AKS提出的问题 -server

AKS

Asked: 2022-02-12 12:46:20 +0800 CST

文件夹/文件上的 OWNER USER 错误： docker run -v <host_path_dir_file>:<docker_some_path_dir_file>/ not working for user defined in Dockerfile

0

主机操作系统： Red Hat Enterprise Linux Server 7.9版(Maipo)

来宾操作系统，即运行的 Docker 容器：OpenSuse 15.2

Docker 版本（在主机上）：Docker 版本 19.03.5，构建 633a0ea

在主机上，当我 git 克隆存储库“utilities_scripts”时，我对用户具有有效访问权限（由于 umask）。

docker run ...我认为这里的问题与权限无关，但是当我发出以下命令时，为什么 Dockerfile 中定义的 USER 没有被设置为 docker 容器内的文件夹/文件（正在挂载）的所有者。设置 755/775 等不是一个选项，因为我不能在容器内以目标 docker 用户的身份 chown 并且设置 777 是不好的做法。

注意：

当我从不同的 Linux 机器尝试相同的 docker 映像时，文件夹/文件作为用户“ docker_non_root_user ”安装，该用户在 Dockerfile 中定义为USER docker_non_root_user.
docker build ...成功运行并创建映像，并且容器在另一台机器上工作（当我使用-v <host>:<container>docker CLI 选项语法将 git clone 存储库安装在容器内时。

来自 Dockerfile 的代码片段是：

# Define any mount points references
VOLUME ["/home/docker_non_root_user/git"]

USER docker_non_root_user
WORKDIR /home/docker_non_root_user/git

这是我在存在 DockerfileUSER ...所有权问题的主机上看到的：

[gigauser@jenkins-projectABC bitbucket_workspace]$ whoami
gigauser
[gigauser@jenkins-projectABC bitbucket_workspace]$ id
uid=gigauser(gigauser) gid=21520(jenkins) groups=21520(jenkins),3000(ectx)

[gigauser@jenkins-projectABC bitbucket_workspace]$ umask
0077
[gigauser@jenkins-projectABC bitbucket_workspace]$ ls -l
total 12
drwx------  5 gigauser jenkins 4096 Feb  3 16:36 utilities_scripts
[gigauser@jenkins-projectABC bitbucket_workspace]$


[gigauser@jenkins-projectABC bitbucket_workspace]$ sudo docker image ls
Active Directory Password:
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE
project-im-opensuse   15.2                0c9ee31464cd        43 hours ago        2.39GB
[gigauser@jenkins-projectABC bitbucket_workspace]$

[gigauser@jenkins-projectABC bitbucket_workspace]$
[gigauser@jenkins-projectABC bitbucket_workspace]$ sudo docker run -v $PWD/utilities_scripts:/home/docker_non_root_user/git/utilities_scripts/ -it project-im-opensuse:15.2 bash -c "whoami; id; which bash; bash --version; ls -l; echo; ls -l utilities_scripts; ls -l /home/docker_non_root_user/git/utilities_scripts; id gigauser; echo"

WARNING: IPv4 forwarding is disabled. Networking will not work.


docker_non_root_user
uid=1000(docker_non_root_user) gid=487(docker_non_root_user) groups=487(docker_non_root_user),100(users)

/bin/bash
GNU bash, version 4.4.23(1)-release (x86_64-suse-linux-gnu)
Copyright (C) 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
total 8
drwx------ 5 gigauser 21520 4096 Feb  4 00:36 utilities_scripts

ls: cannot open directory 'utilities_scripts': Permission denied
ls: cannot open directory '/home/docker_non_root_user/git/utilities_scripts': Permission denied
id: 'gigauser': no such user

[gigauser@jenkins-projectABC bitbucket_workspace]$

当我在其他 Linux 机器上运行相同的命令时，我看到挂载utilities_scripts文件夹的所有者是docker_non_root_user.

