To remove these options from the list of available actions, create a PolicyKit file named 10-disable-suspend-hibernate.pkla (for example) with the following contents:

[Disable suspend]
Identity=unix-group:*
Action=org.freedesktop.devicekit.power.suspend;org.freedesktop.devicekit.power.hibernate
ResultAny=no
ResultInactive=no
ResultActive=no

and save it in the /var/lib/polkit-1/localauthority/50-local.d directory.

In VMWare Workstation 7.1.4 build-385536, I see this info with the modinfo command:

vermagic:       2.6.32-71.el6.x86_64 SMP mod_unload modversions

A workaround is to compile the vmmon module on EL 6.1.
Make sure you have kernel-devel installed that matches the running kernel.
Start as a user (not root):

(1) mkdir ~/vmsrc ; cd ~/vmsrc
(2) tar xvf /usr/lib/vmware/modules/source/vmmon.tar
(3) cd vmmon-only
(4) make [Note: this builds vmmon.ko]
(5) strip --strip-debug vmmon.ko [This is optional. Note the two dashes]
(6) su -
(7) cd /lib/modules/`uname -r`/misc
(8) mv vmmon.o vmmon.o.dist [Note: save the original just in case]
(9) cp /(path to user's home)/vmsrc/vmmon-only/vmmon.ko vmmon.o

That should do it!

There are two versions currently being maintained: the long-term kernel 2.6.35 and the latest stable line (2.6.37 as of this writing). Is the newer version better? Not really so. The first alarming sign came from Dag and the maintainer of kernel-ml, Alan. The Gnome power management did not operate correctly for their laptops with kernel-ml-2.6.36.

Alan recently noted that, the further away the LKA (Linux kernel archive) kernel becomes from the 2.6.18 kernel (which is the basis of EL5), the less likely a stable LKA kernel will be usable. In fact, on certain hardware, kernel-ml 2.6.35 runs fine whereas 2.6.37 does not [1,2].

Quoting Phil, “I see more “value” in the kernel-ml-2.6.35 offering. I agree that sooner or later you are likely to hit a point of diminishing returns, and perhaps you’ve already reached that point with the current kernel-ml-2.6.37.”

So, is this kernel too far ?

[1] http://lists.elrepo.org/pipermail/elrepo/2011-February/000473.html
[2] http://lists.elrepo.org/pipermail/elrepo/2011-March/000542.html

It is possible to disable it. Problem is … it is not easy to do it. The following command (one-liner) will disable the gdm greeter’s listing of users:

sudo -u gdm gconftool-2 --type bool --set /apps/gdm/simple-greeter \\
/disable_user_list true

By the way, you can see the set value by:

sudo -u gdm gconftool-2 --get /apps/gdm/simple-greeter/disable_user_list

Note that the command was run as gdm. Running the same gconftool-2 command as root would not work. Alternatively, you can modify the systemwide configuration. It will be just easy if you manually edit the file /etc/gconf/gconf.xml.defaults/%gconf-tree.xml and change the boolean for disable_user_list from false to true.

egrep '(vmx|svm)' --color=always /proc/cpuinfo

There was an intriguing post by pjwelsh in the CentOS forums . Apparently he has a VT-capable CPU but it did not show up in /proc/cpuinfo. When he tried Fedora, it was there.

When someone as knowledgeable as pjwelsh reports an issue, it really needs attention but the thread did not yield any answer.

Then more recently, a post that seemingly reports the same problem appeared in the Forums. It was time to do more investigation.

Turns out it was a known issue and there was an entry in the Red Hat bugzilla explaining how that happened.

As work for 5.5 we masked out a bunch more cpuid flags, one of which was vmxe. This has caused some confusion since many people are used to looking in /proc/cpuinfo for vmx in order to detect if the hardware is capable of virtualization. To avoid the confusion, we’ll bring it back. It does, however, open a door for a guest admin to shoot themselves in the foot (i.e. attempt to load the KVM module on a Xen guest, which will crash the guest). The svm flag for AMD machines is also brought back.

Hmmm, seems over-cleaning to me. The fix was applied as of kernel-2.6.18-194.17.1.el5.

When you attempt to connect to a remote machine using freenx, you might encounter this message:

The NX service is not available or the NX access was disabled on host XXX.

This is likely due to SELinux blocking the connection. If you are using QtNX, it just hangs without any message.  Here is how to solve the issue.

(1) Disable auditd.

service auditd stop

(2) Rename /var/log/audit/audit.log or move it somewhere else.

(3) Enable auditd

service auditd start

(4) Try connection from the client. It will fail. This writes the audit.log file.

