# The mydomain parameter specifies the local internet domain name.
# The default is to use $myhostname minus the first component.
# $mydomain is used as a default value for many other configuration
# parameters.
#
#mydomain = domain.tld
mydomain = adosakana.local
# SENDING MAIL
#
# The myorigin parameter specifies the domain that locally-posted
# mail appears to come from. The default is to append $myhostname,
# which is fine for small sites. If you run a domain with multiple
# machines, you should (1) change this to $mydomain and (2) set up
# a domain-wide alias database that aliases each user to
# user@that.users.mailhost.
#
# For the sake of consistency between sender and recipient addresses,
# myorigin also specifies the default domain name that is appended
# to recipient addresses that have no @domain part.
#
#myorigin = $myhostname
myorigin = $mydomain
# RECEIVING MAIL
# The inet_interfaces parameter specifies the network interface
# addresses that this mail system receives mail on. By default,
# the software claims all active interfaces on the machine. The
# parameter also controls delivery of mail to user@[ip.address].
#
# See also the proxy_interfaces parameter, for network addresses that
# are forwarded to us via a proxy or network address translator.
#
# Note: you need to stop/start Postfix when this parameter changes.
#
inet_interfaces = all
#inet_interfaces = $myhostname
#inet_interfaces = $myhostname, localhost
#inet_interfaces = localhost
# Specify a list of host or domain names, /file/name or type:table
# patterns, separated by commas and/or whitespace. A /file/name
# pattern is replaced by its contents; a type:table is matched when
# a name matches a lookup key (the right-hand side is ignored).
# Continue long lines by starting the next line with whitespace.
#
# See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
#
#mydestination = $myhostname, localhost.$mydomain, localhost
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
#mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain,
# mail.$mydomain, www.$mydomain, ftp.$mydomain
# Announce STARTTLS support to remote SMTP clients, but do not require that
# clients use TLS encryption (opportunistic TLS inbound).
#
#smtpd_tls_security_level = may
smtpd_tls_security_level = none
なお、「lost connection after STARTTLS from unknown」という形でSMTP接続を拒否される場合は、おそらく標準値の「smtpd_tls_security_level = may」で設定している場合。(TLS1.2以降を必須、とかそんな感じ)
set ssl_verify_host = no
set ssl_verify_dates = no
set ssl_starttls = yes
set ssl_use_tlsv1_3 = yes
set ssl_use_tlsv1_2 = yes
set ssl_use_tlsv1_1 = yes
set ssl_use_tlsv1 = no
set ssl_use_sslv3 = no
set ssl_use_sslv2 = no
# yum check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
YumRepo Error: All mirror URLs are not using ftp, http[s] or file.
Eg. Invalid release/repo/arch combination/
removing mirrorlist with no valid mirrors: /var/cache/yum/base/mirrorlist.txt
Error: Cannot find a valid baseurl for repo: base
#
# yum check-update
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
Traceback (most recent call last):
File "/usr/bin/yum", line 29, in ?
yummain.user_main(sys.argv[1:], exit_code=True)
File "/usr/share/yum-cli/yummain.py", line 309, in user_main
errcode = main(args)
File "/usr/share/yum-cli/yummain.py", line 178, in main
result, resultmsgs = base.doCommands()
File "/usr/share/yum-cli/cli.py", line 345, in doCommands
self._getTs(needTsRemove)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 101, in _getTs
self._getTsInfo(remove_only)
File "/usr/lib/python2.4/site-packages/yum/depsolve.py", line 112, in _getTsInfo
pkgSack = self.pkgSack
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 662, in <lambda>
pkgSack = property(fget=lambda self: self._getSacks(),
File "/usr/lib/python2.4/site-packages/yum/__init__.py", line 502, in _getSacks
self.repos.populateSack(which=repos)
File "/usr/lib/python2.4/site-packages/yum/repos.py", line 260, in populateSack
sack.populate(repo, mdtype, callback, cacheonly)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 168, in populate
if self._check_db_version(repo, mydbtype):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 226, in _check_db_version
return repo._check_db_version(mdtype)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1226, in _check_db_version
repoXML = self.repoXML
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1399, in <lambda>
repoXML = property(fget=lambda self: self._getRepoXML(),
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1391, in _getRepoXML
self._loadRepoXML(text=self)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1381, in _loadRepoXML
return self._groupLoadRepoXML(text, ["primary"])
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1365, in _groupLoadRepoXML
