From c601ab44ae48be4525e04e510ffb02d9b9ac5772 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Ba=C5=BEant?= Date: Fri, 16 Jun 2023 13:46:06 +0200 Subject: [PATCH 01/14] Fixed grub.conf option to GRUB_CMDLINE_LINUX --- xml/kernel_modules.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xml/kernel_modules.xml b/xml/kernel_modules.xml index e1ed1318ca..b9f97af10f 100644 --- a/xml/kernel_modules.xml +++ b/xml/kernel_modules.xml @@ -168,7 +168,7 @@ reboot To blacklist a kernel module permanently via GRUB, open the /etc/default/grub file for editing, and add the modprobe.blacklist=MODULE_NAME - option to the GRUB_CMD_LINUX command. Then run the + option to the GRUB_CMDLINE_LINUX command. Then run the sudo grub2-mkconfig -o /boot/grub2/grub.cfg command to enable the changes. From 6f99efadd094818ecf73a92fb4f836a4c66ce374 Mon Sep 17 00:00:00 2001 From: Daria Vladykina Date: Wed, 10 May 2023 13:32:18 +0200 Subject: [PATCH 02/14] Storage Guide: integrate proofing corrections --- xml/common_intro_available_doc.xml | 3 ++- xml/storage_lvm.xml | 4 ++-- xml/storage_multipath.xml | 34 +++++++++++++++--------------- xml/storage_nfs.xml | 2 +- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/xml/common_intro_available_doc.xml b/xml/common_intro_available_doc.xml index 9e12b85128..bb5f225723 100644 --- a/xml/common_intro_available_doc.xml +++ b/xml/common_intro_available_doc.xml @@ -35,7 +35,8 @@ Latest updates - The latest updates are usually available in the English-language version of this documentation. + The latest updates are usually available in the English-language + version of this documentation. diff --git a/xml/storage_lvm.xml b/xml/storage_lvm.xml index aebaa0b989..19e0d10a47 100644 --- a/xml/storage_lvm.xml +++ b/xml/storage_lvm.xml @@ -1037,8 +1037,8 @@ root's password: If there is an error on the LVM storage, the scanning of LVM volumes may - prevent entering the emergency/rescue shell. Thus, further problem diagnosis - is not possible. To disable this scanning in case of an LVM storage failure, + prevent the emergency/rescue shell from being entered. This makes further problem diagnosis + impossible. To disable this scanning in case of an LVM storage failure, you can pass the option on the kernel command line. diff --git a/xml/storage_multipath.xml b/xml/storage_multipath.xml index 18b7e2e1df..03944b7f11 100644 --- a/xml/storage_multipath.xml +++ b/xml/storage_multipath.xml @@ -104,7 +104,7 @@ An event sent by the kernel to user space and processed by the udev subsystem. Uevents are generated when devices - are added, removed, or change their properties. + are added or removed, or when they change their properties. @@ -555,10 +555,10 @@ The offline update of your system is similar to the fresh installation as described in . There is no - blacklist, thus if the user selects to enable multipath, + blacklist, so if the user selects to enable multipath, the root device will appear as a multipath device, even if it is normally - not. When dracut builds the initramfs during the update - procedure, it sees a different storage stack as it would see on the booted + not one. When dracut builds the initramfs during the update + procedure, it sees a different storage stack than it would see on the booted system. See and . @@ -1013,7 +1013,7 @@ multipath -T - Has a similar function as the multipath -t command + Has a similar function to the multipath -t command but shows only hardware entries matching the hardware detected on the host. @@ -1194,7 +1194,7 @@ We strongly recommend keeping multipathd.service always enabled and running on systems with multipath hardware. The service does support systemd's socket activation mechanism, but - it is discouraged to rely on that. Multipath