(5) Generate SELinux policy rules from the log file and install it.

cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

(6) You can see the policy by reading the .te file.

cat freenx.te

module freenx 1.0;

require {
type nx_server_var_lib_t;
type sshd_t;
class file read;
}

#============= sshd_t ==============
allow sshd_t nx_server_var_lib_t:file read;

(7) Now, try connecting from the client again. It will fail again. Repeat the steps (1) to (5) using ‘freenx2′ instead of ‘freenx’.

(8) You will most likely need to repeat the process yet one more time until the connection finally succeeds. So, once again repeat the steps (1) to (5) but this time using ‘freenx3′ instead of ‘freenx’.

If you look at the policy files generated, you will find what was added by each action.


Search term  M/L Forums
============ === ======
install        0    25
installation   0     7
kernel         0    23
driver(s)      0    22
DNS            3    37
postfix       19    24
sendmail       5    30
selinux        0    23
apache         0    23
httpd          0    40
xen            3    33
kickstart      5    25
crash          2    21
panic          2    27


Google’s tendency to pick up forum posts rather than mailing list posts is much more obvious now than it was last year.  It looks as if Google is fond of the forums better than the mailing lists Or is it simply because there are more posts in the forums?

Regardless of the reason, what this means is that it is important to keep the quality of the forum contents high.  I would say that the current status is quite good; there are a number of forum regulars providing help.  Inappropriate replies, if they appear, get corrected by senior members.  Still, the forums can use more helping hands.  Why don’t you join in and make this CentOS help venue even better?

In the CentOS forums, things are a little more relaxed. After usual warnings, you will receive some (or even extensive) help. As someone put it in a recent post, “… but there are *some* situations, where it [custom kernel] is desirable (usage on notebooks with HW that’s not supported by native kernels – which is e.g. my case or curious minds of young and restless geeks etc. )”.

I am far from ‘young and restless’ and I am not a geek. However, I did compile the latest mainline kernel — in an attempt to help those encountering trouble with installing newer kernels. The error was “mount: could not find filesystem”. I could reproduce it on my CentOS system.

As always, Alan and Ned engaged their brains and we tried several things to find a solution. We were getting nowhere when vanecka posted a fix in this forum thread.

Fix:
Enable CONFIG_SYSFS_DEPRECATED_V2 in the kernel source configuration.
If you run “make menuconfig”, browse to:
General Setup —> enable deprecated sysfs features which may confuse old usersp, and enable this option.
—OR—
Edit your .config file with a text editor and add/modify entry:
CONFIG_SYSFS_DEPRECATED_V2=y

Genius! If you are interested in learning more details about this option, head for this web page.

Recently, it was reported that the centosplus kernel had a problem with certain versions of VMware products as seen in this CentOS forum thread.

Specifically, building the vmnet module on a host fails with the error:

/tmp/vmware-config2/vmnet-only/compat_netdevice.h:273: error: redefinition of ‘struct napi_struct’

Apparently, somewhere in the kernel source that was added in the centosplus kernel, there is that definition and it is conflicting with the VMware code.

It turned out that the problem exists in the VM guest as well: building of the vmxnet modules fails with the same error. The fix, in both cases, is to untar:

/usr/lib/vmware/modules/source/vmnet.tar (host)
/usr/lib/vmware-tools/modules/source/vmxnet.tar (guest)

and comment out the following block in compat_netdevice.h:

struct napi_struct {
    int dummy;
 };

More details can be found in the CentOS bug tracker.

Steve soon noticed that the machine consumed more power when it was running CentOS compared to when running Fedora. Turns out that, in CentOS, there is no per-core control — meaning when the system needs a higher processor power, all cores will shoot up to the maximum frequency. In Fedora, each core gets attenuated independently.

This issue was noted by a CentOS forum user, AlexAT, here. He not only reported it in the upstream bugzilla but came up with a fix later.

Using the patch provided by AlexAT, we built a kernel module kmod-powernow-k8 and released it through ELRepo. After installing kmod-powernow-k8, Steve saw that the system was now measured drawing ~110W at idle from the wall outlet, similar to the power consumption observed under Fedora 10 and under CentOS 4.7. So without kmod-powernow-k8 installed, the system was consuming ~40W (36%) more power at idle and the core temperature was running 8-10°C hotter than with kmod-powernow-k8 installed, making this a very environmentally friendly kmod.

So, if you have newer Opterons, the Phenoms or Phenoms II (or Kuma core Athlons X2), you should give this driver a try. Also, you would want a backported AMD K10 core temperature monitor driver module (kmod-k10temp) from ELRepo.

Let’s go green!