP: ffff95a34e247df8 R08: ffffffff9dd420a0 R09: 000188d6db4a30a0<br />
[97056.637234] R10: 000188d6db4a30a0 R11: 0000000000000005 R12: ffff959b75981800<br />
[97056.638034] R13: ffff959b6f515400 R14: ffff959b7fd13e00 R15: 0000000000000200<br />
[97056.639436] FS: 0000000000000000(0000) GS:ffff95a43fc80000(0000) knlGS:0000000000000000<br />
[97056.640414] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033<br />
[97056.641488] CR2: 00000000000000b8 CR3: 000000095074c000 CR4: 00000000003607e0<br />
[97056.642633] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000<br />
[97056.643666] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400<br />
[97056.644538] Call Trace:<br />
[97056.645264] [<ffffffff9d2624db>] fsnotify_connector_destroy_workfn+0x6b/0x80<br />
[97056.646013] [<ffffffff9d0b2dff>] process_one_work+0x17f/0x440<br />
[97056.646900] [<ffffffff9d0b3ac6>] worker_thread+0x126/0x3c0<br />
[97056.647963] [<ffffffff9d0b39a0>] ? manage_workers.isra.24+0x2a0/0x2a0<br />
[97056.648993] [<ffffffff9d0bae31>] kthread+0xd1/0xe0<br />
[97056.650027] [<ffffffff9d0bad60>] ? insert_kthread_work+0x40/0x40<br />
[97056.651071] [<ffffffff9d71f637>] ret_from_fork_nospec_begin+0x21/0x21<br />
[97056.652111] [<ffffffff9d0bad60>] ? insert_kthread_work+0x40/0x40<br />
[97056.652719] Code: 48 c1 e8 0c 48 c1 e0 06 48 03 05 e9 ad a4 00 48 8b 10 80 e6 80 0f 85 b4 00 00 00 48 89 c2 48 8b 7a 30 49 39 fc 0f 84 e0 fe ff ff <48> 8b 87 b8 00 00 00 48 85 c0 74 0a 4c 3b 60 20 0f 84 cd fe ff<br />
[97056.654656] RIP [<ffffffff9d1f6663>] kmem_cache_free+0x143/0x200<br />
[97056.655325] RSP <ffff95a34e247de0><br />
[97056.656012] CR2: 00000000000000b8<br />
<br />
<br />
Noticed that there is similar issue reported against kernel 4.14, but not very confirmed if it is the same issue (<a href="http://lists-archives.com/linux-kernel/29098940-kernel-4-14-x-crash-around-fsnotify_mark_connector.html">http://lists-archives.com/linux-kernel/29098940-kernel-4-14-x-crash-around-fsnotify_mark_connector.html</a>)<br />
<br />
Hope to know if anyone has any idea on how this occurs,
↧
0016266: Please create user "lucab" on Openshift cluster, with access to projects "fedora-coreos" and "fedora-coreos-devel"
Hi,<br />
as part of Fedora CoreOS development I'd like to get access to <a href="https://jenkins-fedora-coreos.apps.ci.centos.org">https://jenkins-fedora-coreos.apps.ci.centos.org.</a><br />
As such, I'm requesting a new user to be created on the Openshift cluster, with proper RBAC for accessing Fedora CoreOS resources.<br />
<br />
Requested username: lucab<br />
Projects access:<br />
* fedora-coreos<br />
* fedora-coreos-devel<br />
<br />
I can be reached over GPG at <a href="mailto:luca.bruno@coreos.com">luca.bruno@coreos.com</a>.<br />
My key is on keyservers, fingerprint is 4C8413AA38176150A8906994BB1A3A854F3BBEBF. <br />
<br />
My sponsor is jlebon, which should be chiming in here soon.
↧
0016267: SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process.