问题：为什么我看到主机用户的 USER-ID（我在其中运行docker run命令）设置在 docker 容器中的 utility_scripts 文件夹中，而Dockerfile中没有创建这样的用户 ID/容器内不存在？（见上面输出中的倒数第二行）。它目前在 docker 容器内获得相同主机的所有者和文件夹级别权限。

gigauser即主机的用户，不在docker容器中，但文件ls -l输出显示是容器中文件夹/文件gigauser的所有者。utilities_scripts此问题不会出现在其他主机上。

我什至检查了/etc/subuid文件，对我来说看起来不错。将内部的值更改为 docker 的用户并没有帮助。我也没有在/etc/docker/daemon.json文件中看到与此相关的任何内容。

$ cat /etc/subuid
gigauser:165536:65536

docker run ....options从另一台 Linux 主机运行上述相同的命令，它显示 docker 容器内的文件夹所有权为：

drwx------ 5 docker_non_root_user 1000  272 Jan 26 21:52 utilities_scripts

AKS

Asked: 2015-12-29 14:30:11 +0800 CST

CentOS - yum install - 失败：受保护的 Multilib 版本：发现问题 libselinux

0

我有 CentOS 6.5

我正在尝试通过 yum 安装 git，但在安装必备软件包时出错。我不需要，但使用 root 运行 sudo 并没有什么坏处。

错误信息：

--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for libselinux which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of libselinux of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude libselinux.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of libselinux installed, but
            yum can only see an upgrade for one of those arcitectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of libselinux installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: libselinux-2.0.94-5.3.el6_4.1.i686 != libselinux-2.0.94-5.8.el6.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest

完整日志：

[root@server01 ~]# sudo yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
Setting up Install Process
Package gcc-4.4.7-4.el6.x86_64 already installed and latest version
Resolving Dependencies
--> Running transaction check
---> Package expat-devel.x86_64 0:2.0.1-11.el6_2 will be installed
---> Package gettext-devel.x86_64 0:0.17-16.el6 will be installed
--> Processing Dependency: gettext-libs = 0.17-16.el6 for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: gettext = 0.17-16.el6 for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: libgettextsrc-0.17.so()(64bit) for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: libgettextpo.so.0()(64bit) for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: libgettextlib-0.17.so()(64bit) for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: libgcj_bc.so.1()(64bit) for package: gettext-devel-0.17-16.el6.x86_64
--> Processing Dependency: libasprintf.so.0()(64bit) for package: gettext-devel-0.17-16.el6.x86_64
---> Package libcurl-devel.x86_64 0:7.19.7-37.el6_4 will be installed
--> Processing Dependency: libidn-devel for package: libcurl-devel-7.19.7-37.el6_4.x86_64
--> Processing Dependency: automake for package: libcurl-devel-7.19.7-37.el6_4.x86_64
---> Package openssl-devel.x86_64 0:1.0.1e-30.el6 will be installed
--> Processing Dependency: openssl = 1.0.1e-30.el6 for package: openssl-devel-1.0.1e-30.el6.x86_64
--> Processing Dependency: krb5-devel for package: openssl-devel-1.0.1e-30.el6.x86_64
---> Package perl-ExtUtils-MakeMaker.x86_64 0:6.55-136.el6 will be installed
--> Processing Dependency: perl-devel for package: perl-ExtUtils-MakeMaker-6.55-136.el6.x86_64
--> Processing Dependency: perl(Test::Harness) for package: perl-ExtUtils-MakeMaker-6.55-136.el6.x86_64
---> Package zlib-devel.x86_64 0:1.2.3-29.el6 will be installed
--> Running transaction check
---> Package automake.noarch 0:1.11.1-4.el6 will be installed
--> Processing Dependency: autoconf >= 2.62 for package: automake-1.11.1-4.el6.noarch
---> Package gettext.x86_64 0:0.17-16.el6 will be installed
--> Processing Dependency: cvs for package: gettext-0.17-16.el6.x86_64
---> Package gettext-libs.x86_64 0:0.17-16.el6 will be installed
---> Package krb5-devel.x86_64 0:1.10.3-37.el6_6 will be installed
--> Processing Dependency: krb5-libs = 1.10.3-37.el6_6 for package: krb5-devel-1.10.3-37.el6_6.x86_64
--> Processing Dependency: libselinux-devel for package: krb5-devel-1.10.3-37.el6_6.x86_64
--> Processing Dependency: libcom_err-devel for package: krb5-devel-1.10.3-37.el6_6.x86_64
--> Processing Dependency: keyutils-libs-devel for package: krb5-devel-1.10.3-37.el6_6.x86_64
---> Package libgcj.x86_64 0:4.4.7-4.el6 will be installed
--> Processing Dependency: zip >= 2.1 for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libart_lgpl >= 2.1.0 for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: gtk2 >= 2.4.0 for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libasound.so.2(ALSA_0.9)(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libpangoft2-1.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libpangocairo-1.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libpango-1.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libgtk-x11-2.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libgdk_pixbuf-2.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libgdk-x11-2.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libfreetype.so.6()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libfontconfig.so.1()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libcairo.so.2()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libatk-1.0.so.0()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libasound.so.2()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libXtst.so.6()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libXrender.so.1()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libXrandr.so.2()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libSM.so.6()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
--> Processing Dependency: libICE.so.6()(64bit) for package: libgcj-4.4.7-4.el6.x86_64
---> Package libidn-devel.x86_64 0:1.18-2.el6 will be installed
---> Package openssl.x86_64 0:1.0.1e-15.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-30.el6 will be an update
---> Package perl-Test-Harness.x86_64 0:3.17-136.el6 will be installed
---> Package perl-devel.x86_64 4:5.10.1-136.el6 will be installed
--> Processing Dependency: perl(ExtUtils::ParseXS) for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Processing Dependency: gdbm-devel for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Processing Dependency: db4-devel for package: 4:perl-devel-5.10.1-136.el6.x86_64
--> Running transaction check
---> Package alsa-lib.x86_64 0:1.0.22-3.el6 will be installed
---> Package atk.x86_64 0:1.30.0-1.el6 will be installed
---> Package autoconf.noarch 0:2.63-5.1.el6 will be installed
---> Package cairo.x86_64 0:1.8.8-3.1.el6 will be installed
--> Processing Dependency: libpng12.so.0(PNG12_0)(64bit) for package: cairo-1.8.8-3.1.el6.x86_64
--> Processing Dependency: libpng12.so.0()(64bit) for package: cairo-1.8.8-3.1.el6.x86_64
--> Processing Dependency: libpixman-1.so.0()(64bit) for package: cairo-1.8.8-3.1.el6.x86_64
--> Processing Dependency: libX11.so.6()(64bit) for package: cairo-1.8.8-3.1.el6.x86_64
---> Package cvs.x86_64 0:1.11.23-16.el6 will be installed
---> Package db4-devel.x86_64 0:4.7.25-18.el6_4 will be installed
--> Processing Dependency: db4-cxx = 4.7.25-18.el6_4 for package: db4-devel-4.7.25-18.el6_4.x86_64
--> Processing Dependency: libdb_cxx-4.7.so()(64bit) for package: db4-devel-4.7.25-18.el6_4.x86_64
---> Package fontconfig.x86_64 0:2.8.0-3.el6 will be installed
---> Package freetype.x86_64 0:2.3.11-14.el6_3.1 will be installed
---> Package gdbm-devel.x86_64 0:1.8.0-36.el6 will be installed
---> Package gtk2.x86_64 0:2.20.1-4.el6 will be installed
