Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Logical Volume Manager question
Top Forums UNIX for Advanced & Expert Users Logical Volume Manager question Post 24556 by Perderabo on Sunday 14th of July 2002 09:43:03 PM
Old 07-14-2002
I do not understand how simply making a recovery tape could cause such a disaster. Did you try to run that tape? If you simply were running make_recovery and this happened I think that it was coincidence and you actually have some other problem.

But in any event, after a disaster like this, vgscan is the way I would proceed. First I would "cp /etc/lvmtab /etc/lvmtab.save". Then I would run "vgscan -pv" and see if it looks reasonable. As long as you use -p nothing will actually change. If it looks good (or at least better than the current state), I would run "pvscan -v". It may tell you to run other programs next like vgchange. Follow the instructions the vgscan gives you. Good luck.
 

7 More Discussions You Might Find Interesting

1. AIX

AIX Logical Volume Question

Hi All, There is AIX server which has 2 internal disks running the OS and 8 external disks on a RAID array with RAID 5. My question - is there a way to check which are the logical volumes and file system configured on this RAID array (2 Replies)
Discussion started by: rramanuj
2 Replies

2. AIX

Logical Volume Manager Help

I have a pretty basic question but I am finding my self stumped... I am trying to find the config that shows which logical volume is mapped to which physical volume IE: I know that pdisk15 is mapped to hdisk17 (I only know this as it was told to me though, by IBM) When I run: lslv -p... (5 Replies)
Discussion started by: pheusion
5 Replies

3. UNIX for Advanced & Expert Users

LVM - Extending Logical Volume within Volume Group

Hello, I have logical volume group of 50GB, in which I have 2 logical volumes, LogVol01 and LogVol02, both are of 10GB. If I extend LogVol01 further by 10GB, then it keeps the extended copy after logical volume 2. I want to know where it keeps this information Regards Himanshu (3 Replies)
Discussion started by: ghimanshu
3 Replies

4. AIX

Basic Filesystem / Physical Volume / Logical Volume Check

Hi! Can anyone help me on how I can do a basic check on the Unix filesystems / physical volumes and logical volumes? What items should I check, like where do I look at in smit? Or are there commands that I should execute? I need to do this as I was informed by IBM that there seems to be... (1 Reply)
Discussion started by: chipahoys
1 Replies

5. Solaris

CLI to get info for Logical Volume manager

What are the comman line instructions need to be used to know if a Logical Volume Manager is installed on solaris Box, What is its name, version, driver version, library version. (1 Reply)
Discussion started by: epriya2003
1 Replies

6. UNIX for Advanced & Expert Users

Veritas Volume Manager question (Disk layout with 4 plexes)

I am trying to build a veritas volume similar to an existing volume on another server. The output on source server is: usbtor12# vxprint -hrtg appdg v anvil_sqlVOL - ENABLED ACTIVE 629145600 SELECT - fsgen pl anvil_sqlVOL-01 anvil_sqlVOL ENABLED ACTIVE 629145600... (3 Replies)
Discussion started by: momin313
3 Replies

7. Red Hat

No space in volume group. How to create a file system using existing logical volume

Hello Guys, I want to create a file system dedicated for an application installation. But there is no space in volume group to create a new logical volume. There is enough space in other logical volume which is being mounted on /var. I know we can use that logical volume and create a virtual... (2 Replies)
Discussion started by: vamshigvk475
2 Replies

LEARN ABOUT CENTOS

lvm_selinux

lvm_selinux(8)							SELinux Policy lvm						    lvm_selinux(8)

NAME

       lvm_selinux - Security Enhanced Linux Policy for the lvm processes

DESCRIPTION

       Security-Enhanced Linux secures the lvm processes via flexible mandatory access control.

       The  lvm  processes execute with the lvm_t SELinux type. You can check if you have these processes running by executing the ps command with
       the -Z qualifier.

       For example:

       ps -eZ | grep lvm_t

ENTRYPOINTS

       The lvm_t SELinux type can be entered via the unlabeled_t, proc_type, file_type, mtrr_device_t,	filesystem_type,  lvm_exec_t,  sysctl_type
       file types.