Description of problem:<br />
SELinux is preventing /usr/sbin/sshd from using the 'signull' accesses on a process.<br />
<br />
***** Plugin catchall (100. confidence) suggests **************************<br />
<br />
If you believe that sshd should be allowed signull access on processes labeled unconfined_service_t by default.<br />
Then you should report this as a bug.<br />
You can generate a local policy module to allow this access.<br />
Do<br />
allow this access for now by executing:<br />
# ausearch -c 'sshd' --raw | audit2allow -M my-sshd<br />
# semodule -i my-sshd.pp<br />
<br />
Additional Information:<br />
Source Context system_u:system_r:sshd_t:s0-s0:c0.c1023<br />
Target Context system_u:system_r:unconfined_service_t:s0<br />
Target Objects Unknown [ process ]<br />
Source sshd<br />
Source Path /usr/sbin/sshd<br />
Port <Unknown><br />
Host (removed)<br />
Source RPM Packages openssh-server-7.4p1-16.el7.x86_64<br />
Target RPM Packages <br />
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch<br />
Selinux Enabled True<br />
Policy Type targeted<br />
Enforcing Mode Enforcing<br />
Host Name (removed)<br />
Platform Linux (removed) 3.10.0-957.21.3.el7.x86_64 #1 SMP<br />
Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64<br />
Alert Count 4<br />
First Seen 2019-06-28 16:00:56 PDT<br />
Last Seen 2019-06-28 16:04:00 PDT<br />
Local ID 4c78ad3f-e2f8-44a4-8ae3-3ea759cf0146<br />
<br />
Raw Audit Messages<br />
type=AVC msg=audit(1561763040.671:280): avc: denied { signull } for pid=36999 comm="sshd" scontext=system_u:system_r:sshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:unconfined_service_t:s0 tclass=process permissive=0<br />
<br />
<br />
type=SYSCALL msg=audit(1561763040.671:280): arch=x86_64 syscall=kill success=no exit=EACCES a0=8d8c a1=0 a2=b a3=6 items=0 ppid=23644 pid=36999 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=7 comm=sshd exe=/usr/sbin/sshd subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 key=(null)<br />
<br />
Hash: sshd,sshd_t,unconfined_service_t,process,signull<br />
<br />
Version-Release number of selected component:<br />
selinux-policy-3.13.1-229.el7_6.12.noarch
↧
↧
0015141: on reboot after initial creation attempting to start VDO crashes system
After creating a vdo device for dedup/compression and using it, any system reboot after that the device being mounted (automatically or manually) will cause a system abend.<br />
<br />
Tried two hardware platforms. Lenovo TinyPC 710 with USB storage, and Lenovo TD with LSI Megaraid.<br />
<br />
able to reproduce now attempting 5 times, every time, same error message.
↧
0016268: [abrt] firefox: in(): firefox killed by SIGSEGV
Description of problem:<br />
<br />
<br />
Version-Release number of selected component:<br />
firefox-60.7.0-1.el7.centos<br />
<br />
Truncated backtrace:<br />
Thread no. 38 (1 frames)<br />
#0 0x00002ad50d35220d in at /usr/lib64/libc.so.6
↧
0016269: [abrt] firefox: pthread_cond_wait@@GLIBC_2.3.2(): firefox killed by SIGSEGV
Description of problem:<br />
<br />
<br />
Version-Release number of selected component:<br />
firefox-60.7.2-1.el7.centos<br />
<br />
Truncated backtrace:<br />
Thread no. 40 (3 frames)<br />
#0 pthread_cond_wait@@GLIBC_2.3.2 at ../nptl/sysdeps/unix/sysv/linux/x86_64/pthread_cond_wait.S:185<br />
#1 mozilla::detail::ConditionVariableImpl::wait(mozilla::detail::MutexImpl&)<br />
#2 mozilla::image::AnimationSurfaceProvider::Run() at /usr/lib64/firefox/libxul.so
↧
0016244: [abrt] kernel: WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0
Description of problem:<br />
The problem occurred just after having switched on the laptop.<br />
<br />
Version-Release number of selected component:<br />
kernel<br />
<br />
Truncated backtrace:<br />
WARNING: CPU: 2 PID: 58 at drivers/thunderbolt/switch.c:587 tb_switch_add+0x6f6/0x7c0<br />
Device: thunderbolt#0120:2: non switch port without a PHY<br />
