After shutting off SELinux since it first appeared on my desktop in Fedora Core 2, I figured that I should give it a try. It seems important enough that Red Hat turn it on by default, so I left it on. After all, with Xen I will be running a separate virtual machine for each service, so it should not be to complicated.
I set up named and immediately ran into trouble with named giving a permission denied error on the file /etc/named.conf. I confirmed was caused by SELinux by disabling it and named started just fine. I had better do some reading. I started with this article in Red Hat Magazine which is simple enough to understand what SELinux is doing. It shows a tool called system-config-selinux which lets you fix this kind of thing. I installed the package that provides it, policycoreutils-gui, and 44 other dependencies! I only had 350 RPMs to start with so this kind of shocked me. Then when I tried to run it it said it "could not open display". I am connected using ssh -X so it should work. I guess if I can't use it over ssh then it is no use to me. There are command line tools (audit2allow and semodule) that I will have to investigate at some point.
It turned out that my problem was that I copied my files to that server and then moved them into place. SELinux gets its knickers in a knot about that. By deleting them and then copying them everything was fine. So, I am now happily using SELinux on my DNS server.
Thursday, June 14, 2007
Wednesday, June 13, 2007
Xen Virtualization on CentOS 5
I have been playing with Xen virtualization on CentOS 5 (a free clone of RHEL5). This is the easiest Xen system that I have used yet. I am satisfied enough with it that I am planning to deploy it on my next server. I have only deployed CentOS5 VMs so I don't know how easy it would be with other distributions.
It does require a lot of memory. I have 2.25 Gigs and I am running 4 VMs without any problems so far. Of course, I have not started to work them but my needs are not that high. Two of my VMs are going to be DNS name servers. Right now I have them running in 256 Megs of RAM and they are using 74 Megs. I may try reducing them to 128 Megs to see if they start swapping. DNS is pretty lightweight, though, so I expect it will be okay.
It does require a lot of memory. I have 2.25 Gigs and I am running 4 VMs without any problems so far. Of course, I have not started to work them but my needs are not that high. Two of my VMs are going to be DNS name servers. Right now I have them running in 256 Megs of RAM and they are using 74 Megs. I may try reducing them to 128 Megs to see if they start swapping. DNS is pretty lightweight, though, so I expect it will be okay.
Subscribe to:
Posts (Atom)