if self._commonLoadRepoXML(text):
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 1201, in _commonLoadRepoXML
result = self._getFileRepoXML(local, text)
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 974, in _getFileRepoXML
cache=self.http_caching == 'all')
File "/usr/lib/python2.4/site-packages/yum/yumRepo.py", line 811, in _getFile
http_headers=headers,
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 412, in urlgrab
return self._mirror_try(func, url, kw)
File "/usr/lib/python2.4/site-packages/urlgrabber/mirror.py", line 398, in _mirror_try
return func_ref( *(fullurl,), **kwargs )
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 936, in urlgrab
return self._retry(opts, retryfunc, url, filename)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 854, in _retry
r = apply(func, (opts,) + args, {})
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 922, in retryfunc
fo = URLGrabberFileObject(url, filename, opts)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1010, in __init__
self._do_open()
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1093, in _do_open
fo, hdr = self._make_request(req, opener)
File "/usr/lib/python2.4/site-packages/urlgrabber/grabber.py", line 1202, in _make_request
fo = opener.open(req)
File "/usr/lib64/python2.4/urllib2.py", line 364, in open
response = meth(req, response)
File "/usr/lib64/python2.4/urllib2.py", line 471, in http_response
response = self.parent.error(
File "/usr/lib64/python2.4/urllib2.py", line 396, in error
result = self._call_chain(*args)
File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
result = func(*args)
File "/usr/lib64/python2.4/urllib2.py", line 565, in http_error_302
return self.parent.open(new)
File "/usr/lib64/python2.4/urllib2.py", line 358, in open
response = self._open(req, data)
File "/usr/lib64/python2.4/urllib2.py", line 376, in _open
'_open', req)
File "/usr/lib64/python2.4/urllib2.py", line 337, in _call_chain
result = func(*args)
File "/usr/lib64/python2.4/site-packages/M2Crypto/m2urllib2.py", line 82, in https_open
h.request(req.get_method(), req.get_selector(), req.data, headers)
File "/usr/lib64/python2.4/httplib.py", line 810, in request
self._send_request(method, url, body, headers)
File "/usr/lib64/python2.4/httplib.py", line 833, in _send_request
self.endheaders()
File "/usr/lib64/python2.4/httplib.py", line 804, in endheaders
self._send_output()
File "/usr/lib64/python2.4/httplib.py", line 685, in _send_output
self.send(msg)
File "/usr/lib64/python2.4/httplib.py", line 652, in send
self.connect()
File "/usr/lib64/python2.4/site-packages/M2Crypto/httpslib.py", line 55, in connect
sock.connect((self.host, self.port))
File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 174, in connect
ret = self.connect_ssl()
File "/usr/lib64/python2.4/site-packages/M2Crypto/SSL/Connection.py", line 167, in connect_ssl
return m2.ssl_connect(self.ssl, self._timeout)
M2Crypto.SSL.SSLError: unknown protocol
#
# CentOS-Base.repo
#
# The mirror system uses the connecting IP address of the client and the
# update status of each mirror to pick mirrors that are updated to and
# geographically close to the client. You should use this for CentOS updates
# unless you are manually picking other mirrors.
#
# If the mirrorlist= does not work for you, as a fall back you can try the
# remarked out baseurl= line instead.
#
#
[base]
name=CentOS-$releasever - Base
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://vault.centos.org/centos/$releasever/os/$basearch/
baseurl=http://archive.kernel.org/centos-vault/5.11/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#released updates
[updates]
name=CentOS-$releasever - Updates
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://vault.centos.org/centos/$releasever/updates/$basearch/
baseurl=http://archive.kernel.org/centos-vault/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras
#baseurl=http://vault.centos.org/centos/$releasever/extras/$basearch/
baseurl=http://archive.kernel.org/centos-vault/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus
#baseurl=http://vault.centos.org/centos/$releasever/centosplus/$basearch/
baseurl=http://archive.kernel.org/centos-vault/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=contrib
#baseurl=http://vault.centos.org/centos/$releasever/contrib/$basearch/
baseurl=http://archive.kernel.org/centos-vault/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
netapp101::> volume language -vserver netapp103 -volume eucvol
Volume language is ja_v1 (Japanese euc-j) for netapp103:eucvol
netapp101::> set adv
Warning: These advanced commands are potentially dangerous; use them only when directed to do so by NetApp personnel.