Modules linked in: tcp_lp fuse xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun devlink nls_utf8 cifs ccm dns_resolver ip6t_rpfilter ipt_REJECT nf_reject_ipv4 ip6t_REJECT nf_reject_ipv6 xt_conntrack ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_security ip6table_raw iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_mangle iptable_security iptable_raw ebtable_filter ebtables ip6table_filter ip6_tables iptable_filter bnep sunrpc iTCO_wdt iTCO_vendor_support mei_wdt intel_wmi_thunderbolt arc4 vfat iwlmvm fat intel_pmc_core intel_powerclamp coretemp intel_rapl mac80211 kvm irqbypass crc32_pclmul ghash_clmulni_intel snd_hda_codec_hdmi aesni_intel lrw gf128mul<br />
glue_helper ablk_helper snd_hda_codec_conexant cryptd snd_hda_codec_generic snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core snd_soc_sst_dsp snd_soc_sst_ipc iwlwifi snd_soc_acpi snd_soc_core snd_compress snd_hda_intel snd_hda_codec pcspkr snd_hda_core snd_hwdep snd_seq snd_seq_device btusb btrtl btbcm btintel snd_pcm bluetooth cfg80211 rtsx_pci_ms i2c_i801 uvcvideo snd_timer memstick videobuf2_vmalloc videobuf2_memops videobuf2_core joydev videodev mei_me mei hid_sensor_accel_3d hid_sensor_magn_3d hid_sensor_gyro_3d hid_sensor_rotation hid_sensor_als hid_sensor_trigger hid_sensor_iio_common industrialio_triggered_buffer idma64 virt_dma i2c_designware_platform i2c_designware_core thinkpad_acpi snd soundcore rfkill pinctrl_sunrisepoint pinctrl_intel wmi tpm_crb acpi_pad sch_fq_codel ip_tables<br />
xfs libcrc32c rtsx_pci_sdmmc mmc_core hid_wacom hid_sensor_custom i915 crct10dif_pclmul crct10dif_common crc32c_intel serio_raw nvme e1000e nvme_core rtsx_pci ptp pps_core i2c_algo_bit iosf_mbi drm_kms_helper syscopyarea i2c_hid sysfillrect video sysimgblt fb_sys_fops drm hid_sensor_hub drm_panel_orientation_quirks dm_mirror dm_region_hash dm_log dm_mod<br />
CPU: 2 PID: 58 Comm: kworker/u16:1 Kdump: loaded Not tainted 3.10.0-957.5.1.el7.x86_64 #1<br />
Hardware name: LENOVO 20JHCTO1WW/20JHCTO1WW, BIOS R0HET39W (1.19 ) 09/29/2017<br />
Workqueue: kacpi_hotplug acpi_hotplug_work_fn<br />
Call Trace:<br />
[<ffffffffab361e41>] dump_stack+0x19/0x1b<br />
[<ffffffffaac97688>] __warn+0xd8/0x100<br />
[<ffffffffaac9770f>] warn_slowpath_fmt+0x5f/0x80<br />
[<ffffffffab202e06>] tb_switch_add+0x6f6/0x7c0<br />
[<ffffffffab202379>] ? tb_switch_alloc+0x409/0x560<br />
[<ffffffffab208e76>] icm_start+0x56/0xb0<br />
[<ffffffffab206867>] tb_domain_add+0xc7/0x110<br />
[<ffffffffab1fc634>] nhi_probe+0x174/0x320<br />
[<ffffffffaafc514a>] local_pci_probe+0x4a/0xb0<br />
[<ffffffffaafc6889>] pci_device_probe+0x109/0x160<br />
[<ffffffffab0a8905>] driver_probe_device+0xc5/0x3e0<br />
[<ffffffffab0a8c20>] ? driver_probe_device+0x3e0/0x3e0<br />
[<ffffffffab0a8c63>] __device_attach+0x43/0x50<br />
[<ffffffffab0a6585>] bus_for_each_drv+0x75/0xc0<br />
[<ffffffffab0a8740>] device_attach+0x90/0xb0<br />
[<ffffffffaafba4ef>] pci_bus_add_device+0x4f/0xa0<br />
[<ffffffffaafba579>] pci_bus_add_devices+0x39/0x80<br />
[<ffffffffaafba5a7>] pci_bus_add_devices+0x67/0x80<br />
[<ffffffffaafba5a7>] pci_bus_add_devices+0x67/0x80<br />
[<ffffffffaafe2969>] enable_slot+0x239/0x4a0<br />
[<ffffffffaafe1b88>] ? get_slot_status+0xa8/0x110<br />
[<ffffffffaafe2cd7>] acpiphp_check_bridge.part.9+0x107/0x140<br />
[<ffffffffaafe2f18>] acpiphp_hotplug_notify+0x138/0x210<br />
[<ffffffffaafe2de0>] ? acpiphp_post_dock_fixup+0xd0/0xd0<br />
[<ffffffffab00900e>] acpi_device_hotplug+0x3b7/0x41a<br />
[<ffffffffab0020d7>] acpi_hotplug_work_fn+0x1e/0x29<br />
[<ffffffffaacb9d8f>] process_one_work+0x17f/0x440<br />
[<ffffffffaacbae26>] worker_thread+0x126/0x3c0<br />
[<ffffffffaacbad00>] ? manage_workers.isra.25+0x2a0/0x2a0<br />
[<ffffffffaacc1c71>] kthread+0xd1/0xe0<br />
[<ffffffffaacc1ba0>] ? insert_kthread_work+0x40/0x40<br />
[<ffffffffab374c1d>] ret_from_fork_nospec_begin+0x7/0x21<br />
[<ffffffffaacc1ba0>] ? insert_kthread_work+0x40/0x40
↧
↧
0016270: When running groupinstall RT for cern repo there is a conflict in tuned versions.
