#acl PaulHowarth:read,write,admin,revert,delete All:read === Tuesday 25th July 2006 === ==== Local Packages ==== * Updated `mod_fastcgi` so that it'll build on Fedora Core (development), which doesn't have the `/etc/httpd/build` symlink ==== Fedora QA ==== * Created buildreq bugs-with-fixes for [[RedHatBugzilla:200076|kanatest]], [[RedHatBugzilla:200078|kdissert]], [[RedHatBugzilla:200088|leafpad]], [[RedHatBugzilla:200090|librx]], [[RedHatBugzilla:200104|libtabe]], [[RedHatBugzilla:200114|libtomoe-gtk]], and [[RedHatBugzilla:200120|licq]] ==== Crash Recovery ==== My firewall/web server box crashed mysteriously for the second time in two weeks. Still haven't figured out what's going on with that. Anyway, some issues cropped up during the reboot. Firstly, the `ldap` service didn't start because the Berkeley DB backend was in a broken state and needed recovering: {{{ # slapd_db_recover -v -h /var/lib/ldap Finding last valid log LSN: file: 1 offset 4530737 Recovery starting from [1][2795526] Recovery complete at Tue Jul 25 18:49:15 2006 Maximum transaction ID 8000054d Recovery checkpoint [1][4532387] # service ldap start Checking configuration files for slapd: bdb_db_open: unclean shutdown detected; attempting recovery. bdb_db_open: Recovery skipped in read-only mode. Run manual recovery if errors are encountered. config file testing succeeded [ OK ] Starting slapd: [ OK ]}}} I also found a useful page on the `openldap` [[http://www.zytrax.com/books/ldap/ch6/bdb.html|BDB backend]], and I decided to add a `checkpoint` directive to `slapd.conf`: {{{ database bdb # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /var/lib/ldap # check point whenever 128k data bytes written or # 15 minutes has elapsed whichever occurs first checkpoint 128 15 # Indices to maintain for this database index objectClass eq,pres index ou,cn,mail,surname,givenname eq,pres,sub index uidNumber,gidNumber,loginShell eq,pres index uid,memberUid eq,pres,sub index nisMapName,nisMapEntry eq,pres,sub index displayName eq,pres,sub index marker eq,pres,sub}}} Next up, the `/var/spool/bacula` fileystem where I have my `bacula` storage daemon write backups to before I write them DVD didn't get nounted at reboot. This was an SELinux issue: {{{ type=AVC msg=audit(1153848704.795:345): avc: denied { mounton } for pid=1829 comm="mount" name="bacula" dev=dm-4 ino=1146906 scontext=system_u:system_r:mount_t:s0 tcontext=user_u:object_r:var_spool_t:s0 tclass=dir type=SYSCALL msg=audit(1153848704.795:345): arch=40000003 syscall=21 success=no exit=-13 a0=98a70b8 a1=98a70d0 a2=98a3058 a3=c0ed0001 items=1 pid=1829 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="mount" exe="/bin/mount" subj=system_u:system_r:mount_t:s0 type=AVC_PATH msg=audit(1153848704.795:345): path="/var/spool/bacula" type=CWD msg=audit(1153848704.795:345): cwd="/" type=PATH msg=audit(1153848704.795:345): item=0 name="/var/spool/bacula" inode=1146906 dev=fd:04 mode=040755 ouid=0 ogid=0 rdev=00:00 obj=user_u:object_r:var_spool_t:s0}}} The problem was that the `/var/spool/bacula` directory on the root filesystem (i.e. the mount point) had the default file context type for that location of `mount_t`, and the initscripts weren't allowed to mount anything there (though mounting it manually works fine of course, since that is an unconfined operation). The fix is simple: {{{ # chcon -t mnt_t /var/spool/bacula # service netfs restart Mounting other filesystems: [ OK ] # df /var/spool/bacula Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/VgExtra-Bacula 46445552 30978788 13107532 71% /var/spool/bacula}}} There were more SELinux denials but I didn't have time to look at them today. ----