maps will not be set up + we do not recommend that you rely on that. Multipath maps will not be set up during boot if the service is disabled. @@ -1451,7 +1451,7 @@ <filename>multipath.conf</filename> syntax The /etc/multipath.conf file uses a hierarchy of - sections, subsections, and option/value pairs. + sections, subsections and option/value pairs. @@ -1525,7 +1525,7 @@ section { multiple times. If the same option in the same section is set in multiple files, or on multiple lines in the same file, the last value takes precedence. Separate precedence rules - apply between multipath.conf sections, see below. + apply between multipath.conf sections. See below. @@ -2370,7 +2370,7 @@ defaults { By default, multipath-tools ignores all devices - except SCSI, DASD, or NVMe. Technically, the built-in devnode exclude list + except SCSI, DASD or NVMe. Technically, the built-in devnode exclude list is this negated regular expression: devnode !^(sd[a-z]|dasd[a-z]|nvme[0-9]) @@ -2379,7 +2379,7 @@ defaults { The <literal>blacklist exceptions</literal> section in <filename>multipath.conf</filename> - Sometimes it is desired to configure only very specific devices for + Sometimes, it is desired to configure only very specific devices for multipathing. In this case, devices are excluded by default, and exceptions are defined for devices that should be part of a multipath map. The blacklist_exceptions section exists for this purpose. It @@ -2474,7 +2474,7 @@ blacklist_exceptions { time for additional paths with the same WWID to appear. If this happens, the multipath map is set up as usual. Otherwise, when the timeout expires, the single device is released to the system as - non-multipath device. The timeout is configurable with the option + a non-multipath device. The timeout is configurable with the option . @@ -2552,7 +2552,7 @@ blacklist_exceptions { multipathd and multipath internally use WWIDs to identify devices. WWIDs are also used as map names by default. For convenience, multipath-tools supports assigning - simpler, easier memorizable names to multipath devices. + simpler, more easily memorizable names to multipath devices. @@ -2562,8 +2562,8 @@ blacklist_exceptions { represent paths to the same storage volume. multipath-tools uses the device's World Wide Identification (WWID) for this purpose (sometimes also referred to as - Universally Unique ID (UUID) or Unique ID (UID — do not confuse with - “User ID”). The WWID of a map device is always the same as the + Universally Unique ID (UUID) or Unique ID (UID—do not confuse with + “User ID”)). The WWID of a map device is always the same as the WWID of its path devices. @@ -3155,7 +3155,7 @@ size=64G features='3 queue_if_no_path pg_init_retries 50' The status of the path group (active, - enabled, or disabled). The active + enabled or disabled). The active path group is the one that I/O is currently sent to. @@ -3444,7 +3444,7 @@ size=64G features='3 queue_if_no_path pg_init_retries 50'Switching root.") and - for messages about SCSI devices, device mapper, multipath, and LVM2. Look + for messages about SCSI devices, device mapper, multipath and LVM2. Look for systemd messages about devices and file systems ("Found device…", "Mounting…", "Mounted…"). diff --git a/xml/storage_nfs.xml b/xml/storage_nfs.xml index 0aa8a12c03..2ddea99c91 100644 --- a/xml/storage_nfs.xml +++ b/xml/storage_nfs.xml @@ -256,7 +256,7 @@ ignore the "Firewall not configurable" message and continue. - When configuring &firewalld; rules, add nfs or + When configuring &firewalld; rules, add the nfs or nfs service with the port value of 2049 for both TCP and UDP. Also add the mountd service with the port value of 20048 for both TCP and UDP. From 60b395c3e8f9fb941b10c6df3318a1592672807d