diff --git a/404.html b/404.html index 44ba0b1..b7c7c07 100644 --- a/404.html +++ b/404.html @@ -447,6 +447,8 @@ + + @@ -808,6 +810,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/ceph/ceph-manual-test/index.html b/ceph/ceph-manual-test/index.html index ccbae00..cbd9e07 100644 --- a/ceph/ceph-manual-test/index.html +++ b/ceph/ceph-manual-test/index.html @@ -465,6 +465,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/ceph/index.html b/ceph/index.html index 3c4a67d..24caff1 100644 --- a/ceph/index.html +++ b/ceph/index.html @@ -457,6 +457,8 @@ + + @@ -818,6 +820,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/coding/golang-ip-conversion/index.html b/coding/golang-ip-conversion/index.html index c3233d1..c8e6ad4 100644 --- a/coding/golang-ip-conversion/index.html +++ b/coding/golang-ip-conversion/index.html @@ -453,6 +453,8 @@ + + @@ -814,6 +816,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/coding/index.html b/coding/index.html index 685899e..5ec5696 100644 --- a/coding/index.html +++ b/coding/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/coding/operator-sdk-reconciliation/index.html b/coding/operator-sdk-reconciliation/index.html index 0ebcc2f..e666146 100644 --- a/coding/operator-sdk-reconciliation/index.html +++ b/coding/operator-sdk-reconciliation/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/coding/vimrc/index.html b/coding/vimrc/index.html index 16c1e52..eca45cd 100644 --- a/coding/vimrc/index.html +++ b/coding/vimrc/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/feed_rss_created.xml b/feed_rss_created.xml index c270cf6..f670f77 100644 --- a/feed_rss_created.xml +++ b/feed_rss_created.xml @@ -1 +1 @@ - Andreas Karis BlogAndreas Karis' blog about anything Kubernetes, OpenShift, Linux and Networkinghttps://andreaskaris.github.io/blog/en Thu, 20 Jun 2024 12:59:48 -0000 Thu, 20 Jun 2024 12:59:48 -0000 1440 MkDocs RSS plugin - v1.11.1 Protect Lenovo laptop battery <p>In order to protect your Lenovo battery, you can set charge start and end thresholds.According to [anecdotal evidence](https://linrunner.de/tlp/faq/battery....</p>https://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Thu, 20 Jun 2024 14:59:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Netlink and MAC addresses <h2>Netlink address fields IFLA_ADDRESS, IFLA_BROADCAST and IFLA_PERM_ADDRESS</h2><p>A few days ago, I had to figure out how applications such as iproute2 read the ...</p>https://andreaskaris.github.io/blog/networking/netlink-address-fields/ Sun, 12 May 2024 21:25:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/netlink-address-fields/ CPU isolation in Red Hat OpenShift Container Platform <h2>CPU isolation in Red Hat OpenShift Container Platform</h2><p>Two complementary features allow admins to partition the node's CPUs according to their needs. The ...</p>https://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ Mon, 06 May 2024 20:08:03 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ udev rules to apply ethtool settings <h1>udev rules to apply ethtool settings</h1><p>In order to apply specific ethtool settings to all interfaces matching a specific regular expression, run:```cat &lt;&lt;...</p>https://andreaskaris.github.io/blog/linux/udev-ethtool/ Mon, 29 Apr 2024 19:44:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/udev-ethtool/ OpenShift with iSCSI multipath <h2>Kubernets iSCSI volume driver</h2><p>The iSCSI volume driver can work as both a single path iSCSI initiator or with multipath.For some information about the dr...</p>https://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ Fri, 12 Jan 2024 17:53:42 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ kernel-ml on OpenShift <h1>kernel-ml on OpenShift</h1><p>In order to find out if a kernel bug was already fixed upstream, it may sometimes be necessary to test the upstreamkernel on top o...</p>https://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Thu, 23 Nov 2023 18:41:02 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Seccomp defaults in Red Hat OpenShift Container Platform <h1>Seccomp defaults in Red Hat OpenShift Container Platform</h1><p>Seccomp can be used to restrict the syscalls that processes running inside a container are allowe...</p>https://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Mon, 25 Sep 2023 19:20:43 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Hands-on with OVN Interconnection <h1>Hands-on with OVN Interconnection (OVN IC)</h1><p><a href="https://docs.ovn.org/en/latest/tutorials/ovn-interconnection.html">OVN Interconnection</a> (OVN IC) allows admini...</p>https://andreaskaris.github.io/blog/networking/ovn-interconnection/ Mon, 11 Sep 2023 19:06:05 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn-interconnection/ rpm-ostreed failed to find image <h2>rpm-ostreed failed to find image</h2><p>Today, I ran into a strange issue after messing around a bit too much with OpenShift's Machine Config Operator.After de...</p>https://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Tue, 15 Aug 2023 20:03:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Workaround for org.gnome.shell.overrides not installed <h1>Settings schema 'org.gnome.shell.overrides' is not installed</h1><p>I recently upgraded to Fedora 38 and Gnome 44, and one of my installed applications give this...</p>https://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ Wed, 03 May 2023 19:38:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ DedicatedServiceMonitors in OpenShift Monitoring <h2>DedicatedServiceMonitors in Red Hat OpenShift Monitoring</h2><h3>Introduction</h3><p>By default, OpenShift's Prometheus stack will pull pod CPU and memory usage fr...</p>https://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Wed, 03 May 2023 15:53:44 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Using cgroups for CFS bandwidth control <h1>Using cgroups for CFS bandwidth control (CPU quotas)</h1><p>CFS bandwidth control is a feature that allows you to limit the amount of CPU time that a control gro...</p>https://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ Mon, 27 Mar 2023 11:28:05 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ How kubelet monitors filesystems <h1>How kubelet monitors filesystems</h1><p>Kubelet can monitor 2 file systems, nodefs and imagefs. nodefs is auto-discovered by the presence of <code>/var/lib/kubelet</code>....</p>https://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Wed, 22 Mar 2023 17:03:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Golang IP address conversion <h2>IP address conversion with golang</h2><h3>Finding an IP network's broadcast IP</h3><p>The following function calculates the broadcast IP for both IPv4 and IPv6 net...</p>https://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Controller Reconciliation <h2>Reconciliation with the Operator SDK</h2><p>In the Operator SDK, controllers implement the [Reconciler](https://github.com/kubernetes-sigs/controller-runtime/bl...</p>https://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ My vimrc <h1>My vimrc</h1><p>Below my configuration for vim which I use for go and python development:~~~cat &lt;&lt;'EOF' &gt; ~/.vimrccall plug#begin() Plug 'vim-airline/vim-ai...</p>https://andreaskaris.github.io/blog/coding/vimrc/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/vimrc/ SCCs and mutating webhooks - a lesson learned <p><img alt="title" src="https://user-images.githubusercontent.com/3291433/220175185-f58bf274-e886-45ef-ab32-92b6cd3f1739.png"></p><h1>SCCs and mutating webhooks - or how to lear...</h1>https://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Mon, 13 Feb 2023 22:16:16 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Building custom release images for OpenShift <h2>Building custom release images for OpenShift</h2><h3>Using custom container image for a specific component / operator</h3><p>The following example builds a custom ...</p>https://andreaskaris.github.io/blog/openshift/ocp-custom-release-image/ Wed, 19 Oct 2022 14:17:44 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/ocp-custom-release-image/ OVN standalone on Fedora <h1>OVN standalone on Fedora</h1><p>For instruction to build OVN and OVS from source, see: https://docs.ovn.org/en/latest/intro/install/fedora.html#fedora-rhel-7-...</p>https://andreaskaris.github.io/blog/networking/ovn_standalone_on_fedora/ Tue, 14 Jun 2022 13:38:40 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn_standalone_on_fedora/ Patch status.loadBalancer.ingress IP manually <h2>How to patch status.loadBalancer.ingress IPs manually to a service in a baremetal deployment?</h2><p>For testing purposes, you might want to modify the status.l...</p>https://andreaskaris.github.io/blog/openshift/patch-service-loadbalancer-ingress-ip/ Wed, 16 Feb 2022 17:58:27 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/patch-service-loadbalancer-ingress-ip/ \ No newline at end of file + Andreas Karis BlogAndreas Karis' blog about anything Kubernetes, OpenShift, Linux and Networkinghttps://andreaskaris.github.io/blog/en Fri, 19 Jul 2024 13:04:34 -0000 Fri, 19 Jul 2024 13:04:34 -0000 1440 MkDocs RSS plugin - v1.11.1 SELinux Cheat Sheet <h1>SELinux Cheat Sheet</h1><h3>Reading SELinux status</h3><p>| Command | Description | Examples ||---|---|---|| cat /etc/selinux/config | Get SELinux boot configu...</p>https://andreaskaris.github.io/blog/linux/selinux-cheatsheet/ Fri, 19 Jul 2024 15:04:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/selinux-cheatsheet/ Protect Lenovo laptop battery <p>In order to protect your Lenovo battery, you can set charge start and end thresholds.According to [anecdotal evidence](https://linrunner.de/tlp/faq/battery....</p>https://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Thu, 20 Jun 2024 14:59:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Netlink and MAC addresses <h2>Netlink address fields IFLA_ADDRESS, IFLA_BROADCAST and IFLA_PERM_ADDRESS</h2><p>A few days ago, I had to figure out how applications such as iproute2 read the ...</p>https://andreaskaris.github.io/blog/networking/netlink-address-fields/ Sun, 12 May 2024 21:25:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/netlink-address-fields/ CPU isolation in Red Hat OpenShift Container Platform <h2>CPU isolation in Red Hat OpenShift Container Platform</h2><p>Two complementary features allow admins to partition the node's CPUs according to their needs. The ...