search for: sys_resource

Displaying 15 results from an estimated 15 matches for "sys_resource".

2008 Feb 29
1
error creating Centos 5.1 x32 dum_U instance on CentOS 5.1 x64
...t loader didn't return any data!") error: Failed to start domain vm03 /var/log/messages got filled with the following messages: stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: denied { sys_resource } for pid=2445 comm="xenstored" capability=24 scontext=system_u:system_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 tclass=capability Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2140): avc: denied { sys_resource } for pid=2445 comm="xenstored" capabi...
2008 Feb 29
2
error creating Centos 5.1 x32 dum_U instance on CentOS5.1 x64
...t; error: Failed to start domain vm03 > > > > /var/log/messages got filled with the following messages: > > stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 > tclass=capability > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: > denied { sys_resource } for pid=2445 comm="xenstored" capability=24 > scontext=system_u:system_r:xenstored_t:s0 > tcontext=system_u:system_r:xenstored_t:s0 tclass=capability > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2140): avc: > denied { sys_resource } for pid=2445 comm="xe...
2008 Feb 29
2
error creating Centos 5.1 x32 dum_U instance on CentOS5.1 x64
...t; error: Failed to start domain vm03 > > > > /var/log/messages got filled with the following messages: > > stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 > tclass=capability > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: > denied { sys_resource } for pid=2445 comm="xenstored" capability=24 > scontext=system_u:system_r:xenstored_t:s0 > tcontext=system_u:system_r:xenstored_t:s0 tclass=capability > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2140): avc: > denied { sys_resource } for pid=2445 comm="xe...
2019 Aug 21
2
RLIMIT_MEMLOCK in container environment
...d to manage qemu VMs represented as Kubernetes API resources. In this case, libvirtd is running inside an unprivileged pod, with some host mounts / capabilities added to the pod, needed by libvirtd and other services. One of the capabilities libvirtd requires for successful startup inside a pod is SYS_RESOURCE. This capability is used to adjust RLIMIT_MEMLOCK ulimit value depending on devices attached to the managed guest, both on startup and during hotplug. AFAIU the need to lock the memory is to avoid pages being pushed out from RAM into swap. In KubeVirt world, several libvirtd assumptions do not app...
2019 Aug 22
2
Re: RLIMIT_MEMLOCK in container environment
...I resources. In this case, libvirtd is running inside an > > unprivileged pod, with some host mounts / capabilities added to the > > pod, needed by libvirtd and other services. > > > > One of the capabilities libvirtd requires for successful startup > > inside a pod is SYS_RESOURCE. This capability is used to adjust > > RLIMIT_MEMLOCK ulimit value depending on devices attached to the > > managed guest, both on startup and during hotplug. AFAIU the need to > > lock the memory is to avoid pages being pushed out from RAM into swap. > > Libvirt shouldn'...
2008 Feb 29
0
error creating Centos 5.1 x32 dum_U instance on CentOS5.1x64
...> > > > > > > /var/log/messages got filled with the following messages: > > > > stem_r:xenstored_t:s0 tcontext=system_u:system_r:xenstored_t:s0 > > tclass=capability > > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2139): avc: > > denied { sys_resource } for pid=2445 comm="xenstored" capability=24 > > scontext=system_u:system_r:xenstored_t:s0 > > tcontext=system_u:system_r:xenstored_t:s0 tclass=capability > > Feb 29 10:36:59 gimbli kernel: audit(1204274218.949:2140): avc: > > denied { sys_resource } for pid=2...
2012 Jun 15
1
Puppet + Passenger SELinux issues
...1.7; require { type bin_t; type devpts_t; type httpd_t; type passenger_t; type port_t; type proc_net_t; class process { getattr siginh setexec sigchld noatsecure transition rlimitinh }; class unix_stream_socket { getattr accept read write }; class capability { sys_resource sys_ptrace }; class file { entrypoint open create relabelfrom relabelto getattr setattr read write append ioctl lock rename link unlink }; class lnk_file { getattr read }; class udp_socket name_bind; class dir { getattr setattr add_name remove_name search open read write ioctl lock...
2019 Aug 22
2
Re: RLIMIT_MEMLOCK in container environment
...unning inside an > >>> unprivileged pod, with some host mounts / capabilities added to the > >>> pod, needed by libvirtd and other services. > >>> > >>> One of the capabilities libvirtd requires for successful startup > >>> inside a pod is SYS_RESOURCE. This capability is used to adjust > >>> RLIMIT_MEMLOCK ulimit value depending on devices attached to the > >>> managed guest, both on startup and during hotplug. AFAIU the need to > >>> lock the memory is to avoid pages being pushed out from RAM into swap. >...