Mon Sep 17 00:00:00 2001 From: Tanja Roth Date: Tue, 20 Jun 2023 16:22:08 +0200 Subject: [PATCH 03/14] doc-kit run (fetch updates) --- doc-kit.conf | 2 +- xml/common_intro_available_doc.xml | 3 +-- xml/common_intro_support.xml | 4 ++-- 3 files changed, 4 insertions(+), 5 deletions(-) diff --git a/doc-kit.conf b/doc-kit.conf index 6eb184652b..f4efbc1c6e 100644 --- a/doc-kit.conf +++ b/doc-kit.conf @@ -6,7 +6,7 @@ file: c6b4745307e90c9b88905b434cbbaddc54e4541b .editorconfig file: 47e64cba1ddfdfa57fec4da6591e7259ac38afb5 xml/generic-entities.ent file: a79a3bc929478668955564bab48aecc8502555f6 xml/network-entities.ent file: 877a69c29d30bd89aa36d79dd96c72dbde4a0ed8 xml/common_intro_available_doc.xml -file: 2024e3be75c45cf26a2b076eee30c697a6e819a1 xml/common_intro_support.xml +file: 6b82b8fa32f3c8cd8c76e804e420ae4a9312ec27 xml/common_intro_support.xml file: 578bc097d6cb4ef8aa08dbf4f1bf4400cae124f6 xml/common_intro_convention.xml file: fcb8648dbfbe5a036547347e2affbeb353622162 xml/common_intro_feedback.xml file: 1c8497ffe563b59832de4b0e106082aa4932a528 xml/common_copyright_gfdl.xml diff --git a/xml/common_intro_available_doc.xml b/xml/common_intro_available_doc.xml index bb5f225723..9e12b85128 100644 --- a/xml/common_intro_available_doc.xml +++ b/xml/common_intro_available_doc.xml @@ -35,8 +35,7 @@ Latest updates - The latest updates are usually available in the English-language - version of this documentation. + The latest updates are usually available in the English-language version of this documentation. diff --git a/xml/common_intro_support.xml b/xml/common_intro_support.xml index 392bb554a6..5b53cdb2bb 100644 --- a/xml/common_intro_support.xml +++ b/xml/common_intro_support.xml @@ -36,7 +36,7 @@ Support statement for &productname; To receive support, you need an appropriate subscription with &suse;. - To view the specific support offerings available to you, go to + To view the specific support offers available to you, go to and select your product. @@ -59,7 +59,7 @@ Problem isolation, which means technical support designed to analyze - data, reproduce customer problems, isolate problem area and provide a + data, reproduce customer problems, isolate a problem area and provide a resolution for problems not resolved by Level 1 or prepare for Level 3. From f22e82f595e1ad7320a548bc1ea98d5c09d956a4 Mon Sep 17 00:00:00 2001 From: Amrita Sakthivel Date: Wed, 21 Jun 2023 15:51:25 +0530 Subject: [PATCH 04/14] JSC#DOCTEAM-1020-adds sudo and format --- xml/security_ldap_install.xml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/xml/security_ldap_install.xml b/xml/security_ldap_install.xml index e41c04015b..76fdf87b52 100644 --- a/xml/security_ldap_install.xml +++ b/xml/security_ldap_install.xml @@ -242,7 +242,7 @@ Instance "LDAP1" is running &prompt.sudo;dsctl LDAP1 remove Not removing: if you are sure, add --do-it -&prompt.sudo;dsctl LDAP1 remove --do-it +&prompt.sudo;dsctlLDAP1 remove --do-it This command also removes partially installed or corrupted instances. You can reliably create and remove instances as often as you want. @@ -253,7 +253,7 @@ Not removing: if you are sure, add --do-it If you forget the name of your instance, use dsctl to list all instances: -&prompt.user;dsctl -l +&prompt.user;sudo dsctl -l slapd-LDAP1 @@ -271,13 +271,13 @@ slapd-LDAP1 The following example prints the template to stdout: -&prompt.user;dscreate create-template +&prompt.user;sudo dscreate create-template This is good for a quick review of the template, but you must create a file to use in creating your new &ds389; instance. You can name this file anything you want: -&prompt.user;dscreate create-template TEMPLATE.txt +&prompt.user;sudo dscreate create-template TEMPLATE.txt This is a snippet from the new file: From 0bf38403e6fb7716a2aa1ee09a1d8904b59673de Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Ba=C5=BEant?