</p>https://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ Mon, 06 May 2024 20:08:03 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ udev rules to apply ethtool settings <h1>udev rules to apply ethtool settings</h1><p>In order to apply specific ethtool settings to all interfaces matching a specific regular expression, run:```cat &lt;&lt;...</p>https://andreaskaris.github.io/blog/linux/udev-ethtool/ Mon, 29 Apr 2024 19:44:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/udev-ethtool/ OpenShift with iSCSI multipath <h2>Kubernets iSCSI volume driver</h2><p>The iSCSI volume driver can work as both a single path iSCSI initiator or with multipath.For some information about the dr...</p>https://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ Fri, 12 Jan 2024 17:53:42 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ kernel-ml on OpenShift <h1>kernel-ml on OpenShift</h1><p>In order to find out if a kernel bug was already fixed upstream, it may sometimes be necessary to test the upstreamkernel on top o...</p>https://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Thu, 23 Nov 2023 18:41:02 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Seccomp defaults in Red Hat OpenShift Container Platform <h1>Seccomp defaults in Red Hat OpenShift Container Platform</h1><p>Seccomp can be used to restrict the syscalls that processes running inside a container are allowe...</p>https://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Mon, 25 Sep 2023 19:20:43 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Hands-on with OVN Interconnection <h1>Hands-on with OVN Interconnection (OVN IC)</h1><p><a href="https://docs.ovn.org/en/latest/tutorials/ovn-interconnection.html">OVN Interconnection</a> (OVN IC) allows admini...</p>https://andreaskaris.github.io/blog/networking/ovn-interconnection/ Mon, 11 Sep 2023 19:06:05 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn-interconnection/ rpm-ostreed failed to find image <h2>rpm-ostreed failed to find image</h2><p>Today, I ran into a strange issue after messing around a bit too much with OpenShift's Machine Config Operator.After de...</p>https://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Tue, 15 Aug 2023 20:03:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Workaround for org.gnome.shell.overrides not installed <h1>Settings schema 'org.gnome.shell.overrides' is not installed</h1><p>I recently upgraded to Fedora 38 and Gnome 44, and one of my installed applications give this...</p>https://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ Wed, 03 May 2023 19:38:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ DedicatedServiceMonitors in OpenShift Monitoring <h2>DedicatedServiceMonitors in Red Hat OpenShift Monitoring</h2><h3>Introduction</h3><p>By default, OpenShift's Prometheus stack will pull pod CPU and memory usage fr...</p>https://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Wed, 03 May 2023 15:53:44 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Using cgroups for CFS bandwidth control <h1>Using cgroups for CFS bandwidth control (CPU quotas)</h1><p>CFS bandwidth control is a feature that allows you to limit the amount of CPU time that a control gro...</p>https://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ Mon, 27 Mar 2023 11:28:05 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ How kubelet monitors filesystems <h1>How kubelet monitors filesystems</h1><p>Kubelet can monitor 2 file systems, nodefs and imagefs. nodefs is auto-discovered by the presence of <code>/var/lib/kubelet</code>....</p>https://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Wed, 22 Mar 2023 17:03:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Golang IP address conversion <h2>IP address conversion with golang</h2><h3>Finding an IP network's broadcast IP</h3><p>The following function calculates the broadcast IP for both IPv4 and IPv6 net...</p>https://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Controller Reconciliation <h2>Reconciliation with the Operator SDK</h2><p>In the Operator SDK, controllers implement the [Reconciler](https://github.com/kubernetes-sigs/controller-runtime/bl...</p>https://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ My vimrc <h1>My vimrc</h1><p>Below my configuration for vim which I use for go and python development:~~~cat &lt;&lt;'EOF' &gt; ~/.vimrccall plug#begin() Plug 'vim-airline/vim-ai...</p>https://andreaskaris.github.io/blog/coding/vimrc/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/vimrc/ SCCs and mutating webhooks - a lesson learned <p><img alt="title" src="https://user-images.githubusercontent.com/3291433/220175185-f58bf274-e886-45ef-ab32-92b6cd3f1739.png"></p><h1>SCCs and mutating webhooks - or how to lear...</h1>https://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Mon, 13 Feb 2023 22:16:16 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Building custom release images for OpenShift <h2>Building custom release images for OpenShift</h2><h3>Using custom container image for a specific component / operator</h3><p>The following example builds a custom ...</p>https://andreaskaris.github.io/blog/openshift/ocp-custom-release-image/ Wed, 19 Oct 2022 14:17:44 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/ocp-custom-release-image/ OVN standalone on Fedora <h1>OVN standalone on Fedora</h1><p>For instruction to build OVN and OVS from source, see: https://docs.ovn.org/en/latest/intro/install/fedora.html#fedora-rhel-7-...</p>https://andreaskaris.github.io/blog/networking/ovn_standalone_on_fedora/ Tue, 14 Jun 2022 13:38:40 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn_standalone_on_fedora/ \ No newline at end of file diff --git a/feed_rss_updated.xml b/feed_rss_updated.xml index c34906c..060b6fe 100644 --- a/feed_rss_updated.xml +++ b/feed_rss_updated.xml @@ -1 +1 @@ - Andreas Karis BlogAndreas Karis' blog about anything Kubernetes, OpenShift, Linux and Networkinghttps://andreaskaris.github.io/blog/en Thu, 20 Jun 2024 12:59:48 -0000 Thu, 20 Jun 2024 12:59:48 -0000 1440 MkDocs RSS plugin - v1.11.1 Protect Lenovo laptop battery <p>In order to protect your Lenovo battery, you can set charge start and end thresholds.According to [anecdotal evidence](https://linrunner.de/tlp/faq/battery....</p>https://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Thu, 20 Jun 2024 14:59:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Netlink and MAC addresses <h2>Netlink address fields IFLA_ADDRESS, IFLA_BROADCAST and IFLA_PERM_ADDRESS</h2><p>A few days ago, I had to figure out how applications such as iproute2 read the ...</p>https://andreaskaris.github.io/blog/networking/netlink-address-fields/ Mon, 13 May 2024 11:22:39 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/netlink-address-fields/ CPU isolation in Red Hat OpenShift Container Platform <h2>CPU isolation in Red Hat OpenShift Container Platform</h2><p>Two complementary features allow admins to partition the node's CPUs according to their needs. The ...</p>https://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ Mon, 06 May 2024 22:24:07 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ udev rules to apply ethtool settings <h1>udev rules to apply ethtool settings</h1><p>In order to apply specific ethtool settings to all interfaces matching a specific regular expression, run:```cat &lt;&lt;...</p>https://andreaskaris.github.io/blog/linux/udev-ethtool/ Mon, 29 Apr 2024 19:44:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/udev-ethtool/ OpenShift with iSCSI multipath <h2>Kubernets iSCSI volume driver</h2><p>The iSCSI volume driver can work as both a single path iSCSI initiator or with multipath.For some information about the dr...</p>https://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ Fri, 12 Jan 2024 18:05:09 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ kernel-ml on OpenShift <h1>kernel-ml on OpenShift</h1><p>In order to find out if a kernel bug was already fixed upstream, it may sometimes be necessary to test the upstreamkernel on top o...</p>https://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Thu, 23 Nov 2023 18:46:14 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Setting journalctl limits <h2>Changing the size of data that journald retains</h2><p>The systemd journal by default retains 4GB of data. In order to increase or decrease that value, set `Sys...</p>https://andreaskaris.github.io/blog/linux/setting-journalctl-limits/ Thu, 09 Nov 2023 17:19:41 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/setting-journalctl-limits/ Seccomp defaults in Red Hat OpenShift Container Platform <h1>Seccomp defaults in Red Hat OpenShift Container Platform</h1><p>Seccomp can be used to restrict the syscalls that processes running inside a container are allowe...</p>https://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Wed, 11 Oct 2023 18:48:34 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Hands-on with OVN Interconnection <h1>Hands-on with OVN Interconnection (OVN IC)</h1><p><a href="https://docs.ovn.org/en/latest/tutorials/ovn-interconnection.html">OVN Interconnection</a> (OVN IC) allows admini...</p>https://andreaskaris.github.io/blog/networking/ovn-interconnection/ Mon, 11 Sep 2023 19:16:51 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn-interconnection/ rpm-ostreed failed to find image <h2>rpm-ostreed failed to find image</h2><p>Today, I ran into a strange issue after messing around a bit too much with OpenShift's Machine Config Operator.After de...</p>https://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Tue, 15 Aug 2023 20:03:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ My vimrc <h1>My vimrc</h1><p>Below my configuration for vim which I use for go and python development:~~~cat &lt;&lt;'EOF' &gt; ~/.vimrccall plug#begin() Plug 'vim-airline/vim-ai...</p>https://andreaskaris.github.io/blog/coding/vimrc/ Tue, 25 Jul 2023 13:34:48 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/vimrc/ Workaround for org.gnome.shell.overrides not installed <h1>Settings schema 'org.gnome.shell.overrides' is not installed</h1><p>I recently upgraded to Fedora 38 and Gnome 44, and one of my installed applications give this...