       The default entrypoint paths for the lvm_t domain are the following:

       all  files on the system, /dev/cpu/mtrr, /lib/lvm-10/.*, /lib/lvm-200/.*, /usr/lib/lvm-10/.*, /usr/lib/lvm-200/.*, /usr/lib/systemd/system-
       generators/lvm2.*,  /sbin/lvm,  /sbin/lvs,  /sbin/pvs,  /sbin/vgs,  /sbin/vgck,	/sbin/dmraid,  /sbin/kpartx,  /sbin/lvmsar,  /sbin/lvscan,
       /sbin/pvdata,   /sbin/pvmove,  /sbin/pvscan,  /sbin/vgscan,  /sbin/dmsetup,  /sbin/e2fsadm,  /sbin/lvmetad,  /sbin/lvmsadc,  /sbin/vgmerge,
       /sbin/vgsplit, /usr/sbin/lvm, /usr/sbin/lvs, /usr/sbin/pvs, /usr/sbin/vgs, /sbin/lvchange, /sbin/lvcreate, /sbin/lvextend,  /sbin/lvreduce,
       /sbin/lvremove, /sbin/lvrename, /sbin/lvresize, /sbin/pvchange, /sbin/pvcreate, /sbin/pvremove, /sbin/vgchange, /sbin/vgcreate, /sbin/vgex-
       port, /sbin/vgextend, /sbin/vgimport, /sbin/vgreduce, /sbin/vgremove,  /sbin/vgrename,  /usr/sbin/vgck,	/sbin/lvdisplay,  /sbin/lvmchange,
       /sbin/pvdisplay, /sbin/vgdisplay, /sbin/vgmknodes, /sbin/vgwrapper, /sbin/cryptsetup, /sbin/lvm.static, /sbin/multipathd, /usr/sbin/dmraid,
       /usr/sbin/kpartx,   /usr/sbin/lvmsar,   /usr/sbin/lvscan,   /usr/sbin/pvdata,   /usr/sbin/pvmove,    /usr/sbin/pvscan,	 /usr/sbin/vgscan,
       /sbin/mount.crypt,   /sbin/lvmdiskscan,	/sbin/vgcfgbackup,  /usr/sbin/dmsetup,	/usr/sbin/e2fsadm,  /usr/sbin/lvmetad,	/usr/sbin/lvmsadc,
       /usr/sbin/vgmerge, /usr/sbin/vgsplit, /sbin/umount.crypt, /sbin/vgcfgrestore, /usr/sbin/dmeventd,  /usr/sbin/lvchange,  /usr/sbin/lvcreate,
       /usr/sbin/lvextend, /usr/sbin/lvreduce, /usr/sbin/lvremove, /usr/sbin/lvrename, /usr/sbin/lvresize, /usr/sbin/pvchange, /usr/sbin/pvcreate,
       /usr/sbin/pvremove, /usr/sbin/vgchange, /usr/sbin/vgcreate, /usr/sbin/vgexport, /usr/sbin/vgextend, /usr/sbin/vgimport, /usr/sbin/vgreduce,
       /usr/sbin/vgremove,     /usr/sbin/vgrename,    /sbin/lvmiopversion,    /sbin/vgscan.static,    /usr/sbin/lvdisplay,    /usr/sbin/lvmchange,
       /usr/sbin/pvdisplay,   /usr/sbin/vgdisplay,   /usr/sbin/vgmknodes,   /usr/sbin/vgwrapper,    /sbin/dmsetup.static,    /usr/sbin/cryptsetup,
       /usr/sbin/lvm.static,  /usr/sbin/multipathd,  /sbin/vgchange.static,  /usr/sbin/lvmdiskscan,  /usr/sbin/mount.crypt, /usr/sbin/vgcfgbackup,
       /sbin/multipath.static,	   /usr/sbin/vgcfgrestore,     /usr/sbin/lvmiopversion,     /usr/sbin/vgscan.static,	 /usr/sbin/dmsetup.static,
       /usr/sbin/vgchange.static,  /usr/sbin/multipath.static,	/lib/udev/udisks-lvm-pv-export,  /usr/lib/udev/udisks-lvm-pv-export, /usr/lib/sys-
       temd/systemd-cryptsetup

PROCESS TYPES

       SELinux defines process types (domains) for each process running on the system

       You can see the context of a process using the -Z option to ps

       Policy governs the access confined processes have to files.  SELinux lvm policy is very flexible allowing users to  setup  their  lvm  pro-
       cesses in as secure a method as possible.

