selinux September 2008

selinux@lists.fedoraproject.org

35 participants
42 discussions

by Tom London

I'm having some out-of-memory issues with latest kernels: https://bugzilla.redhat.com/show_bug.cgi?id=460848 I've noticed that when this happens, I get audit and AVC spew. Appears that I get 'sys_rawio', 'sys_admin', and 'sys_resource' AVCs for processes that are about to commit suicide. I have no idea what is causing these, and whether these are bugs (or features ;)). Any ideas/wisdom welcome! tom [root@tlondon ~]# audit2allow -i oom-audit.txt #============= NetworkManager_t ============== allow NetworkManager_t self:capability { sys_rawio sys_admin sys_resource }; #============= audisp_t ============== allow audisp_t self:capability { sys_rawio sys_admin sys_resource }; #============= auditd_t ============== allow auditd_t self:capability { sys_rawio sys_admin }; #============= bluetooth_t ============== allow bluetooth_t self:capability { sys_rawio sys_admin sys_resource }; #============= consolekit_t ============== allow consolekit_t self:capability { sys_rawio sys_admin sys_resource }; #============= dhcpc_t ============== allow dhcpc_t self:capability { sys_rawio sys_admin }; #============= getty_t ============== allow getty_t self:capability sys_rawio; #============= kerneloops_t ============== allow kerneloops_t self:capability { sys_rawio sys_admin sys_resource }; #============= restorecond_t ============== allow restorecond_t self:capability { sys_rawio sys_admin sys_resource }; #============= rpcd_t ============== allow rpcd_t self:capability { sys_rawio sys_admin sys_resource }; #============= sendmail_t ============== allow sendmail_t self:capability { sys_rawio sys_admin sys_resource }; #============= setroubleshootd_t ============== allow setroubleshootd_t self:capability { sys_rawio sys_admin sys_resource }; #============= sshd_t ============== allow sshd_t self:capability { sys_rawio sys_admin }; #============= syslogd_t ============== allow syslogd_t self:capability sys_rawio; #============= unconfined_mono_t ============== allow unconfined_mono_t self:process execstack; #============= xdm_t ============== allow xdm_t self:capability sys_admin; [root@tlondon ~]# -- Tom London

15 years, 7 months

3
3
0 / 0

Linux/Unix system admin looking for job

by foreverterran

Hello, ABOUT ME: EXPERIENCE SUMMARY: Operating Systems: . FreeBSD . RHEL . Suse, SLES 9/10 . CentOS . Fedora . Ubuntu . Debian . Microsoft Windows 98/xp/2000/2003/NT Software and Networking: . Apache HTTP/HTTPS servers (versions 1.3.x/2.x ) . Mail (Sendmail, Postfix, Amavisd-new, ClamAV, Spamassassin, Courier IMAP) . MySQL, PostgreSQL, Sybase (backup, maintenance, tuning, replication) . Monitoring (MRTG, Zabbix, Munin) . Samba, NFS . NTP, ntpdate . Firewall (iptables, ipfw, ipfilter, shorewall) . LDAP (OpenLDAP) . Backup (Rsnapshot, Amanda) . Virtualisation (Qemu, Vmware, Xen) . High Availability (Hearbeat, load balancing) . TCP/IP, UDP, ICMP, DHCP, SNMP, NAT, VPN . Perl, bash scripting Working experience: . Administrated and configured more then 50 linux/unix servers. . Managing of the mail service using Sendmail and Postfix (virtual domains, MySQL, Antispam, Antivirus, SMTP authentication SASL). More then 5000 mailusers. . Managing, using Postfix and LDAP (Antispam, Antivirus, OpenLDAP, SMTP authentication SASL). More the 10 000 mailusers. . Tuning, maintained huge MySQL databases. . Apache (1.3.x / 2.x) tuning. Strong security experience . Implemented Rsnapshot, Amanda backup system. . Central monitoring system (Zabbix). . Software/hardware testing. . High Availability servers setup using Hearbeat. . Load balancing. WORK HISTORY: February 2002 - July 2003 System administration of UNIX Internet servers. Setup and support mail server with Sendmail and Postfix MTA (virtual domains, MySQL, Antispam, Antivirus, SMTP+Auth) more then 5000 mailusers, Apache, DNS(Bind), FTP, Samba. LAN/WAN security, VPN. Firewall tuning (shorewall, iptables). Juny 2003 - February 2005 Setup and support mail servers with Postfix MTA and LDAP (Spamassassin, ClamAV, OpenLDAP, SMTP auth). More the 10 000 mailusers. Huge MySQL database tuning, support. High raffic Apache web servers tuning. Network Security Auditing. Monitoring system (Munin). February 2005 - June 2006 Network management (packet analize, logs). Maintenance of security policies throughout the network. Design and implementation of a daily backup plan (rsnapshot). Sybase and PostgreSQL deployment/maintainence. Shell scripting (SED,AWK). June 2006 - August 2008 Responsible for network wide securit. Installed and maintained several load balancers. Wifi station and AP security. IBM Blade center virtualisation (Qemu, Vmware, Xen). Several DNS, LDAP, SMTP, SMTP-backup, POP3, Apache, High Availability (Hearbeat) servers setup, maintenance. Central monitoring system (Zabbix). CERTIFICATE: 1. Novell Certified Linux Professional 10 2. Linux technical specialist EDUCATION: 1.Informatics Bachelor's degree. Telecommute! mail: foreverterran(a)gmail.com

15 years, 7 months

1
0
0 / 0

← Newer
1
2
3
4
5
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

selinux September 2008