= Date: Mon, 26 Jun 2023 10:34:29 +0200 Subject: [PATCH 05/14] Remove python-libteam package from docs (#1540) --- xml/net_teaming.xml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/xml/net_teaming.xml b/xml/net_teaming.xml index 9e2ef70b09..ce5984fa6e 100644 --- a/xml/net_teaming.xml +++ b/xml/net_teaming.xml @@ -184,11 +184,8 @@ General procedure - Make sure you have all the necessary packages installed. Install the - packages - libteam-tools, - libteamdctl0, and - python-libteam. + Verify that the required packages libteam-tools and + libteamdctl0 are installed. From d415af0a2cabbd1a356f2d241c84e0a2979b471e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Ba=C5=BEant?= Date: Mon, 26 Jun 2023 12:32:31 +0200 Subject: [PATCH 06/14] Added example for proxy setting (bsc#1209293) --- xml/rmt_config_files.xml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/xml/rmt_config_files.xml b/xml/rmt_config_files.xml index 6c5886a929..7784fba1a8 100644 --- a/xml/rmt_config_files.xml +++ b/xml/rmt_config_files.xml @@ -75,7 +75,8 @@ proxy - The proxy server URL. + The proxy server URL including the protocol and the port number. For + example: http://proxy_url:8080. @@ -83,7 +84,9 @@ noproxy - A list of domains that should NOT go through the proxy, separated by commas. Example: "localhost,.mylocaldomain" + A list of domains that should not go through the + proxy, separated by commas. For example: + localhost,.mylocaldomain. From 04a711749207cb47192b1a2cecf94e30b135429f Mon Sep 17 00:00:00 2001 From: Christoph Wickert Date: Mon, 26 Jun 2023 12:47:59 +0200 Subject: [PATCH 07/14] Fix instructions to install libteam-tools (#1540, BSC#1212159) --- xml/net_teaming.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xml/net_teaming.xml b/xml/net_teaming.xml index ce5984fa6e..fcff9f72d3 100644 --- a/xml/net_teaming.xml +++ b/xml/net_teaming.xml @@ -184,9 +184,9 @@ General procedure - Verify that the required packages libteam-tools and - libteamdctl0 are installed. + Install the package libteam-tools: +&prompt.sudo;zypper in libteam-tools From ab2a258df9c5dd65ff69e977c1ceffdbf8a30812 Mon Sep 17 00:00:00 2001 From: Tanja Roth Date: Tue, 4 Jul 2023 16:50:54 +0200 Subject: [PATCH 08/14] Merge pull request #1511 from SUSE/taroth/firewalld firewall: add note (bsc#1206320) (cherry picked from commit f61e722371e3e8d160e50cac4ca48771125c514e) --- xml/security_firewall.xml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/xml/security_firewall.xml b/xml/security_firewall.xml index 2905db28bf..52b9a8331a 100644 --- a/xml/security_firewall.xml +++ b/xml/security_firewall.xml @@ -401,6 +401,16 @@ creating custom iptables rules, and limits zone creation and customization to selecting services and ports. + + Changing settings in running mode + + &yast; respects the settings in /etc/firewalld/firewalld.conf, + where the default value for is set to + no. Therefore, &yast; does not change settings in running mode. + For example, if you have assigned an interface to a different zone with &yast;, + restart the firewalld daemon for the change to take effect. + + From 7530755b5e275c56f04bc601b4e4df7dfa59ded0 Mon Sep 17 00:00:00 2001 From: Christoph Wickert Date: Fri, 7 Jul 2023 14:56:20 +0200 Subject: [PATCH 09/14] Deployment/Install: Explain wicked vs. NetworkManager (BSC#1213130) NetworkManager is not supported for server installations --- xml/art_installation-sleds.xml | 16 +++++++++++++--- xml/deployment_yast_installer.xml | 26 ++++++++++++++++++-------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/xml/art_installation-sleds.xml b/xml/art_installation-sleds.xml index 