When doing `groupinstall RT` from cern repo there is a conflict in tuned versions installed
↧
0016271: The groupinstall RT with CERN repo doesn't allow to start the tuned realtime profile.
After installing the RT kernel with cern repo ` groupinstall RT` it's not possible to start the tuned realtime profile. <br />
```<br />
> tuned-adm profile realtime<br />
Cannot load profile 'realtime': Assertion 'isolated_cores are set' failed.<br />
```<br />
Workaround: edit the `/etc/tuned/realtime-variables.conf` to include:<br />
# Examples:<br />
isolated_cores=2,4-7<br />
# isolated_cores=2-23<br />
#
↧
0016253: SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.
Description of problem:<br />
SELinux is preventing ps from 'sys_ptrace' accesses on the cap_userns labeled mozilla_plugin_t.<br />
<br />
***** Plugin mozplugger (99.1 confidence) suggests ************************<br />
<br />
If you want to use the plugin package<br />
Then you must turn off SELinux controls on the Firefox plugins.<br />
Do<br />
# setsebool -P unconfined_mozilla_plugin_transition 0<br />
<br />
***** Plugin catchall (1.81 confidence) suggests **************************<br />
<br />
If you believe that ps should be allowed sys_ptrace access on cap_userns labeled mozilla_plugin_t by default.<br />
Then you should report this as a bug.<br />
You can generate a local policy module to allow this access.<br />
Do<br />
allow this access for now by executing:<br />
# ausearch -c 'ps' --raw | audit2allow -M my-ps<br />
# semodule -i my-ps.pp<br />
<br />
Additional Information:<br />
Source Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c<br />
0.c1023<br />
Target Context unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c<br />
0.c1023<br />
Target Objects Unknown [ cap_userns ]<br />
Source ps<br />
Source Path ps<br />
Port <Unknown><br />
Host (removed)<br />
Source RPM Packages <br />
Target RPM Packages <br />
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch<br />
Selinux Enabled True<br />
Policy Type targeted<br />
Enforcing Mode Enforcing<br />
Host Name (removed)<br />
Platform Linux (removed) 5.2.0-1.el7.elrepo.x86_64 #1 SMP<br />
Mon Jul 8 09:37:45 EDT 2019 x86_64 x86_64<br />
Alert Count 6<br />
First Seen 2019-07-09 11:06:31 -03<br />
Last Seen 2019-07-09 11:06:31 -03<br />
Local ID ec3a4a36-f319-46a3-9d7b-2cf222e91276<br />
<br />
Raw Audit Messages<br />
type=AVC msg=audit(1562681191.381:237): avc: denied { sys_ptrace } for pid=5238 comm="ps" capability=19 scontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:mozilla_plugin_t:s0-s0:c0.c1023 tclass=cap_userns permissive=0<br />
<br />
<br />
Hash: ps,mozilla_plugin_t,mozilla_plugin_t,cap_userns,sys_ptrace<br />
<br />
Version-Release number of selected component:<br />
selinux-policy-3.13.1-229.el7_6.12.noarch
↧
0016254: SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-1...