       The following process types are defined for lvm:

       lvm_t

       Note:  semanage	permissive  -a	lvm_t  can  be	used to make the process type lvm_t permissive. SELinux does not deny access to permissive
       process types, but the AVC (SELinux denials) messages are still generated.

BOOLEANS

       SELinux policy is customizable based on least access required.  lvm policy is extremely flexible and has several booleans that allow you to
       manipulate the policy and run lvm with the tightest access possible.

       If  you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server, you must turn on the authlo-
       gin_nsswitch_use_ldap boolean. Disabled by default.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow all daemons the ability to read/write terminals, you must turn on the daemons_use_tty boolean. Disabled by default.

       setsebool -P daemons_use_tty 1

       If you want to deny user domains applications to map a memory region as both executable and writable, this is dangerous and the	executable
       should be reported in bugzilla, you must turn on the deny_execmem boolean. Enabled by default.

       setsebool -P deny_execmem 1

       If  you	want  to  deny	any  process  from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by
       default.

       setsebool -P deny_ptrace 1

       If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default.

       setsebool -P domain_fd_use 1

       If you want to allow all domains to have the kernel load modules, you must turn on  the	domain_kernel_load_modules  boolean.  Disabled	by
       default.

       setsebool -P domain_kernel_load_modules 1

       If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default.

       setsebool -P fips_mode 1

       If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default.

       setsebool -P global_ssp 1

       If you want to allow confined applications to run with kerberos, you must turn on the kerberos_enabled boolean. Enabled by default.

       setsebool -P kerberos_enabled 1

       If  you want to control the ability to mmap a low area of the address space, as configured by /proc/sys/kernel/mmap_min_addr, you must turn
       on the mmap_low_allowed boolean. Disabled by default.

       setsebool -P mmap_low_allowed 1

       If you want to allow system to run with NIS, you must turn on the nis_enabled boolean. Disabled by default.

       setsebool -P nis_enabled 1

       If you want to allow confined applications to use nscd shared memory, you must turn on the nscd_use_shm boolean. Enabled by default.

       setsebool -P nscd_use_shm 1

       If you want to disable kernel module loading, you must turn on the secure_mode_insmod boolean. Enabled by default.

       setsebool -P secure_mode_insmod 1

       If you want to boolean to determine whether the system permits loading policy, setting enforcing mode, and changing  boolean  values.   Set
       this to true and you have to reboot to set it back, you must turn on the secure_mode_policyload boolean. Enabled by default.

       setsebool -P secure_mode_policyload 1

       If  you	want  to allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a
       badly coded executable, but could indicate an attack. This executable should  be  reported  in  bugzilla,  you  must  turn  on  the  selin-
       uxuser_execheap boolean. Disabled by default.

       setsebool -P selinuxuser_execheap 1

       If  you	want to allow all unconfined executables to use libraries requiring text relocation that are not labeled textrel_shlib_t, you must
       turn on the selinuxuser_execmod boolean. Enabled by default.

       setsebool -P selinuxuser_execmod 1

       If you want to allow unconfined executables to make their stack executable.  This should never, ever be	necessary.  Probably  indicates  a
       badly  coded  executable,  but  could  indicate	an  attack.  This  executable  should be reported in bugzilla, you must turn on the selin-
       uxuser_execstack boolean. Enabled by default.

       setsebool -P selinuxuser_execstack 1

       If you want to support X userspace object manager, you must turn on the xserver_object_manager boolean. Enabled by default.

       setsebool -P xserver_object_manager 1

       If you want to allow ZoneMinder to run su/sudo, you must turn on the zoneminder_run_sudo boolean. Disabled by default.