9843c763e2..bd4a613cd4 100644 --- a/xml/art_installation-sleds.xml +++ b/xml/art_installation-sleds.xml @@ -941,10 +941,20 @@ disk: - Displays the current network configuration. Click - Network Configuration to change the settings. For - details, see . + Displays the current network configuration. By default, wicked is used + for server installations and &nm; for desktop workloads. Click + Network Configuration to change the settings. For details, see + . + + Support for &nm; + + &suse; only supports &nm; for desktop workloads with &sleda; or the Workstation extension. + All server certifications are done with wicked as the network + configuration tool, and using &nm; may invalidate them. &nm; is not supported by &suse; for + server workloads. + + diff --git a/xml/deployment_yast_installer.xml b/xml/deployment_yast_installer.xml index f95163b4f4..c6c93c3693 100644 --- a/xml/deployment_yast_installer.xml +++ b/xml/deployment_yast_installer.xml @@ -2495,14 +2495,24 @@ sle-live-patching 8c541494 This category displays the current network settings, as automatically configured after booting into the installation (see ) or as manually - configured from the Registration or - Add-On Product dialog during the respective steps of - the installation process. If you want to check or adjust the network settings - at this stage (before performing the installation), click - Network Configuration. This takes you to the &yast; - Network Settings module. For details, see - . - + configured during the installation process. By default, + wicked is used for server installations and &nm; for desktop workloads. + + + If you want to check or adjust the network settings, click + Network Configuration. This takes you to the &yast; + Network Settings module. For details, see + . + + + Support for &nm; + + &suse; only supports &nm; for desktop workloads with &sleda; or the Workstation extension. + All server certifications are done with wicked as the network + configuration tool, and using &nm; may invalidate them. &nm; is not supported by &suse; for + server workloads. + + <guimenu>Kdump</guimenu> From e400162a309a668aa0bead7a5e2ca8949c1811f7 Mon Sep 17 00:00:00 2001 From: Amrita Sakthivel Date: Mon, 10 Jul 2023 11:15:03 +0530 Subject: [PATCH 10/14] Security Guide: replaces support with consulting (#1527) * JSC#DOCTEAM-661 replaces support with consulting * implement review feedback * implement style changes --- xml/selinux.xml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/xml/selinux.xml b/xml/selinux.xml index 13f2caf960..5c853cc882 100644 --- a/xml/selinux.xml +++ b/xml/selinux.xml @@ -299,9 +299,11 @@ system_u:object_r:var_t var The policy is an essential component of &selnx;. &productname; &productnumber; does not include a default policy, and you must build a - policy that is customized for your installation. &selnx; policies - should be customized for your particular needs; consult your &suse; - support engineer for assistance. + policy that is customized for your installation. + &selnx; policies should be customized for your particular needs. Contact &suse; + consulting services for assistance. + We recommend slemicro for customers and partners who are looking for a containerized or virtualized + host with full &selnx; support, including a supported policy. For testing purposes you can obtain policies from From 7ebefa6c7a4cf9675ef3839e4de4d369f41e6e34 Mon Sep 17 00:00:00 2001 From: Amrita Sakthivel Date: Wed, 12 Jul 2023 23:34:10 +0530 Subject: [PATCH 11/14] cherry pick of approved content (#1549) --- xml/security_ldap_ca.xml | 91 ++++++++++++++++++++-------------------- 1 file changed, 46 insertions(+), 45 deletions(-) diff --git a/xml/security_ldap_ca.xml b/xml/security_ldap_ca.xml index 