</p>https://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ Wed, 03 May 2023 19:38:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ DedicatedServiceMonitors in OpenShift Monitoring <h2>DedicatedServiceMonitors in Red Hat OpenShift Monitoring</h2><h3>Introduction</h3><p>By default, OpenShift's Prometheus stack will pull pod CPU and memory usage fr...</p>https://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Wed, 03 May 2023 16:41:21 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Using cgroups for CFS bandwidth control <h1>Using cgroups for CFS bandwidth control (CPU quotas)</h1><p>CFS bandwidth control is a feature that allows you to limit the amount of CPU time that a control gro...</p>https://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ Mon, 27 Mar 2023 11:42:03 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ How kubelet monitors filesystems <h1>How kubelet monitors filesystems</h1><p>Kubelet can monitor 2 file systems, nodefs and imagefs. nodefs is auto-discovered by the presence of <code>/var/lib/kubelet</code>....</p>https://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Wed, 22 Mar 2023 17:18:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Golang IP address conversion <h2>IP address conversion with golang</h2><h3>Finding an IP network's broadcast IP</h3><p>The following function calculates the broadcast IP for both IPv4 and IPv6 net...</p>https://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Controller Reconciliation <h2>Reconciliation with the Operator SDK</h2><p>In the Operator SDK, controllers implement the [Reconciler](https://github.com/kubernetes-sigs/controller-runtime/bl...</p>https://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ SCCs and mutating webhooks - a lesson learned <p><img alt="title" src="https://user-images.githubusercontent.com/3291433/220175185-f58bf274-e886-45ef-ab32-92b6cd3f1739.png"></p><h1>SCCs and mutating webhooks - or how to lear...</h1>https://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Mon, 20 Feb 2023 19:22:20 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Useful commands <h1>Useful commands</h1><h2>Tracking the evolution of conntrack with lnstat</h2><p>lnstat is a neat tool to check the evolution of entries (and other counters) in the co...</p>https://andreaskaris.github.io/blog/networking/useful-commands/ Tue, 17 Jan 2023 15:36:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/useful-commands/ BPF and tcpdump <h2>Introduction</h2><p>I sometimes used to find myself in situations where tcpdump's filters seemingly did not work the way that I expected them to. In those situa...</p>https://andreaskaris.github.io/blog/networking/bpf-and-tcpdump/ Fri, 18 Nov 2022 20:08:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/bpf-and-tcpdump/ \ No newline at end of file + Andreas Karis BlogAndreas Karis' blog about anything Kubernetes, OpenShift, Linux and Networkinghttps://andreaskaris.github.io/blog/en Fri, 19 Jul 2024 13:04:34 -0000 Fri, 19 Jul 2024 13:04:34 -0000 1440 MkDocs RSS plugin - v1.11.1 SELinux Cheat Sheet <h1>SELinux Cheat Sheet</h1><h3>Reading SELinux status</h3><p>| Command | Description | Examples ||---|---|---|| cat /etc/selinux/config | Get SELinux boot configu...</p>https://andreaskaris.github.io/blog/linux/selinux-cheatsheet/ Fri, 19 Jul 2024 15:04:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/selinux-cheatsheet/ Protect Lenovo laptop battery <p>In order to protect your Lenovo battery, you can set charge start and end thresholds.According to [anecdotal evidence](https://linrunner.de/tlp/faq/battery....</p>https://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Thu, 20 Jun 2024 14:59:35 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ Netlink and MAC addresses <h2>Netlink address fields IFLA_ADDRESS, IFLA_BROADCAST and IFLA_PERM_ADDRESS</h2><p>A few days ago, I had to figure out how applications such as iproute2 read the ...</p>https://andreaskaris.github.io/blog/networking/netlink-address-fields/ Mon, 13 May 2024 11:22:39 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/netlink-address-fields/ CPU isolation in Red Hat OpenShift Container Platform <h2>CPU isolation in Red Hat OpenShift Container Platform</h2><p>Two complementary features allow admins to partition the node's CPUs according to their needs. The ...</p>https://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ Mon, 06 May 2024 22:24:07 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ udev rules to apply ethtool settings <h1>udev rules to apply ethtool settings</h1><p>In order to apply specific ethtool settings to all interfaces matching a specific regular expression, run:```cat &lt;&lt;...</p>https://andreaskaris.github.io/blog/linux/udev-ethtool/ Mon, 29 Apr 2024 19:44:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/udev-ethtool/ OpenShift with iSCSI multipath <h2>Kubernets iSCSI volume driver</h2><p>The iSCSI volume driver can work as both a single path iSCSI initiator or with multipath.For some information about the dr...</p>https://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ Fri, 12 Jan 2024 18:05:09 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ kernel-ml on OpenShift <h1>kernel-ml on OpenShift</h1><p>In order to find out if a kernel bug was already fixed upstream, it may sometimes be necessary to test the upstreamkernel on top o...</p>https://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Thu, 23 Nov 2023 18:46:14 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ Setting journalctl limits <h2>Changing the size of data that journald retains</h2><p>The systemd journal by default retains 4GB of data. In order to increase or decrease that value, set `Sys...</p>https://andreaskaris.github.io/blog/linux/setting-journalctl-limits/ Thu, 09 Nov 2023 17:19:41 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/setting-journalctl-limits/ Seccomp defaults in Red Hat OpenShift Container Platform <h1>Seccomp defaults in Red Hat OpenShift Container Platform</h1><p>Seccomp can be used to restrict the syscalls that processes running inside a container are allowe...</p>https://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Wed, 11 Oct 2023 18:48:34 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ Hands-on with OVN Interconnection <h1>Hands-on with OVN Interconnection (OVN IC)</h1><p><a href="https://docs.ovn.org/en/latest/tutorials/ovn-interconnection.html">OVN Interconnection</a> (OVN IC) allows admini...</p>https://andreaskaris.github.io/blog/networking/ovn-interconnection/ Mon, 11 Sep 2023 19:16:51 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/ovn-interconnection/ rpm-ostreed failed to find image <h2>rpm-ostreed failed to find image</h2><p>Today, I ran into a strange issue after messing around a bit too much with OpenShift's Machine Config Operator.After de...</p>https://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ Tue, 15 Aug 2023 20:03:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ My vimrc <h1>My vimrc</h1><p>Below my configuration for vim which I use for go and python development:~~~cat &lt;&lt;'EOF' &gt; ~/.vimrccall plug#begin() Plug 'vim-airline/vim-ai...</p>https://andreaskaris.github.io/blog/coding/vimrc/ Tue, 25 Jul 2023 13:34:48 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/vimrc/ Workaround for org.gnome.shell.overrides not installed <h1>Settings schema 'org.gnome.shell.overrides' is not installed</h1><p>I recently upgraded to Fedora 38 and Gnome 44, and one of my installed applications give this...</p>https://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ Wed, 03 May 2023 19:38:38 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ DedicatedServiceMonitors in OpenShift Monitoring <h2>DedicatedServiceMonitors in Red Hat OpenShift Monitoring</h2><h3>Introduction</h3><p>By default, OpenShift's Prometheus stack will pull pod CPU and memory usage fr...</p>https://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Wed, 03 May 2023 16:41:21 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ Using cgroups for CFS bandwidth control <h1>Using cgroups for CFS bandwidth control (CPU quotas)</h1><p>CFS bandwidth control is a feature that allows you to limit the amount of CPU time that a control gro...</p>https://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ Mon, 27 Mar 2023 11:42:03 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ How kubelet monitors filesystems <h1>How kubelet monitors filesystems</h1><p>Kubelet can monitor 2 file systems, nodefs and imagefs. nodefs is auto-discovered by the presence of <code>/var/lib/kubelet</code>....</p>https://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Wed, 22 Mar 2023 17:18:49 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ Golang IP address conversion <h2>IP address conversion with golang</h2><h3>Finding an IP network's broadcast IP</h3><p>The following function calculates the broadcast IP for both IPv4 and IPv6 net...</p>https://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/golang-ip-conversion/ Controller Reconciliation <h2>Reconciliation with the Operator SDK</h2><p>In the Operator SDK, controllers implement the [Reconciler](https://github.com/kubernetes-sigs/controller-runtime/bl...</p>https://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ Fri, 24 Feb 2023 12:45:32 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ SCCs and mutating webhooks - a lesson learned <p><img alt="title" src="https://user-images.githubusercontent.com/3291433/220175185-f58bf274-e886-45ef-ab32-92b6cd3f1739.png"></p><h1>SCCs and mutating webhooks - or how to lear...</h1>https://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Mon, 20 Feb 2023 19:22:20 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ Useful commands <h1>Useful commands</h1><h2>Tracking the evolution of conntrack with lnstat</h2><p>lnstat is a neat tool to check the evolution of entries (and other counters) in the co...</p>https://andreaskaris.github.io/blog/networking/useful-commands/ Tue, 17 Jan 2023 15:36:04 +0000Andreas Karis Bloghttps://andreaskaris.github.io/blog/networking/useful-commands/ \ No newline at end of file diff --git a/index.html b/index.html index 444d31d..0d51850 100644 --- a/index.html +++ b/index.html @@ -461,6 +461,8 @@ + + @@ -822,6 +824,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + @@ -2716,6 +2739,35 @@