       setsebool -P zoneminder_run_sudo 1

NSSWITCH DOMAIN

       If you want to allow users to resolve user passwd entries directly from ldap rather then using a sssd server for the lvm_t, you	must  turn
       on the authlogin_nsswitch_use_ldap boolean.

       setsebool -P authlogin_nsswitch_use_ldap 1

       If you want to allow confined applications to run with kerberos for the lvm_t, you must turn on the kerberos_enabled boolean.

       setsebool -P kerberos_enabled 1

MANAGED FILES

       The  SELinux  process  type lvm_t can manage files labeled with the following file types.  The paths listed are the default paths for these
       file types.  Note the processes UID still need to have DAC permissions.

       file_type

	    all files on the system

FILE CONTEXTS

       SELinux requires files to have an extended attribute to define the file type.

       You can see the context of a file using the -Z option to ls

       Policy governs the access confined processes have to these files.  SELinux lvm policy is very flexible allowing users to  setup	their  lvm
       processes in as secure a method as possible.

       EQUIVALENCE DIRECTORIES

       lvm  policy stores data with multiple different file context types under the /var/run/multipathd directory.  If you would like to store the
       data in a different directory you can use the semanage command to create an equivalence mapping.  If you wanted to store  this  data  under
       the /srv dirctory you would execute the following command:

       semanage fcontext -a -e /var/run/multipathd /srv/multipathd
       restorecon -R -v /srv/multipathd

       STANDARD FILE CONTEXT

       SELinux	defines  the file context types for the lvm, if you wanted to store files with these types in a diffent paths, you need to execute
       the semanage command to sepecify alternate labeling and then use restorecon to put the labels on disk.

       semanage fcontext -a -t lvm_etc_t '/srv/lvm/content(/.*)?'
       restorecon -R -v /srv/mylvm_content

       Note: SELinux often uses regular expressions to specify labels that match multiple files.

       The following file types are defined for lvm:

       lvm_etc_t

       - Set files with the lvm_etc_t type, if you want to store lvm files in the /etc directories.

       lvm_exec_t

       - Set files with the lvm_exec_t type, if you want to transition an executable to the lvm_t domain.