6fce5b4713..336839612e 100644 --- a/xml/security_ldap_ca.xml +++ b/xml/security_ldap_ca.xml @@ -5,15 +5,15 @@ %entities; ]> - Importing TLS server certificates and keys - You can manage your CA certificates and keys for &ds389; with the following - command line tools: certutil, openssl, and + You can manage your CA certificates and keys for &ds389; with the following + command line tools: certutil, openssl, and pk12util. @@ -23,62 +23,63 @@ /etc/dirsrv/slapd-INSTANCE-NAME/ca.crt. - For production environments, it is a best practice to use a third-party - certificate authority, such as Let's Encrypt, CAcert.org, SSL.com, or - whatever CA you choose. Request a server certificate, a client + For production environments, it is a best practice to use a third-party + certificate authority, such as Let's Encrypt, CAcert.org, SSL.com, or + whatever CA you choose. Request a server certificate, a client certificate, and a root certificate. - - Before you can import an existing private key and certificate into the NSS - database, you need to create a bundle of the private key and the server - certificate. This results in a *.p12 - file. - - <filename>*.p12</filename> file and friendly name - - When creating the PKCS12 bundle, you must encode Server-Cert - as the friendly name in the *.p12 file. - Otherwise the TLS connection will fail, because the &ds389; searches for - this exact string. - - The friendly name cannot be changed after you - import the *.p12 file into the NSS - database. + The Mozilla NSS (Network Security Services ) toolkit uses nicknames for certificates in the certificate store. + The server certificate uses the nickname Server-Cert. - + - Use the following command to create the PKCS12 bundle with the required friendly name: + Use the following commands to remove the Self-Signed-CA and Server-Cert from the instance: -&prompt.sudo;openssl pkcs12 -export -in SERVER.crt \ --inkey SERVER.key \ --out SERVER.p12 -name Server-Cert +&prompt.sudo;dsctl INSTANCE_NAME tls remove-cert Self-Signed-CA +&prompt.sudo;dsctl INSTANCE_NAME tls remove-cert Server-Cert + + + - Replace SERVER.crt with the server certificate - and SERVER.key with the private key to be bundled. - Use to specify the name of the *.p12 - file. Use to set the friendly name, which must be - Server-Cert. + Replace INSTANCE_NAME with the instance name of the directory server. + This is LDAP1 in the previous sections. - Before you can import the file into the NSS database, you need to - obtain its password. The password is stored in the - pwdfile.txt file in the - /etc/dirsrv/slapd-INSTANCE-NAME/ directory. + Import the CA that has signed your certificate. + &prompt.sudo;sudo dsctl INSTANCE_NAME tls import-ca + /path/to/CA/in/PEM/format/CA.pem NICKNAME_FOR_CA + + +Replace INSTANCE_NAME with the instance name of the directory server. +Replace /path/to/CA/in/PEM/format/CA.pem with the full path to the CA certificate file in the PEM format. +Replace NICKNAME_FOR_CA with a nickname for the CA. - Now import the SERVER.p12 file - into your &ds389a; NSS database: + Import the server certificate and the key for the certificate. - &prompt.sudo;dsctl INSTANCE_NAME tls remove-cert Self-Signed-CA -&prompt.sudo;pk12util -i SERVER.p12 -d /etc/dirsrv/slapd-INSTANCE-NAME/cert9.db - + &prompt.sudo;dsctl INSTANCE_NAME tls import-server-key-cert + /path/to/SERVER.pem /path/to/SERVER.key + + Replace INSTANCE_NAME with the instance name of the directory server. +Replace /path/to/SERVER.pem with the full path to the server certificate in PEM format. +Replace /path/to/SERVER.key with the full path to the server certificate key file in the PEM format. + + + + + Restart the instance so that the new certificates are used. + + &prompt.sudo;systemctl