    Latest posts

    +
    +

    + SELinux Cheat Sheet +

    + +

    + +

    +
    + Published at: 7/19/24, 3:04 PM +
    +
    +
    + + + + + + + + + + + + + + + +

    Protect Lenovo laptop battery @@ -2964,6 +3016,12 @@

    +

    + + +
    + + @@ -2993,12 +3051,6 @@

    -

    - - -
    - - @@ -3260,6 +3312,12 @@

    +

    + + +
    + + @@ -3289,12 +3347,6 @@

    -

    - - -
    - - @@ -3556,6 +3608,12 @@

    +

    + + +
    + + @@ -3585,12 +3643,6 @@

    -

    - - -
    - - @@ -3852,6 +3904,12 @@

    +

    + + +
    + + @@ -3881,12 +3939,6 @@

    -

    - - -
    - - @@ -4148,6 +4200,12 @@

    +

    + + +
    + + @@ -4177,12 +4235,6 @@

    -

    - - -
    - - @@ -4444,6 +4496,12 @@

    +

    + + +
    + + @@ -4473,12 +4531,6 @@

    -

    - - -
    - - @@ -4740,6 +4792,12 @@

    +

    + + +
    + + @@ -4769,12 +4827,6 @@

    -

    - - -
    - - @@ -5085,7 +5137,7 @@

    -
    Total 79 posts.
    +
    Total 80 posts.

    diff --git a/linux/cgroups/index.html b/linux/cgroups/index.html index dad2d2d..1a2a3cf 100644 --- a/linux/cgroups/index.html +++ b/linux/cgroups/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/cgroups_cpu_quota/index.html b/linux/cgroups_cpu_quota/index.html index 29dbc11..ca71055 100644 --- a/linux/cgroups_cpu_quota/index.html +++ b/linux/cgroups_cpu_quota/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/containers/index.html b/linux/containers/index.html index add189d..7b5686f 100644 --- a/linux/containers/index.html +++ b/linux/containers/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/get-process-cgroup-info-and-limits/index.html b/linux/get-process-cgroup-info-and-limits/index.html index 622dc95..0eb1a58 100644 --- a/linux/get-process-cgroup-info-and-limits/index.html +++ b/linux/get-process-cgroup-info-and-limits/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/hugepages/index.html b/linux/hugepages/index.html index ca6fd58..91150b8 100644 --- a/linux/hugepages/index.html +++ b/linux/hugepages/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/index.html b/linux/index.html index 0f1001c..f1ed060 100644 --- a/linux/index.html +++ b/linux/index.html @@ -457,6 +457,8 @@ + + @@ -818,6 +820,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + @@ -2700,6 +2723,35 @@

    Linux

    +
    +

    + SELinux Cheat Sheet +

    + +

    + +

    +
    + Published at: 7/19/24, 3:04 PM +
    +
    +
    + + + + + + + + + + + + + + + +

    Protect Lenovo laptop battery @@ -2948,6 +3000,12 @@

    +

    + + +
    + + @@ -2977,12 +3035,6 @@

    -

    - - -
    - - @@ -3147,7 +3199,7 @@

    -
    Total 15 posts.
    +
    Total 16 posts.

    diff --git a/linux/ipxe-boot-environment/index.html b/linux/ipxe-boot-environment/index.html index e7f5ea4..a303e4d 100644 --- a/linux/ipxe-boot-environment/index.html +++ b/linux/ipxe-boot-environment/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/java-idrac-issues/index.html b/linux/java-idrac-issues/index.html index a90bb6e..f49ceb2 100644 --- a/linux/java-idrac-issues/index.html +++ b/linux/java-idrac-issues/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/libvirt-uefi-without-secureboot/index.html b/linux/libvirt-uefi-without-secureboot/index.html index bf886f9..75dc2a8 100644 --- a/linux/libvirt-uefi-without-secureboot/index.html +++ b/linux/libvirt-uefi-without-secureboot/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/meson/index.html b/linux/meson/index.html index 5d8c712..96098ef 100644 --- a/linux/meson/index.html +++ b/linux/meson/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/namespaces/index.html b/linux/namespaces/index.html index 0d3ddb3..6c149f4 100644 --- a/linux/namespaces/index.html +++ b/linux/namespaces/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/old_java_version_with_xorgs_in_container/index.html b/linux/old_java_version_with_xorgs_in_container/index.html index f93d694..00449a4 100644 --- a/linux/old_java_version_with_xorgs_in_container/index.html +++ b/linux/old_java_version_with_xorgs_in_container/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/org-gnome-shell-overrides/index.html b/linux/org-gnome-shell-overrides/index.html index aa3974b..cd0f1b4 100644 --- a/linux/org-gnome-shell-overrides/index.html +++ b/linux/org-gnome-shell-overrides/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/protect-lenovo-battery/index.html b/linux/protect-lenovo-battery/index.html index 4e77989..5dac94b 100644 --- a/linux/protect-lenovo-battery/index.html +++ b/linux/protect-lenovo-battery/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/selinux-cheatsheet/index.html b/linux/selinux-cheatsheet/index.html new file mode 100644 index 0000000..36ea4c7 --- /dev/null +++ b/linux/selinux-cheatsheet/index.html @@ -0,0 +1,3231 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + SELinux Cheat Sheet - Andreas Karis Blog + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    + +
    +
    + +
    + + + + +
    + + +
    + +
    + + + + + + + + + +
    +
    + + + +
    +
    +
    + + + + + + + +
    +
    +
    + + + + + + + +
    +
    + + + + +

    SELinux Cheat Sheet

    +

    Reading SELinux status

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    cat /etc/selinux/configGet SELinux boot configuration# cat /etc/selinux/config