2019 Aug 22
0
Re: RLIMIT_MEMLOCK in container environment
...this case, libvirtd is running inside an >>> unprivileged pod, with some host mounts / capabilities added to the >>> pod, needed by libvirtd and other services. >>> >>> One of the capabilities libvirtd requires for successful startup >>> inside a pod is SYS_RESOURCE. This capability is used to adjust >>> RLIMIT_MEMLOCK ulimit value depending on devices attached to the >>> managed guest, both on startup and during hotplug. AFAIU the need to >>> lock the memory is to avoid pages being pushed out from RAM into swap. I recall successfu...
2019 Aug 24
1
Re: RLIMIT_MEMLOCK in container environment
...t; unprivileged pod, with some host mounts / capabilities added to the > >>>>> pod, needed by libvirtd and other services. > >>>>> > >>>>> One of the capabilities libvirtd requires for successful startup > >>>>> inside a pod is SYS_RESOURCE. This capability is used to adjust > >>>>> RLIMIT_MEMLOCK ulimit value depending on devices attached to the > >>>>> managed guest, both on startup and during hotplug. AFAIU the need to > >>>>> lock the memory is to avoid pages being pushed out f...
2019 Aug 22
0
Re: RLIMIT_MEMLOCK in container environment
...n >>>>> unprivileged pod, with some host mounts / capabilities added to the >>>>> pod, needed by libvirtd and other services. >>>>> >>>>> One of the capabilities libvirtd requires for successful startup >>>>> inside a pod is SYS_RESOURCE. This capability is used to adjust >>>>> RLIMIT_MEMLOCK ulimit value depending on devices attached to the >>>>> managed guest, both on startup and during hotplug. AFAIU the need to >>>>> lock the memory is to avoid pages being pushed out from RAM into sw...
2011 Nov 01
1
SELinux and SETroubleshootd woes in CR
..._write', 'secure_mode_insmod', 'kernel_modules', 'samba_export_all_ro', 'httpd_enable_ftp_server', 'allow_postfix_local_write_mail_spool', 'execute', 'privoxy_connect_any', 'use_nfs_home_dirs', 'allow_smbd_anon_write', 'sys_resource', 'allow_ftpd_use_cifs', 'connect_ports', 'swapfile', 'httpd_use_nfs', 'httpd_can_network_relay', 'allow_cvs_read_shadow', 'squid_connect_any', 'mounton', 'qemu_blk_image', 'user_tcp_server', 'restore_source_con...
2019 Aug 22
0
Re: RLIMIT_MEMLOCK in container environment
...ed as Kubernetes > API resources. In this case, libvirtd is running inside an > unprivileged pod, with some host mounts / capabilities added to the > pod, needed by libvirtd and other services. > > One of the capabilities libvirtd requires for successful startup > inside a pod is SYS_RESOURCE. This capability is used to adjust > RLIMIT_MEMLOCK ulimit value depending on devices attached to the > managed guest, both on startup and during hotplug. AFAIU the need to > lock the memory is to avoid pages being pushed out from RAM into swap. Libvirt shouldn't set RLIMIT_MEMLOCK by...
2023 Mar 28
0
dns_tkey_gssnegotiate: TKEY is unacceptable
...ax.com/scripts read only = No -------------------- /etc/hosts 127.0.0.1 localhost 192.168.2.3 compumaxdc03.thecompumax.com compumaxdc03 -------------------- /etc/apparmor.d/usr/sbin.named capability net_bind_service, capability setgid, capability setuid, capability sys_chroot, capability sys_resource, /etc/bind/** r, /var/lib/bind/** rw, /var/lib/bind/ rw, /var/cache/bind/** lrw, /var/cache/bind/ rw, # Database file used by allow-new-zones /var/cache/bind/_default.nzd-lock rwk, # gssapi /etc/krb5.keytab kr, /etc/bind/krb5.keytab kr, # gssapi /var/lib/sss/pubconf/krb5...
2019 May 15
1
Workstations cannot update DNS
> > > > *named.conf.options* > > > > options { > > > > directory "/var/cache/bind"; > > > > > > > > // If there is a firewall between you and nameservers you want > > > > // to talk to, you may need to fix the firewall to allow > > multiple > > > > // ports to talk.