Do you want to continue? {y|n}: y
netapp101::*> volume language -vserver netapp103 -volume eucvol
Volume language is ja_v1 (Japanese euc-j) for netapp103:eucvol
Translation Versions
OEM Character set is cp932_v1|cp932_v1|Wed Jan 22 23:18:24 UTC 2003 for netapp103:eucvol
NFS Character set is eucj_v1|eucj_v1|Wed Jan 22 00:46:42 UTC 2003 for netapp103:eucvol
netapp101::*>
netapp101::*> vserver services name-service nis-domain show-bound-debug
Bound Bound
Vserver Domain NIS Server Status
------------- ------------------- ----------------- -------------------
netapp103 nisdom 172.17.44.49 Could not connect to server
netapp101::*>
今回は「Could not connect to server」ということで、NISサーバへの接続がうまくいかない、ということだった。確認したところ、途中のfirewall設定の問題でNISに関するポートが空いていないためだった。
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction win-unix -name osakanataro
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'osakanataro' maps to 'osakanataro'
netapp101::*>
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction win-unix -name vm2\\osakanataro
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'vm2\\osakanataro' maps to 'osakanataro'
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction unix-win -name osakanataro
'osakanataro' maps to 'VM2\osakanataro'
netapp101::*>
なお、NISサーバにアクセスできない場合にこのコマンドを実行すると、以下の様な結果になります。
netapp101::*> vserver services access-check name-mapping show -vserver netapp103 -direction unix-win -name osakanataro
Vserver: netapp103 (internal ID: 3)
Error: RPC map name request procedure failed
[ 4 ms] Mapping Successful for Unix-user 'osakanataro' to Windows
user 'VM2*' at position 1
[ 11] Successfully connected to ip 172.17.44.49, port 445 using
TCP
[ 59] Unknown error: 12
[ 59] Failed to initiate Kerberos authentication. Trying NTLM.
[ 70] Encountered NT error (NT_STATUS_MORE_PROCESSING_REQUIRED)
for SMB command SessionSetup
[ 95] Successfully authenticated with DC
samba.adosakana.local
[ 109] Encountered NT error (NT_STATUS_PENDING) for SMB command
Read
[ 117] Could not find Windows name 'VM2*'
**[ 120] FAILURE: Name mapping for UNIX user 'osakanataro' failed.
** Explicit Mapping failed and no default mapping found
Error: command failed: Failed to find mapping for the user. Reason: "SecD
Error: The mapped user does not exist and no default user is defined".
netapp101::*>
# sudo ln -s /opt/R/${R_VERSION}/bin/R /usr/local/bin/R
# sudo ln -s /opt/R/${R_VERSION}/bin/Rscript /usr/local/bin/Rscript
# which R
/usr/local/bin/R
# R --version
R version 4.1.3 (2022-03-10) -- "One Push-Up"
Copyright (C) 2022 The R Foundation for Statistical Computing
Platform: x86_64-pc-linux-gnu (64-bit)
R is free software and comes with ABSOLUTELY NO WARRANTY.
You are welcome to redistribute it under the terms of the
GNU General Public License versions 2 or 3.
For more information about these matters see
https://www.gnu.org/licenses/.
#
# cat rstudio.te
module rstudio 1.0;
require {
type devpts_t;
type init_t;
type http_port_t;
type ptmx_t;
type user_home_t;
type unreserved_port_t;
class process { execmem setpgid };
class tcp_socket name_connect;
class file { append create execute link map open read rename setattr write };
class dir { rename reparent rmdir };
class chr_file { ioctl open read write };
}
#============= init_t ==============
#!!!! This avc is allowed in the current policy
allow init_t devpts_t:chr_file open;
#!!!! This avc is allowed in the current policy
allow init_t http_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow init_t ptmx_t:chr_file { ioctl open read write };
#!!!! This avc is allowed in the current policy
allow init_t self:process { execmem setpgid };
#!!!! This avc is allowed in the current policy
allow init_t unreserved_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:dir { rename reparent rmdir };
allow init_t user_home_t:file link;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:file { append create execute map open read rename setattr write };
#
# ls
rstudio.te
# cat rstudio.te
module rstudio 1.1;
require {
type devpts_t;
type init_t;
type http_port_t;
type ptmx_t;
type user_home_t;
type unreserved_port_t;
class process { execmem setpgid };
class tcp_socket name_connect;
class file { append create execute link map open read rename setattr write };
class dir { rename reparent rmdir };
class chr_file { ioctl open read write };
}
#============= init_t ==============
#!!!! This avc is allowed in the current policy
allow init_t devpts_t:chr_file open;
#!!!! This avc is allowed in the current policy
allow init_t http_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
#!!!! This av rule may have been overridden by an extended permission av rule
allow init_t ptmx_t:chr_file { ioctl open read write };
#!!!! This avc is allowed in the current policy
allow init_t self:process { execmem setpgid };
#!!!! This avc is allowed in the current policy
allow init_t unreserved_port_t:tcp_socket name_connect;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:dir { rename reparent rmdir };
allow init_t user_home_t:file link;
#!!!! This avc is allowed in the current policy
allow init_t user_home_t:file { append create execute map open read rename setattr write };
#
# cat /etc/yum.repos.d/epel.repo
[epel]
name=Extra Packages for Enterprise Linux 8 - $basearch
# It is much more secure to use the metalink, but if you wish to use a local mirror
# place its address here.
#baseurl=https://download.example/pub/epel/8/Everything/$basearch
metalink=https://mirrors.fedoraproject.org/metalink?repo=epel-8&arch=$basearch&infra=$infra&content=$contentdir
enabled=1
gpgcheck=0
countme=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
#