--> Processing Dependency: libtiff >= 3.6.1 for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libjpeg.so.62(LIBJPEG_6.2)(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: hicolor-icon-theme for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libtiff.so.3()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libjpeg.so.62()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libjasper.so.1()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libcups.so.2()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXinerama.so.1()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXi.so.6()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXfixes.so.3()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXext.so.6()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXdamage.so.1()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXcursor.so.1()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
--> Processing Dependency: libXcomposite.so.1()(64bit) for package: gtk2-2.20.1-4.el6.x86_64
---> Package keyutils-libs-devel.x86_64 0:1.4-4.el6 will be installed
---> Package krb5-libs.x86_64 0:1.10.3-10.el6_4.6 will be updated
---> Package krb5-libs.x86_64 0:1.10.3-37.el6_6 will be an update
---> Package libICE.x86_64 0:1.0.6-1.el6 will be installed
---> Package libSM.x86_64 0:1.2.1-2.el6 will be installed
---> Package libXrandr.x86_64 0:1.4.0-1.el6 will be installed
---> Package libXrender.x86_64 0:0.9.7-2.el6 will be installed
---> Package libXtst.x86_64 0:1.2.1-2.el6 will be installed
---> Package libart_lgpl.x86_64 0:2.3.20-5.1.el6 will be installed
---> Package libcom_err-devel.x86_64 0:1.41.12-18.el6 will be installed
---> Package libselinux-devel.x86_64 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libselinux = 2.0.94-5.3.el6_4.1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: libsepol-devel >= 2.0.32-1 for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
--> Processing Dependency: pkgconfig(libsepol) for package: libselinux-devel-2.0.94-5.3.el6_4.1.x86_64
---> Package pango.x86_64 0:1.28.1-7.el6_3 will be installed
--> Processing Dependency: libthai >= 0.1.9 for package: pango-1.28.1-7.el6_3.x86_64
--> Processing Dependency: libthai.so.0(LIBTHAI_0.1)(64bit) for package: pango-1.28.1-7.el6_3.x86_64
--> Processing Dependency: libthai.so.0()(64bit) for package: pango-1.28.1-7.el6_3.x86_64
--> Processing Dependency: libXft.so.2()(64bit) for package: pango-1.28.1-7.el6_3.x86_64
---> Package perl-ExtUtils-ParseXS.x86_64 1:2.2003.0-136.el6 will be installed
---> Package zip.x86_64 0:3.0-1.el6 will be installed
--> Running transaction check
---> Package cups-libs.x86_64 1:1.4.2-50.el6_4.5 will be installed
--> Processing Dependency: libgnutls.so.26(GNUTLS_1_4)(64bit) for package: 1:cups-libs-1.4.2-50.el6_4.5.x86_64
--> Processing Dependency: libgnutls.so.26()(64bit) for package: 1:cups-libs-1.4.2-50.el6_4.5.x86_64
--> Processing Dependency: libavahi-common.so.3()(64bit) for package: 1:cups-libs-1.4.2-50.el6_4.5.x86_64
--> Processing Dependency: libavahi-client.so.3()(64bit) for package: 1:cups-libs-1.4.2-50.el6_4.5.x86_64
---> Package db4-cxx.x86_64 0:4.7.25-18.el6_4 will be installed
---> Package hicolor-icon-theme.noarch 0:0.11-1.1.el6 will be installed
---> Package jasper-libs.x86_64 0:1.900.1-15.el6_1.1 will be installed
---> Package libX11.x86_64 0:1.5.0-4.el6 will be installed
--> Processing Dependency: libX11-common = 1.5.0-4.el6 for package: libX11-1.5.0-4.el6.x86_64
--> Processing Dependency: libxcb.so.1()(64bit) for package: libX11-1.5.0-4.el6.x86_64
---> Package libXcomposite.x86_64 0:0.4.3-4.el6 will be installed
---> Package libXcursor.x86_64 0:1.1.13-6.20130524git8f677eaea.el6 will be installed
---> Package libXdamage.x86_64 0:1.1.3-4.el6 will be installed
---> Package libXext.x86_64 0:1.3.1-2.el6 will be installed
---> Package libXfixes.x86_64 0:5.0-3.el6 will be installed
---> Package libXft.x86_64 0:2.3.1-2.el6 will be installed
---> Package libXi.x86_64 0:1.6.1-3.el6 will be installed
---> Package libXinerama.x86_64 0:1.1.2-2.el6 will be installed
---> Package libjpeg-turbo.x86_64 0:1.2.1-1.el6 will be installed
---> Package libpng.x86_64 2:1.2.49-1.el6_2 will be installed
---> Package libselinux.i686 0:2.0.94-5.3.el6_4.1 will be installed
--> Processing Dependency: libdl.so.2(GLIBC_2.1) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2(GLIBC_2.0) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libdl.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: libc.so.6(GLIBC_2.8) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2(GLIBC_2.3) for package: libselinux-2.0.94-5.3.el6_4.1.i686
--> Processing Dependency: ld-linux.so.2 for package: libselinux-2.0.94-5.3.el6_4.1.i686
---> Package libsepol-devel.x86_64 0:2.0.41-4.el6 will be installed
---> Package libthai.x86_64 0:0.1.12-3.el6 will be installed
---> Package libtiff.x86_64 0:3.9.4-9.el6_3 will be installed
---> Package pixman.x86_64 0:0.26.2-5.el6_4 will be installed
--> Running transaction check
---> Package avahi-libs.x86_64 0:0.6.25-12.el6 will be installed
---> Package glibc.x86_64 0:2.12-1.132.el6 will be updated
--> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-devel-2.12-1.132.el6.x86_64
--> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-headers-2.12-1.132.el6.x86_64
--> Processing Dependency: glibc = 2.12-1.132.el6 for package: glibc-common-2.12-1.132.el6.x86_64
---> Package glibc.i686 0:2.12-1.149.el6_6.5 will be installed
--> Processing Dependency: libfreebl3.so(NSSRAWHASH_3.12.3) for package: glibc-2.12-1.149.el6_6.5.i686
--> Processing Dependency: libfreebl3.so for package: glibc-2.12-1.149.el6_6.5.i686
---> Package glibc.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package gnutls.x86_64 0:2.8.5-10.el6_4.2 will be installed
---> Package libX11-common.noarch 0:1.5.0-4.el6 will be installed
---> Package libxcb.x86_64 0:1.8.1-1.el6 will be installed
--> Processing Dependency: libXau.so.6()(64bit) for package: libxcb-1.8.1-1.el6.x86_64
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.132.el6 will be updated
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package glibc-devel.x86_64 0:2.12-1.132.el6 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.132.el6 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package libXau.x86_64 0:1.0.6-4.el6 will be installed
---> Package nss-softokn-freebl.i686 0:3.14.3-9.el6 will be installed
--> Finished Dependency Resolution
Error:  Multilib version problems found. This often means that the root
       cause is something else and multilib version checking is just
       pointing out that there is a problem. Eg.:

         1. You have an upgrade for libselinux which is missing some
            dependency that another package requires. Yum is trying to
            solve this by installing an older version of libselinux of the
            different architecture. If you exclude the bad architecture
            yum will tell you what the root cause is (which package
            requires what). You can try redoing the upgrade with
            --exclude libselinux.otherarch ... this should give you an error
            message showing the root cause of the problem.

         2. You have multiple architectures of libselinux installed, but
            yum can only see an upgrade for one of those arcitectures.
            If you don't want/need both architectures anymore then you
            can remove the one with the missing update and everything
            will work.

         3. You have duplicate versions of libselinux installed already.
            You can use "yum check" to get yum show these errors.

       ...you can also use --setopt=protected_multilib=false to remove
       this checking, however this is almost never the correct thing to
       do as something else is very likely to go wrong (often causing
       much more problems).

       Protected multilib versions: libselinux-2.0.94-5.3.el6_4.1.i686 != libselinux-2.0.94-5.8.el6.x86_64
 You could try using --skip-broken to work around the problem
 You could try running: rpm -Va --nofiles --nodigest
[root@server01 ~]#

yum repolist向我展示：

[root@server01 ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
repo id                                                                          repo name                                                                                    status
puppetlabs-deps                                                                  Puppet Labs Dependencies El 6 - x86_64                                                          77
puppetlabs-products                                                              Puppet Labs Products El 6 - x86_64                                                             538
release.update                                                                   6.6.5                                                                                        6,367
supplemental.release                                                             supplemental.6                                                                                  84
supplemental.release.update                                                      supplemental.6.6.5                                                                               1
repolist: 7,067
[root@server01 ~]#