Description of problem:<br />
was installing the oracle grid, when it restarted without finishing the installation<br />
SELinux is preventing /usr/sbin/tcpdump from 'ioctl' accesses on the file /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-141720/tcpdump_enp0s8.trc.<br />
<br />
***** Plugin catchall (100. confidence) suggests **************************<br />
<br />
If you believe that tcpdump should be allowed ioctl access on the tcpdump_enp0s8.trc file by default.<br />
Then you should report this as a bug.<br />
You can generate a local policy module to allow this access.<br />
Do<br />
allow this access for now by executing:<br />
# ausearch -c 'tcpdump' --raw | audit2allow -M my-tcpdump<br />
# semodule -i my-tcpdump.pp<br />
<br />
Additional Information:<br />
Source Context system_u:system_r:netutils_t:s0<br />
Target Context system_u:object_r:user_home_t:s0<br />
Target Objects /home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-<br />
141720/tcpdump_enp0s8.trc [ file ]<br />
Source tcpdump<br />
Source Path /usr/sbin/tcpdump<br />
Port <Unknown><br />
Host (removed)<br />
Source RPM Packages tcpdump-4.9.2-3.el7.x86_64<br />
Target RPM Packages <br />
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch<br />
Selinux Enabled True<br />
Policy Type targeted<br />
Enforcing Mode Enforcing<br />
Host Name (removed)<br />
Platform Linux (removed) 3.10.0-957.21.3.el7.x86_64 #1 SMP<br />
Tue Jun 18 16:35:19 UTC 2019 x86_64 x86_64<br />
Alert Count 851<br />
First Seen 2019-07-09 11:29:51 EDT<br />
Last Seen 2019-07-09 14:17:21 EDT<br />
Local ID 3f4aaf9d-4e0e-49eb-895c-eb1e41c33373<br />
<br />
Raw Audit Messages<br />
type=AVC msg=audit(1562696241.42:3547): avc: denied { ioctl } for pid=1605 comm="tcpdump" path="/home/grid/app/grid/diagsnap/nodo1/evt_1_20190709-141720/tcpdump_enp0s8.trc" dev="dm-2" ino=102543772 ioctlcmd=5401 scontext=system_u:system_r:netutils_t:s0 tcontext=system_u:object_r:user_home_t:s0 tclass=file permissive=0<br />
<br />
<br />
type=SYSCALL msg=audit(1562696241.42:3547): arch=x86_64 syscall=ioctl success=no exit=EACCES a0=1 a1=5401 a2=7ffd87f87da0 a3=7ffd87f878a0 items=0 ppid=1594 pid=1605 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=tcpdump exe=/usr/sbin/tcpdump subj=system_u:system_r:netutils_t:s0 key=(null)<br />
<br />
Hash: tcpdump,netutils_t,user_home_t,file,ioctl<br />
<br />
Version-Release number of selected component:<br />
selinux-policy-3.13.1-229.el7_6.12.noarch
↧
↧
0016272: cups-pdf produces one single empty page regardless of input
Trying to print various files:<br />
<br />
convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PS:- 2>>${LOG_FILE} | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF" | awk '{print $4}' 2>>${LOG_FILE}<br />
<br />
This sends the generated EPS directly to the printer CUPS-PDF. cups-pdf takes the input and then generates a one empty side printout.<br />
convert does its job:<br />
<br />
convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PS:output.ps<br />
<br />
generates a postscript file readable by gs or evince. Even:<br />
<br />
convert -page A0+0+0 /data/dwdsat/fetched/data/Z__C_EDZW_20190716111509_obs01,obs_wmo_dl_N_999999_999999_201907161100_KU4.png PDF:output.pdf<br />
<br />
works as expected.<br />
<br />
Now I could:<br />
<br />
# cat output.ps | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF"<br />
<br />
or<br />
<br />
# cat output.pdf | lp -o media=A4 -o page-top=28 -o fitplot -d "CUPS-PDF"<br />
<br />
both generate the "one-empty-page"-pdf seen above. While both files are viewable by gs or evince.
↧
0016273: libvirt OS detection falls back to Alpine on CentOS 7.6.1810 install disk
When installing a new VM through virt-manager connected to a CentOS 7 host, selecting a CentOS 7.6.1810 install disk auto-detects as Alpine Linux 3.8. Manually filling in "cent" gives choices only of CentOS 6.10 or "Generic default". Checking "Include end-of-life operating systems" allows me to select CentOS 7.0 but there are no later updates of CentOS 7.x listed. The virt hosts are fully-updated with latest versions of all packages as of earlier today.
↧
0016274: [abrt] totem: _g_log_abort(): totem-video-thumbnailer killed by SIGTRAP
Description of problem:<br />
opening DNxHD .mov files in file browser.<br />
<br />
Version-Release number of selected component:<br />
totem-3.26.2-1.el7<br />
<br />
Truncated backtrace:<br />
Thread no. 1 (10 frames)<br />
#0 _g_log_abort at gmessages.c:583<br />
#1 g_log_default_handler at gmessages.c:3158<br />
#4 g_malloc at gmem.c:104<br />
#5 g_slice_alloc at gslice.c:1025<br />
#6 _sysmem_new_block at gstallocator.c:416<br />
#7 gst_buffer_new_allocate at gstbuffer.c:838<br />
#8 video_buffer_pool_alloc at gstvideopool.c:247<br />
#9 do_alloc_buffer at gstbufferpool.c:274<br />
#10 default_acquire_buffer at gstbufferpool.c:1130<br />
#11 gst_buffer_pool_acquire_buffer at gstbufferpool.c:1261
↧