    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    # enforcing - SELinux security policy is enforced.
    # permissive - SELinux prints warnings instead of enforcing.
    # disabled - No SELinux policy is loaded.
    # See also:
    # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/using_selinux/changing-selinux-states-and-modes_using-selinux#changing-selinux-modes-at-boot-time_changing-selinux-states-and-modes
    #
    # NOTE: Up to RHEL 8 release included, SELINUX=disabled would also
    # fully disable SELinux during boot. If you need a system with SELinux
    # fully disabled instead of SELinux running with no policy loaded, you
    # need to pass selinux=0 to the kernel command line. You can use grubby
    # to persistently set the bootloader to boot with selinux=0:
    #
    # grubby --update-kernel ALL --args selinux=0
    #
    # To revert back to SELinux enabled:
    #
    # grubby --update-kernel ALL --remove-args selinux
    #
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these three values:
    # targeted - Targeted processes are protected,
    # minimum - Modification of targeted policy. Only selected processes are protected.
    # mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    cat /proc/cmdlineCheck if SELinux is disabled on boot# cat /proc/cmdline
    BOOT_IMAGE=(hd0,gpt3)/vmlinuz-5.14.0-427.26.1.el9_4.x86_64 root=UUID=aec1c1e8-3576-4eb2-ab62-f62984e655a2 console=tty0 console=ttyS0,115200n8 no_timer_check net.ifnames=0 crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M selinux=0
    getenforceGet current enforcement status# getenforce
    Enforcing
    sestatusGet current SELinux status# sestatus
    SELinux status: enabled
    SELinuxfs mount: /sys/fs/selinux
    SELinux root directory: /etc/selinux
    Loaded policy name: targeted
    Current mode: enforcing
    Mode from config file: enforcing
    Policy MLS status: enabled
    Policy deny_unknown status: allowed
    Memory protection checking: actual (secure)
    Max kernel policy version: 33
    +

    Enabling / disabling SELinux

    + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    setenforceSet current enforcement status# setenforce Enforcing
    grubby --update-kernel ALL --args selinux=0Disable SELinux permanently starting with next boot
    grubby --update-kernel ALL --remove-args selinuxEnable SELinux permanently starting with next boot (if if was disabled)
    +

    Finding SELinux violations

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    journalctl -t setroubleshootGet journal logs for SELinux issuesJul 19 07:09:41 rhel9-training setroubleshoot[47738]: SELinux is preventing /usr/lib/systemd/systemd from execute access on the file cause-violation. For co>
    Jul 19 07:09:41 rhel9-training setroubleshoot[47738]: SELinux is preventing /usr/lib/systemd/systemd from execute access on the file cause-violation.

    * Plugin catchall (100. confidence) suggests ******

    If you believe that systemd should be allowed execute access on the cause-violation file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do
    allow this access for now by executing:
    # ausearch -c '(iolation)' --raw
    grep denied /var/log/audit/audit.logPrint raw SELinux denials# grep denied /var/log/audit/audit.log<br >type=AVC msg=audit(1703120795.400:102): avc: denied { execute } for pid=1586 comm="(iolation)" name="cause-violation" dev="vda4" ino=58946753 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0
    ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recentFind recent denials# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts recent
    ----
    time->Fri Jul 19 07:29:17 2024
    type=PROCTITLE msg=audit(1721388557.563:621): proctitle="(iolation)"
    type=SYSCALL msg=audit(1721388557.563:621): arch=c000003e syscall=21 success=no exit=-13 a0=7fff382a8ae0 a1=1 a2=0 a3=3 items=0 ppid=1 pid=47806 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(iolation)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
    type=AVC msg=audit(1721388557.563:621): avc: denied { execute } for pid=47806 comm="(iolation)" name="cause-violation" dev="vda4" ino=58946753 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0
    ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts todayFind denials for today# ausearch -m AVC,USER_AVC,SELINUX_ERR,USER_SELINUX_ERR -ts today
    ----
    time->Fri Jul 19 07:29:17 2024
    type=PROCTITLE msg=audit(1721388557.563:621): proctitle="(iolation)"
    type=SYSCALL msg=audit(1721388557.563:621): arch=c000003e syscall=21 success=no exit=-13 a0=7fff382a8ae0 a1=1 a2=0 a3=3 items=0 ppid=1 pid=47806 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="(iolation)" exe="/usr/lib/systemd/systemd" subj=system_u:system_r:init_t:s0 key=(null)
    type=AVC msg=audit(1721388557.563:621): avc: denied { execute } for pid=47806 comm="(iolation)" name="cause-violation" dev="vda4" ino=58946753 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=file permissive=0
    sealert -l "*"sealert -a /var/log/audit/audit.logsetroubleshoot client tool
    +

    Listing SELinux labels

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    seinfo -bList all available SELinux booleans
    seinfo -rList all available SELinux rules
    seinfo -tList all available SELinux types
    seinfo -uList all available SELinux users
    +

    Process operations

    + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    ps aux -ZList all processes and the SELinux label that they run with
    ps -fZ --pid $(pgrep -f )Show the current label of a process# ps -fZ --pid $(pgrep -f open-messages)
    LABEL UID PID PPID C STIME TTY TIME CMD
    system_u:system_r:unconfined_service_t:s0 root 2236 1 0 08:43 ? 00:00:00 python /opt/tutorial/bin/open-messages
    +

    File operations

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    ls -al -ZList all files in this directory and their SELinux label
    chron -R -t tmp_t /testChange SELinux type temporarily for the directory, recursively
    restorecon -v -R /testReset labels to default recursively in this directory
    touch /.autorelabelForce an auto relabel on system boot
    semanage fcontext -lList default label configuration for the entire system
    semanage fcontext -C -lList all local customizations to label configuration# semanage fcontext -C -l
    SELinux fcontext type Context

    /opt/tutorial/bin/cause-violation all files system_u:object_r:httpd_sys_content_t:s0
    semanage fcontext -a -t etc_t '/test(/.*)?'Configure default label for a directory
    semanage fcontext -d '/test(/.*)?'Delete default label configuration for a directory
    +

    SELinux booleans

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    getsebool -aList all SELinux booleans (effective state)
    getsebool httpd_use_nfsList a specific SELinux boolean (effective state)
    semanage boolean -lList all SELinux booleans (effective and permanent)
    cat /sys/fs/selinux/booleans/httpd_use_nfsQuery effective and permanent state of single variable from /sys# cat /sys/fs/selinux/booleans/httpd_use_nfs
    1 1
    setsebool httpd_use_nfs onSet SELinux boolean temporarily
    semanage boolean -m --on httpd_use_nfsSet SELinux boolean permanently (effective on next reboot)
    +

    SELinux ports

    + + + + + + + + + + + + + + + +
    CommandDescriptionExamples
    semanage port -lList all port mappings (type label to allowed port)# semanage port -l
    +

    Creating custom SELinux types and policies

    +

    Creating a custom SELinux type

    +

    Create a policy for a binary:

    +
    1
+2
+3
+4
+5
+6
+7
+8
    # sepolicy generate --init /opt/tutorial/bin/open-messages
+nm: /opt/tutorial/bin/open-messages: file format not recognized
+Created the following files:
+/root/open_messages.te # Type Enforcement file
+/root/open_messages.if # Interface file
+/root/open_messages.fc # File Contexts file
+/root/open_messages_selinux.spec # Spec file
+/root/open_messages.sh # Setup Script
+
    +

    By default, the new policy will be permissive, meaning that issues will be logged but not enforced:

    +
     1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
    # cat /root/open_messages.te
+policy_module(open_messages, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type open_messages_t;
+type open_messages_exec_t;
+init_daemon_domain(open_messages_t, open_messages_exec_t)
+
+permissive open_messages_t;
+
+########################################
+#
+# open_messages local policy
+#
+allow open_messages_t self:fifo_file rw_fifo_file_perms;
+allow open_messages_t self:unix_stream_socket create_stream_socket_perms;
+
+domain_use_interactive_fds(open_messages_t)
+
+files_read_etc_files(open_messages_t)
+
+miscfiles_read_localization(open_messages_t)
+
    +

    Remove the permissive line from open_messages.te to enforce rules:

    +
    1
    # sed -i 's/^permissive open_messages_t;$/#permissive open_messages_t;/' open_messages.te
+
    +

    Rebuild the synstem policy with the new configuration (make sure to check the output as this may fail with missing dependencies): +