restart dirsrv@INSTANCE-NAME..service + +Replace INSTANCE_NAME with the instance name of the directory server. + - \ No newline at end of file + From 031568372e1d7f8b0f1b653326102b6af8a4ea28 Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Tue, 25 Jul 2023 17:11:18 +0530 Subject: [PATCH 12/14] Adding example for kexec fixed an extra space in the command Fixed the remark Editorial fixes based on Tanja's suggestion Additional style fixes --- xml/tuning_kexec.xml | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/xml/tuning_kexec.xml b/xml/tuning_kexec.xml index 2da8b70451..cd825043a1 100644 --- a/xml/tuning_kexec.xml +++ b/xml/tuning_kexec.xml @@ -112,7 +112,11 @@ &kexec; internals - + ssarkar 07-25-2023: + We can reinforce the existing content with material from https://wiki.archlinux.org/title/kexec, + especially from the systemd-boot and troubleshooting sections. Perhaps it is better to take it up + when writing smart docs on these topics. + The most important component of &kexec; is the /sbin/kexec command. You can load a kernel with &kexec; @@ -188,6 +192,14 @@ /proc/cmdline) more_options". + + For example, to load the /boot/vmlinuz-5.14.21-150500.53-default kernel image + with the command line of the currently running production kernel and the + /boot/initrd file, run the following command: + +&prompt.root; kexec -l /boot/vmlinuz-5.14.21-150500.53-default \ + --append="$(cat /proc/cmdline)" --initrd=/boot/initrd + You can always unload the previously loaded kernel. To unload a kernel that was loaded with the option, use the From ec8df8be92e2791785e9a46cdd7c5fcb836c209b Mon Sep 17 00:00:00 2001 From: Souvik Sarkar Date: Tue, 25 Jul 2023 17:58:44 +0530 Subject: [PATCH 13/14] Added command to find the current number of LUNs --- xml/tuning_kexec.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xml/tuning_kexec.xml b/xml/tuning_kexec.xml index cd825043a1..a9757d367b 100644 --- a/xml/tuning_kexec.xml +++ b/xml/tuning_kexec.xml @@ -311,9 +311,11 @@ MaxHigh: 45824 The maximum number of LUN kernel paths that you expect to ever create on the computer. Exclude multipath devices from this number, as these - are ignored. + are ignored. To get the current number of LUNs available on your + system, run the following command: + &prompt.user; cat /proc/scsi/scsi | grep Lun | wc -l From 33cf01f91f5999202db2957eb2c58374db67f5ea Mon Sep 17 00:00:00 2001 From: Amrita Sakthivel Date: Thu, 27 Jul 2023 11:32:36 +0530 Subject: [PATCH 14/14] adds the correct path (#1559) --- xml/selinux.xml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/xml/selinux.xml b/xml/selinux.xml index 5c853cc882..f6b569808b 100644 --- a/xml/selinux.xml +++ b/xml/selinux.xml @@ -1026,14 +1026,12 @@ gen_context(system_u:object_r:httpd_modules_t,s0) &prompt.sudo;systemctl enable auditd - In - - you can see a partial example of the contents of - /var/log/audit/audit.log + You can see a partial example of the contents of + /var/log/audit/audit.log below: - Example lines from <filename>/etc/audit/audit.log</filename> + Example lines from <filename>/var/log/audit/audit.log</filename> type=DAEMON_START msg=audit(1348173810.874:6248): auditd start, ver=1.7.7 format=raw kernel=3.0.13-0.27-default auid=0 pid=4235 subj=system_u:system_r:auditd_t res=success type=AVC msg=audit(1348173901.081:292): avc: denied { write } for pid=3426 comm="smartd" name="smartmontools" dev=sda6 ino=581743 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_lib_t tclass=dir type=AVC msg=audit(1348173901.081:293): avc: denied { remove_name } for pid=3426 comm="smartd" name="smartd.WDC_WD2500BEKT_75PVMT0-WD_WXC1A21E0454.ata.state~" dev=sda6 ino=582390 scontext=system_u:system_r:fsdaemon_t tcontext=system_u:object_r:var_lib_t tclass=dir