尝试运行以下命令，但仍然出现错误（它执行了一些下载/解析依赖项，但最终失败并出现以下新错误）。 yum-完成交易；百胜发行同步；百胜清洁所有；百胜更新

Transaction Check Error:
  file /usr/bin/extlookup2hiera from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/hiera/backend/puppet_backend.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/hiera/scope.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/hiera_puppet.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/puppet/parser/functions/hiera.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/puppet/parser/functions/hiera_array.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/puppet/parser/functions/hiera_hash.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch
  file /usr/lib/ruby/site_ruby/1.8/puppet/parser/functions/hiera_include.rb from install of puppet-3.8.4-1.el6.noarch conflicts with file from package hiera-puppet-1.0.0-1.el6.noarch

Error Summary
-------------

我看到这篇文章为 CentOS 6 (x86_64) 安装额外的软件包仓库，但这并没有帮助。使用它，现在我遇到了第三个错误。

# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@server01 yum.repos.d]#

现在yum repolist显示了一个额外的行（对于额外的包 - CentOS）：

epel                                                                         Extra Packages for Enterprise Linux 6 - x86_64                                                   11,838

尽管如此，运行： sudo yum -y install curl-devel expat-devel gettext-devel openssl-devel zlib-devel gcc perl-ExtUtils-MakeMaker仍然给我同样的错误（我首先得到了上面提到的）。

/etc/yum.repos.d 包含 -- # pwd; ls -l

/etc/yum.repos.d
total 32
-rw-r--r--  1 root root 14540 Nov  5  2012 epel-release-6-8.noarch.rpm
-rw-r--r--  1 root root   957 Nov  4  2012 epel.repo
-rw-r--r--  1 root root  1056 Nov  4  2012 epel-testing.repo
-rw-r--r--. 1 root root  1250 Jan 22  2014 puppetlabs.repo
-rw-r--r--. 1 root root   406 Dec  8 10:48 mycompany.redhat.repo

Puppetlabs.repo 对于这篇文章来说似乎是多余的，前 2 个 .repo 文件在我下载 + 安装了额外的包 repo rpm（如上面的帖子/链接中列出）后安装在这里，mycompany.redhat.repo 中的内容是：

[release.update]
name=$releasever.$YUM0
baseurl=http://manager/yum/$basearch/$releasever/$YUM0/Server
enabled=1
gpgcheck=0

[supplemental.release]
name=supplemental.$releasever
baseurl=http://manager/yum/$basearch/supplemental/$releasever
enabled=1
gpgcheck=0

[supplemental.release.update]
name=supplemental.$releasever.$YUM0
baseurl=http://manager/yum/$basearch/supplemental/$YUM0
enabled=1
gpgcheck=0

AKS

Asked: 2015-01-30 10:12:14 +0800 CST

Linux glibc 2.18 及更早版本 - 漏洞

0

服务器：红帽企业 Linux 服务器版本 5.9 (Tikanga)

我了解到，2.18 之前的 Linux GNU C 库 (glibc) 版本容易通过 gethostbyname 函数中的漏洞受到远程代码执行的影响。利用此漏洞可能允许远程攻击者控制受影响的系统。

使用 glibc-2.18 及更高版本的 Linux 发行版不受影响。这个漏洞类似于我们最近看到的 ShellShock 和 Heartbleed。

我明白了，补丁在这里可用：https ://access.redhat.com/security/cve/CVE-2015-0235 (RedHat) 或http://www.ubuntu.com/usn/usn-2485-1/（Ubuntu）。

我正计划修补我们的 Linux 系统（需要重新启动）并想检查几个问题：

有没有人尝试修补他们的系统来解决这个漏洞？补丁对运行的 Linux 平台/应用程序有什么影响？
如果我只是通过 yum upgrade 升级 glibc 二进制文件，我认为我不会很好。
在哪里可以找到解决此问题的分步指南。

文件夹/文件上的 OWNER USER 错误： docker run -v <host_path_dir_file>:<docker_some_path_dir_file>/ not working for user defined in Dockerfile

CentOS - yum install - 失败：受保护的 Multilib 版本：发现问题 libselinux

Linux glibc 2.18 及更早版本 - 漏洞

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

AKS's questions