     1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
+16
+17
+18
+19
+20
+21
+22
+23
+24
+25
+26
+27
+28
+29
+30
+31
+32
+33
+34
+35
+36
+37
+38
+39
+40
+41
+42
+43
+44
+45
+46
+47
+48
+49
+50
+51
+52
+53
    # ./open_messages.sh
+Building and Loading Policy
++ make -f /usr/share/selinux/devel/Makefile open_messages.pp
+make: 'open_messages.pp' is up to date.
++ /usr/sbin/semodule -i open_messages.pp
++ sepolicy manpage -p . -d open_messages_t
+./open_messages_selinux.8
++ /sbin/restorecon -F -R -v /opt/tutorial/bin/open-messages
+++ pwd
++ pwd=/root
++ rpmbuild --define '_sourcedir /root' --define '_specdir /root' --define '_builddir /root' --define '_srcrpmdir /root' --define '_rpmdir /root' --define '_buildrootdir /root/.build' -ba open_messages_selinux.spec
+setting SOURCE_DATE_EPOCH=1721347200
+Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.a13gQC
++ umask 022
++ cd /root
++ '[' /root/.build/open_messages_selinux-1.0-1.el9.x86_64 '!=' / ']'
++ rm -rf /root/.build/open_messages_selinux-1.0-1.el9.x86_64
+++ dirname /root/.build/open_messages_selinux-1.0-1.el9.x86_64
++ mkdir -p /root/.build
++ mkdir /root/.build/open_messages_selinux-1.0-1.el9.x86_64
++ install -d /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/selinux/packages
++ install -m 644 /root/open_messages.pp /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/selinux/packages
++ install -d /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/selinux/devel/include/contrib
++ install -m 644 /root/open_messages.if /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/selinux/devel/include/contrib/
++ install -d /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/man/man8/
++ install -m 644 /root/open_messages_selinux.8 /root/.build/open_messages_selinux-1.0-1.el9.x86_64/usr/share/man/man8/open_messages_selinux.8
++ install -d /root/.build/open_messages_selinux-1.0-1.el9.x86_64/etc/selinux/targeted/contexts/users/
++ /usr/lib/rpm/check-buildroot
++ /usr/lib/rpm/redhat/brp-ldconfig
++ /usr/lib/rpm/brp-compress
++ /usr/lib/rpm/brp-strip /usr/bin/strip
++ /usr/lib/rpm/brp-strip-comment-note /usr/bin/strip /usr/bin/objdump
++ /usr/lib/rpm/redhat/brp-strip-lto /usr/bin/strip
++ /usr/lib/rpm/brp-strip-static-archive /usr/bin/strip
++ /usr/lib/rpm/redhat/brp-python-bytecompile '' 1 0
++ /usr/lib/rpm/brp-python-hardlink
++ /usr/lib/rpm/redhat/brp-mangle-shebangs
+Processing files: open_messages_selinux-1.0-1.el9.noarch
+Provides: open_messages_selinux = 1.0-1.el9
+Requires(interp): /bin/sh /bin/sh
+Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
+Requires(post): /bin/sh policycoreutils-python-utils selinux-policy-base >= 38.1.35-2
+Requires(postun): /bin/sh policycoreutils-python-utils
+Checking for unpackaged file(s): /usr/lib/rpm/check-files /root/.build/open_messages_selinux-1.0-1.el9.x86_64
+Wrote: /root/open_messages_selinux-1.0-1.el9.src.rpm
+Wrote: /root/noarch/open_messages_selinux-1.0-1.el9.noarch.rpm
+Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.K63ODh
++ umask 022
++ cd /root
++ /usr/bin/rm -rf /root/.build/open_messages_selinux-1.0-1.el9.x86_64
++ RPM_EC=0
+++ jobs -p
++ exit 0
+

    +

    Verify that the binary now is labeled with the new custom type:

    +
    1
+2
    # ls -Z /opt/tutorial/bin/open-messages
+system_u:object_r:open_messages_exec_t:s0 /opt/tutorial/bin/open-messages
+
    +

    Creating policies for the custom type

    +

    Rerun the service, but with permissive rules:

    +
    1
+2
    # sed -i 's/^#permissive open_messages_t;$/permissive open_messages_t;/' open_messages.te
+# ./open_messages.sh
+
    +

    Restart the service and make sure that it's running: +

    1
+2
    # systemctl restart open-messages
+# systemctl status open-messages
+

    +

    Generate the list of rules needed to make the service run: +

     1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
+11
+12
+13
+14
+15
    # ausearch -m AVC -ts recent | audit2allow -R
+
+require {
+    type open_messages_t;
+}
+
+#============= open_messages_t ==============
+auth_read_passwd_file(open_messages_t)
+corecmd_exec_bin(open_messages_t)
+corecmd_mmap_bin_files(open_messages_t)
+files_manage_generic_tmp_files(open_messages_t)
+insights_client_filetrans_tmp(open_messages_t)
+logging_read_generic_logs(open_messages_t)
+sssd_read_public_files(open_messages_t)
+sssd_search_lib(open_messages_t)
+

    +

    Copy the list of rules from the output and append them to open_messages.te:

    +
     1
+ 2
+ 3
+ 4
+ 5
+ 6
+ 7
+ 8
+ 9
+10
    cat <<'EOF' >> open_messages.te
+auth_read_passwd_file(open_messages_t)
+corecmd_exec_bin(open_messages_t)
+corecmd_mmap_bin_files(open_messages_t)
+files_manage_generic_tmp_files(open_messages_t)
+insights_client_filetrans_tmp(open_messages_t)
+logging_read_generic_logs(open_messages_t)
+sssd_read_public_files(open_messages_t)
+sssd_search_lib(open_messages_t)
+EOF
+
    +

    And enforce SELinux again for the policy and rebuild the policies:

    +
    1
+2
    # sed -i 's/^permissive open_messages_t;$/#permissive open_messages_t;/' open_messages.te
+# ./open_messages.sh
+
    +

    Empty /var/log/audit/audit.log:

    +
    1
    # > /var/log/audit/audit.log
+
    +

    Start the open-messages service and make sure that it's running correctly:

    +
    1
+2
    # systemctl restart open-messages
+# systemctl status open-messages
+
    +

    Inspect the service, you will see that it runs with the new label:

    +
    1
+2
+3
    # ps -fZ --pid $(pgrep -f open-messages)
+LABEL                           UID          PID    PPID  C STIME TTY          TIME CMD
+system_u:system_r:open_messages_t:s0 root   4185       1  0 08:59 ?        00:00:00 python /opt/tutorial/bin/open-messages
+
    +

    Check that there are no SELinux denied messages for open-messages:

    +
    1
    # grep denied /var/log/audit/audit.log | grep open_messages_t
+
    + + + + + + + + + + + + + + + + + + + + +
    +
    + + + +
    + + + +
    + + + +
    +
    +
    +
    + + + + + + + + + + \ No newline at end of file diff --git a/linux/setting-journalctl-limits/index.html b/linux/setting-journalctl-limits/index.html index 7e98ac9..7264f9d 100644 --- a/linux/setting-journalctl-limits/index.html +++ b/linux/setting-journalctl-limits/index.html @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/linux/udev-ethtool/index.html b/linux/udev-ethtool/index.html index cd07b71..db0196d 100644 --- a/linux/udev-ethtool/index.html +++ b/linux/udev-ethtool/index.html @@ -16,7 +16,7 @@ - + @@ -457,6 +457,8 @@ + + @@ -826,6 +828,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/accept-source-routing/index.html b/networking/accept-source-routing/index.html index be97b49..f96a448 100644 --- a/networking/accept-source-routing/index.html +++ b/networking/accept-source-routing/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/arp_and_the_neighbor_table/index.html b/networking/arp_and_the_neighbor_table/index.html index cdd169e..a22d082 100644 --- a/networking/arp_and_the_neighbor_table/index.html +++ b/networking/arp_and_the_neighbor_table/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/bonding_in_linux/index.html b/networking/bonding_in_linux/index.html index d9edb11..c7faf47 100644 --- a/networking/bonding_in_linux/index.html +++ b/networking/bonding_in_linux/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/bpf-and-tcpdump/index.html b/networking/bpf-and-tcpdump/index.html index c0d838a..eafc635 100644 --- a/networking/bpf-and-tcpdump/index.html +++ b/networking/bpf-and-tcpdump/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/geneve_tunneling/index.html b/networking/geneve_tunneling/index.html index 635e842..f7b62cb 100644 --- a/networking/geneve_tunneling/index.html +++ b/networking/geneve_tunneling/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/haproxy-and-h2c/index.html b/networking/haproxy-and-h2c/index.html index 91094d4..60baf89 100644 --- a/networking/haproxy-and-h2c/index.html +++ b/networking/haproxy-and-h2c/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/index.html b/networking/index.html index a4b15ac..7e644b7 100644 --- a/networking/index.html +++ b/networking/index.html @@ -13,7 +13,7 @@ - + @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/install-openvswitch-on-rocky/index.html b/networking/install-openvswitch-on-rocky/index.html index 905c4b7..3c68fb3 100644 --- a/networking/install-openvswitch-on-rocky/index.html +++ b/networking/install-openvswitch-on-rocky/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/juniper_x520/index.html b/networking/juniper_x520/index.html index c1e6e17..e8a5946 100644 --- a/networking/juniper_x520/index.html +++ b/networking/juniper_x520/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/netlink-address-fields/index.html b/networking/netlink-address-fields/index.html index ccd6a35..4d54d5a 100644 --- a/networking/netlink-address-fields/index.html +++ b/networking/netlink-address-fields/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/netlink/index.html b/networking/netlink/index.html index 896c164..2b5708c 100644 --- a/networking/netlink/index.html +++ b/networking/netlink/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/ovn-interconnection/index.html b/networking/ovn-interconnection/index.html index 79a6324..636f6c5 100644 --- a/networking/ovn-interconnection/index.html +++ b/networking/ovn-interconnection/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/ovn_standalone_on_fedora/index.html b/networking/ovn_standalone_on_fedora/index.html index ad3bf5f..ac7bb01 100644 --- a/networking/ovn_standalone_on_fedora/index.html +++ b/networking/ovn_standalone_on_fedora/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/ovs-vxlan-tunnels-and-dscp/index.html b/networking/ovs-vxlan-tunnels-and-dscp/index.html index 674e4ba..dca44ea 100644 --- a/networking/ovs-vxlan-tunnels-and-dscp/index.html +++ b/networking/ovs-vxlan-tunnels-and-dscp/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/ovs_recirculation/index.html b/networking/ovs_recirculation/index.html index ad49572..8ac45e2 100644 --- a/networking/ovs_recirculation/index.html +++ b/networking/ovs_recirculation/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/ovs_with_gdb/index.html b/networking/ovs_with_gdb/index.html index 436bbd7..47cb4b6 100644 --- a/networking/ovs_with_gdb/index.html +++ b/networking/ovs_with_gdb/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/packet-tracing-with-ovn/index.html b/networking/packet-tracing-with-ovn/index.html index 6709c26..1914235 100644 --- a/networking/packet-tracing-with-ovn/index.html +++ b/networking/packet-tracing-with-ovn/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/sctp/index.html b/networking/sctp/index.html index c9d2eb7..53ae8eb 100644 --- a/networking/sctp/index.html +++ b/networking/sctp/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/useful-commands/index.html b/networking/useful-commands/index.html index 1422cd9..c731ed5 100644 --- a/networking/useful-commands/index.html +++ b/networking/useful-commands/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/networking/wireguard/index.html b/networking/wireguard/index.html index 5804fb2..3d3aea8 100644 --- a/networking/wireguard/index.html +++ b/networking/wireguard/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/HPA/index.html b/openshift/HPA/index.html index 4de6ff3..213dd68 100644 --- a/openshift/HPA/index.html +++ b/openshift/HPA/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/alertmanager/index.html b/openshift/alertmanager/index.html index e7068be..713a971 100644 --- a/openshift/alertmanager/index.html +++ b/openshift/alertmanager/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/analyzing-cni/index.html b/openshift/analyzing-cni/index.html index 682645a..bea3705 100644 --- a/openshift/analyzing-cni/index.html +++ b/openshift/analyzing-cni/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/cpu-isolation-in-openshift/index.html b/openshift/cpu-isolation-in-openshift/index.html index 9694712..74ae0b9 100644 --- a/openshift/cpu-isolation-in-openshift/index.html +++ b/openshift/cpu-isolation-in-openshift/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/cpu-manager-with-custom-machine-config-pool/index.html b/openshift/cpu-manager-with-custom-machine-config-pool/index.html index fcf6e25..3352168 100644 --- a/openshift/cpu-manager-with-custom-machine-config-pool/index.html +++ b/openshift/cpu-manager-with-custom-machine-config-pool/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/crio-conmon-runc/index.html b/openshift/crio-conmon-runc/index.html index fcce57b..55f13fe 100644 --- a/openshift/crio-conmon-runc/index.html +++ b/openshift/crio-conmon-runc/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/dedicated-service-monitors/index.html b/openshift/dedicated-service-monitors/index.html index 8c8305f..3222473 100644 --- a/openshift/dedicated-service-monitors/index.html +++ b/openshift/dedicated-service-monitors/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/etcd_perf/index.html b/openshift/etcd_perf/index.html index 224de7e..88cae6c 100644 --- a/openshift/etcd_perf/index.html +++ b/openshift/etcd_perf/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/fix-selinux-labels-coreos/index.html b/openshift/fix-selinux-labels-coreos/index.html index d3c36b2..d63ccfe 100644 --- a/openshift/fix-selinux-labels-coreos/index.html +++ b/openshift/fix-selinux-labels-coreos/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/get-vs-list-api-calls/index.html b/openshift/get-vs-list-api-calls/index.html index 329cbd3..4e7b275 100644 --- a/openshift/get-vs-list-api-calls/index.html +++ b/openshift/get-vs-list-api-calls/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/how_rhcos_updates_work/index.html b/openshift/how_rhcos_updates_work/index.html index c7c0cc3..b384bfc 100644 --- a/openshift/how_rhcos_updates_work/index.html +++ b/openshift/how_rhcos_updates_work/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/index.html b/openshift/index.html index 0fa3173..7038bfe 100644 --- a/openshift/index.html +++ b/openshift/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/ingress-controller-sharding-on-separate-vip/index.html b/openshift/ingress-controller-sharding-on-separate-vip/index.html index 112a754..ad007eb 100644 --- a/openshift/ingress-controller-sharding-on-separate-vip/index.html +++ b/openshift/ingress-controller-sharding-on-separate-vip/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/ingresscontroller_router_sharding_ocp_on_osp/index.html b/openshift/ingresscontroller_router_sharding_ocp_on_osp/index.html index 49cc0f2..936673a 100644 --- a/openshift/ingresscontroller_router_sharding_ocp_on_osp/index.html +++ b/openshift/ingresscontroller_router_sharding_ocp_on_osp/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/istio-1.6-on-ocp.4.x/index.html b/openshift/istio-1.6-on-ocp.4.x/index.html index 6461cf3..b543bd1 100644 --- a/openshift/istio-1.6-on-ocp.4.x/index.html +++ b/openshift/istio-1.6-on-ocp.4.x/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/kata/index.html b/openshift/kata/index.html index 6ec7431..c693499 100644 --- a/openshift/kata/index.html +++ b/openshift/kata/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/kernel-ml-on-openshift/index.html b/openshift/kernel-ml-on-openshift/index.html index 2ca8782..b362a79 100644 --- a/openshift/kernel-ml-on-openshift/index.html +++ b/openshift/kernel-ml-on-openshift/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/kind-with-private-registry/index.html b/openshift/kind-with-private-registry/index.html index 9b89a35..4aa7edd 100644 --- a/openshift/kind-with-private-registry/index.html +++ b/openshift/kind-with-private-registry/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/kubelet-filesystems/index.html b/openshift/kubelet-filesystems/index.html index e8a15fa..280917b 100644 --- a/openshift/kubelet-filesystems/index.html +++ b/openshift/kubelet-filesystems/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/kubernetes_cluster/index.html b/openshift/kubernetes_cluster/index.html index 83e4e64..d067ffb 100644 --- a/openshift/kubernetes_cluster/index.html +++ b/openshift/kubernetes_cluster/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/list_docker_registry_containers/index.html b/openshift/list_docker_registry_containers/index.html index 4339db2..97b9f62 100644 --- a/openshift/list_docker_registry_containers/index.html +++ b/openshift/list_docker_registry_containers/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/mounting-container-image/index.html b/openshift/mounting-container-image/index.html index 558007e..f9a93df 100644 --- a/openshift/mounting-container-image/index.html +++ b/openshift/mounting-container-image/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/ocp-custom-release-image/index.html b/openshift/ocp-custom-release-image/index.html index 93f7272..a8260ec 100644 --- a/openshift/ocp-custom-release-image/index.html +++ b/openshift/ocp-custom-release-image/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/ocp4-infra-nodes-with-machineset-without-worker-label/index.html b/openshift/ocp4-infra-nodes-with-machineset-without-worker-label/index.html index dd3b466..895a1ac 100644 --- a/openshift/ocp4-infra-nodes-with-machineset-without-worker-label/index.html +++ b/openshift/ocp4-infra-nodes-with-machineset-without-worker-label/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/openshift-scc-with-mutating-webhooks/index.html b/openshift/openshift-scc-with-mutating-webhooks/index.html index 7610ccc..9f0ebfe 