Welcome to my website. I am always posting links to photo albums, art, technology and other creations. Everything that you will see on my numerous personal sites is powered by the formVistaTM Website Management Engine.

icon.linkedin.jpgicon.twitter.jpg

  • Subscribe to this RSS Feed
  • How to See SELinux Denials That Do Not Show In the audit.log
    07/20/2017 4:43PM
    Or, otherwise know as: SELinux and Silent Denials.

    Sometimes when troubleshooting SELinux issues, you will have added new policies for each of the denial causes written to the audit.log, but SELinux will still be denying access . . . and not giving you any further information about it in the audit.log.

    Various processes often execute additional system calls that are above an beyond what they need to do for normal operation.  Many of them are blocked, and in order to keep filling the audit.log with harmless denials they are silently dropped.  These are defined by a set of dontaudit rules.

    In order to temporarily disable them, issue the following command as root

    # semodule -DB

    The -D option disables dontaudit rules and the B option will rebuild the policy.  After this runs, you should see additional information in the auditlog and with that information use audit2allow -i input-file -M output-file to build your .te and .pp files.

    After debugging is complete run the following to re-enable the dontaudit rules.

    # semodule -B
  • Mounting a Samba Share From Linux Client to Linux Samba Server
    06/02/2017 10:49PM

    In order to be able to access a Samba share on a remote client as a mounted file system execute the following command, as root on the client:

    mount -t cifs -o user=<user-on-samba-share>,uid=<uid-on-local-macheine>,gid=<gid-on-local-machine>,rw,workgroup=<your-workgroup> //ip/share /mnt/mount-point-dir

    You will be prompted for the password for the user defined on the Samba server.

    If you are able to authenticate, and then get the following error:

    ls: reading directory .: Permission denied

    Check the SELinux context type of the directory on the samba share.  It should be samba_share_t

  • Mocking Static Methods That Return void in Java
    05/11/2017 9:29AM
    This is one of those things that I tend to do on a regular basis . . . but unfortunately don't remember the details each time, so I am adding it for future reference.

    Often, developers will want to mock static methods that return void.  The Mockito and PowerMockito frameworks provide for this, but the syntax isn't immediately obvious.

    Following is an example.


    public class SomeClass {
        public static void doSomething(String arg1, int arg2) {
            // Method that does something...
        }
    }


    import org.junit.Test;
    import org.junit.runner.RunWith;
    import org.mockito.Mockito;
    import org.powermock.api.mockito.PowerMockito;
    import org.powermock.core.classloader.annotations.PowerMockIgnore;
    import org.powermock.core.classloader.annotations.PrepareForTest;
    import org.powermock.modules.junit4.PowerMockRunner;

    /*
     * The RunWith and PrepareForTest annotations are following annotations are
     * necessary to mock the static methods in the SomeClass class. The RunWith
     * enables the class to be run via PowerMock, and the PrepareForTest is an array
     * of the classes with static members that we want to mock.
     *
     * The PowerMockIgnore annotation tells PowerMock to defer the loading of
     * classes with the names supplied to the system classloader.  This will vary
     * depending on the dependency tree that you are using/testing.  It is also
     * not necessary, but here for example purposes.
     */
    @RunWith(PowerMockRunner.class)
    @PowerMockIgnore({
        "javax.management.*",
        "javax.net.ssl.*",
        "org.apache.log4j.*"
    })
    @PrepareForTest({ StatsClass.class })
    public class SomeTestClass {

        @Test
        public void shouldDoSomethingExpected() throws Exception {

            // Set up the SomeClass's static members for mocking
            PowerMockito.mockStatic(SomeClass.class);

            // Configure the mock for the method in question.
            // The following syntax is what is key here
            PowerMockito.doNothing()
                .when(SomeClass.class, "doSomething", Mockito.anyString(), Mockito.anyInt());
        }
    }

  • Solution for Executing Native Process from Java that Requires sudo
    12/22/2016 9:52AM

    If you are building a Java program that requires the ability to execute native commands on the machine which require sudo it requires some additional considerations other than just writing the Java code.

    The problem is that sudo, by default, requires a tty for executing sudo such that a password can entered.  Even if you configure sudoers to grant NOPASSWD access to a specific command you will still get the following error

    sudo: sorry, you must have a tty to run sudo

    In my case, I was writing a set of integration tests in Java that needed to be able to start and stop a service to run a test.

    I settled on adding an additional sudoers config file in /etc/sudoers.d.  This ended up be the cleanest and most encapsulated change that did not then require any special considerations in the Java code.

    The change simply involved adding a file with the following contents to /etc/sudoers.d which indicates that running sudo for the rchapin user does NOT require a tty and then grants access to the specific commands.

    Defaults:rchapin !requiretty
    rchapin ALL=(root) NOPASSWD: /bin/systemctl stop rabbitmq-server.service
    rchapin ALL=(root) NOPASSWD: /bin/systemctl start rabbitmq-server.service

  • [SOLVED] Ambari There are no DataNodes to do rolling restarts when there are DataNodes that do need a restart
    09/16/2016 11:17AM

    When maintaining a Hadoop cluster, you will need to restart various service from time-to-time when/if you update Hadoop configurations.

    I ran into a problem today with Ambari where I wanted to do a rollling restart of all of my DataNodes, but when I clicked on the "Restart DataNodes" entry in the "Restart" drop down the dialog indicated "There are no DataNodes to do rolling restarts".

    ambari_qa_incorrect_dn_restart_dialog.png

    This was clearly incorrect.

    ambari_qa_datanode_restart_alert.png

    It did not take me too long to figure out that I had already put HDFS into Maintenance Mode.  As a result, Ambari does not see that there are any DataNodes that need to be restarted.

    Taking HDFS out of Maintenance mode allowed me to then execute a rolling restart through Ambari.

Advanced Search

Categories

Archives