100644 --- a/openshift/openshift-scc-with-mutating-webhooks/index.html +++ b/openshift/openshift-scc-with-mutating-webhooks/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/openshift-with-multipath/index.html b/openshift/openshift-with-multipath/index.html index 4f75ee1..de31e47 100644 --- a/openshift/openshift-with-multipath/index.html +++ b/openshift/openshift-with-multipath/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/openshift_httpbin_tshark_sidecar/index.html b/openshift/openshift_httpbin_tshark_sidecar/index.html index f3b4eb6..a30a309 100644 --- a/openshift/openshift_httpbin_tshark_sidecar/index.html +++ b/openshift/openshift_httpbin_tshark_sidecar/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/openshift_mirror_registry/index.html b/openshift/openshift_mirror_registry/index.html index 30be7d5..34c7a2c 100644 --- a/openshift/openshift_mirror_registry/index.html +++ b/openshift/openshift_mirror_registry/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/openshift_troubleshooting_etcd_state/index.html b/openshift/openshift_troubleshooting_etcd_state/index.html index 99ecc48..8cc2c51 100644 --- a/openshift/openshift_troubleshooting_etcd_state/index.html +++ b/openshift/openshift_troubleshooting_etcd_state/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/ovn-kind-hybrid-overlay/index.html b/openshift/ovn-kind-hybrid-overlay/index.html index 749da07..8f84275 100644 --- a/openshift/ovn-kind-hybrid-overlay/index.html +++ b/openshift/ovn-kind-hybrid-overlay/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/patch-service-loadbalancer-ingress-ip/index.html b/openshift/patch-service-loadbalancer-ingress-ip/index.html index 330f1f4..86f5729 100644 --- a/openshift/patch-service-loadbalancer-ingress-ip/index.html +++ b/openshift/patch-service-loadbalancer-ingress-ip/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/private-registry/index.html b/openshift/private-registry/index.html index 9f26b9c..4b8e3a2 100644 --- a/openshift/private-registry/index.html +++ b/openshift/private-registry/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/proxy-ocp-4.5/index.html b/openshift/proxy-ocp-4.5/index.html index bf5b23d..1f87549 100644 --- a/openshift/proxy-ocp-4.5/index.html +++ b/openshift/proxy-ocp-4.5/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/rpm-ostree-failed-to-find-image/index.html b/openshift/rpm-ostree-failed-to-find-image/index.html index e30e08b..6b678fc 100644 --- a/openshift/rpm-ostree-failed-to-find-image/index.html +++ b/openshift/rpm-ostree-failed-to-find-image/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/scc/index.html b/openshift/scc/index.html index 8064f4b..446202e 100644 --- a/openshift/scc/index.html +++ b/openshift/scc/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/seccomp-defaults-ocp/index.html b/openshift/seccomp-defaults-ocp/index.html index da25f12..a32cecf 100644 --- a/openshift/seccomp-defaults-ocp/index.html +++ b/openshift/seccomp-defaults-ocp/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/troubleshooting_openshift_on_openstack_worker_creation/index.html b/openshift/troubleshooting_openshift_on_openstack_worker_creation/index.html index c875c8b..e21381d 100644 --- a/openshift/troubleshooting_openshift_on_openstack_worker_creation/index.html +++ b/openshift/troubleshooting_openshift_on_openstack_worker_creation/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/useful-ocp-commands/index.html b/openshift/useful-ocp-commands/index.html index 431b4ff..783b012 100644 --- a/openshift/useful-ocp-commands/index.html +++ b/openshift/useful-ocp-commands/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openshift/useful-ocp-sdn-commands/index.html b/openshift/useful-ocp-sdn-commands/index.html index e58ea55..ec31b30 100644 --- a/openshift/useful-ocp-sdn-commands/index.html +++ b/openshift/useful-ocp-sdn-commands/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openstack/index.html b/openstack/index.html index f1bd78d..92982cb 100644 --- a/openstack/index.html +++ b/openstack/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openstack/install_openshift_on_openstack/index.html b/openstack/install_openshift_on_openstack/index.html index 8fda53e..3b9d144 100644 --- a/openstack/install_openshift_on_openstack/index.html +++ b/openstack/install_openshift_on_openstack/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openstack/reattach_to_running_deployment/index.html b/openstack/reattach_to_running_deployment/index.html index 8031b74..056a4ad 100644 --- a/openstack/reattach_to_running_deployment/index.html +++ b/openstack/reattach_to_running_deployment/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/openstack/using_clouds_yaml/index.html b/openstack/using_clouds_yaml/index.html index 2260772..2b83bed 100644 --- a/openstack/using_clouds_yaml/index.html +++ b/openstack/using_clouds_yaml/index.html @@ -455,6 +455,8 @@ + + @@ -816,6 +818,27 @@ + + + + + + +
  • + + + + + SELinux Cheat Sheet + + + + +
    • + + + + diff --git a/sitemap.xml b/sitemap.xml index 4f374ef..1c6d27d 100644 --- a/sitemap.xml +++ b/sitemap.xml @@ -2,432 +2,437 @@ https://andreaskaris.github.io/blog/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/ceph/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/ceph/ceph-manual-test/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/coding/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/coding/golang-ip-conversion/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/coding/operator-sdk-reconciliation/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/coding/vimrc/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/cgroups/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/cgroups_cpu_quota/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/containers/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/get-process-cgroup-info-and-limits/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/hugepages/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/ipxe-boot-environment/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/java-idrac-issues/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/libvirt-uefi-without-secureboot/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/meson/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/namespaces/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/old_java_version_with_xorgs_in_container/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/org-gnome-shell-overrides/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/protect-lenovo-battery/ - 2024-06-20 + 2024-07-19 + daily + + + https://andreaskaris.github.io/blog/linux/selinux-cheatsheet/ + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/setting-journalctl-limits/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/linux/udev-ethtool/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/accept-source-routing/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/arp_and_the_neighbor_table/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/bonding_in_linux/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/bpf-and-tcpdump/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/geneve_tunneling/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/haproxy-and-h2c/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/install-openvswitch-on-rocky/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/juniper_x520/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/netlink-address-fields/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/netlink/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ovn-interconnection/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ovn_standalone_on_fedora/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ovs-vxlan-tunnels-and-dscp/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ovs_recirculation/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/ovs_with_gdb/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/packet-tracing-with-ovn/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/sctp/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/useful-commands/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/networking/wireguard/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/HPA/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/alertmanager/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/analyzing-cni/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/cpu-isolation-in-openshift/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/cpu-manager-with-custom-machine-config-pool/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/crio-conmon-runc/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/dedicated-service-monitors/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/etcd_perf/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/fix-selinux-labels-coreos/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/get-vs-list-api-calls/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/how_rhcos_updates_work/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ingress-controller-sharding-on-separate-vip/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ingresscontroller_router_sharding_ocp_on_osp/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/istio-1.6-on-ocp.4.x/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/kata/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/kernel-ml-on-openshift/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/kind-with-private-registry/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/kubelet-filesystems/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/kubernetes_cluster/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/list_docker_registry_containers/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/mounting-container-image/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ocp-custom-release-image/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ocp4-infra-nodes-with-machineset-without-worker-label/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/openshift-scc-with-mutating-webhooks/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/openshift-with-multipath/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/openshift_httpbin_tshark_sidecar/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/openshift_mirror_registry/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/openshift_troubleshooting_etcd_state/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/ovn-kind-hybrid-overlay/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/patch-service-loadbalancer-ingress-ip/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/private-registry/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/proxy-ocp-4.5/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/rpm-ostree-failed-to-find-image/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/scc/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/seccomp-defaults-ocp/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/troubleshooting_openshift_on_openstack_worker_creation/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/useful-ocp-commands/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openshift/useful-ocp-sdn-commands/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openstack/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openstack/install_openshift_on_openstack/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openstack/reattach_to_running_deployment/ - 2024-06-20 + 2024-07-19 daily https://andreaskaris.github.io/blog/openstack/using_clouds_yaml/ - 2024-06-20 + 2024-07-19 daily \ No newline at end of file diff --git a/sitemap.xml.gz b/sitemap.xml.gz index c6094a5..2b0f940 100644 Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