       Paths:
	    /lib/lvm-10/.*,  /lib/lvm-200/.*,  /usr/lib/lvm-10/.*,  /usr/lib/lvm-200/.*,   /usr/lib/systemd/system-generators/lvm2.*,	/sbin/lvm,
	    /sbin/lvs,	/sbin/pvs,  /sbin/vgs,	/sbin/vgck,  /sbin/dmraid,  /sbin/kpartx,  /sbin/lvmsar, /sbin/lvscan, /sbin/pvdata, /sbin/pvmove,
	    /sbin/pvscan, /sbin/vgscan, /sbin/dmsetup, /sbin/e2fsadm, /sbin/lvmetad, /sbin/lvmsadc, /sbin/vgmerge,  /sbin/vgsplit,  /usr/sbin/lvm,
	    /usr/sbin/lvs,   /usr/sbin/pvs,   /usr/sbin/vgs,   /sbin/lvchange,	/sbin/lvcreate,  /sbin/lvextend,  /sbin/lvreduce,  /sbin/lvremove,
	    /sbin/lvrename,  /sbin/lvresize,  /sbin/pvchange,  /sbin/pvcreate,	/sbin/pvremove,  /sbin/vgchange,  /sbin/vgcreate,  /sbin/vgexport,
	    /sbin/vgextend,  /sbin/vgimport,  /sbin/vgreduce,  /sbin/vgremove,	/sbin/vgrename,  /usr/sbin/vgck, /sbin/lvdisplay, /sbin/lvmchange,
	    /sbin/pvdisplay,   /sbin/vgdisplay,   /sbin/vgmknodes,   /sbin/vgwrapper,	/sbin/cryptsetup,   /sbin/lvm.static,	 /sbin/multipathd,
	    /usr/sbin/dmraid,	/usr/sbin/kpartx,   /usr/sbin/lvmsar,	/usr/sbin/lvscan,  /usr/sbin/pvdata,  /usr/sbin/pvmove,  /usr/sbin/pvscan,
	    /usr/sbin/vgscan, /sbin/mount.crypt, /sbin/lvmdiskscan, /sbin/vgcfgbackup,	/usr/sbin/dmsetup,  /usr/sbin/e2fsadm,	/usr/sbin/lvmetad,
	    /usr/sbin/lvmsadc,	   /usr/sbin/vgmerge,	  /usr/sbin/vgsplit,	 /sbin/umount.crypt,	/sbin/vgcfgrestore,    /usr/sbin/dmeventd,
	    /usr/sbin/lvchange,    /usr/sbin/lvcreate,	  /usr/sbin/lvextend,	 /usr/sbin/lvreduce,	/usr/sbin/lvremove,    /usr/sbin/lvrename,
	    /usr/sbin/lvresize,    /usr/sbin/pvchange,	  /usr/sbin/pvcreate,	 /usr/sbin/pvremove,	/usr/sbin/vgchange,    /usr/sbin/vgcreate,
	    /usr/sbin/vgexport,    /usr/sbin/vgextend,	  /usr/sbin/vgimport,	 /usr/sbin/vgreduce,	/usr/sbin/vgremove,    /usr/sbin/vgrename,
	    /sbin/lvmiopversion,   /sbin/vgscan.static,   /usr/sbin/lvdisplay,	 /usr/sbin/lvmchange,	/usr/sbin/pvdisplay,  /usr/sbin/vgdisplay,
	    /usr/sbin/vgmknodes,  /usr/sbin/vgwrapper,	/sbin/dmsetup.static,  /usr/sbin/cryptsetup,  /usr/sbin/lvm.static,  /usr/sbin/multipathd,
	    /sbin/vgchange.static, /usr/sbin/lvmdiskscan, /usr/sbin/mount.crypt, /usr/sbin/vgcfgbackup, /sbin/multipath.static, /usr/sbin/vgcfgre-
	    store,  /usr/sbin/lvmiopversion,  /usr/sbin/vgscan.static,	 /usr/sbin/dmsetup.static,   /usr/sbin/vgchange.static,   /usr/sbin/multi-
	    path.static, /lib/udev/udisks-lvm-pv-export, /usr/lib/udev/udisks-lvm-pv-export, /usr/lib/systemd/systemd-cryptsetup

       lvm_lock_t

       - Set files with the lvm_lock_t type, if you want to treat the files as lvm lock data, stored under the /var/lock directory

       Paths:
	    /etc/lvm/lock(/.*)?, /var/lock/lvm(/.*)?, /var/lock/dmraid(/.*)?

       lvm_metadata_t

       - Set files with the lvm_metadata_t type, if you want to treat the files as lvm metadata data.

       Paths:
	    /etc/lvmtab(/.*)?,	/etc/lvmtab.d(/.*)?,  /etc/lvm/cache(/.*)?,  /etc/multipath(/.*)?,  /etc/lvm/backup(/.*)?, /etc/lvm/archive(/.*)?,
	    /var/cache/multipathd(/.*)?, /etc/lvm/.cache

       lvm_tmp_t

       - Set files with the lvm_tmp_t type, if you want to store lvm temporary files in the /tmp directories.

       lvm_unit_file_t

       - Set files with the lvm_unit_file_t type, if you want to treat the files as lvm unit content.

       Paths:
	    /usr/lib/systemd/system/lvm2.*.service, /usr/lib/systemd/generator/lvm.*

       lvm_var_lib_t

       - Set files with the lvm_var_lib_t type, if you want to store the lvm files under the /var/lib directory.

       lvm_var_run_t

       - Set files with the lvm_var_run_t type, if you want to store the lvm files under the /run or /var/run directory.

       Paths:
	    /var/run/lvm(/.*)?, /var/run/dmevent.*, /var/run/multipathd(/.*)?, /var/run/multipathd.sock

       Note: File context can be temporarily modified with the chcon command.  If you want to permanently change the file context you need to  use
       the semanage fcontext command.  This will modify the SELinux labeling database.	You will need to use restorecon to apply the labels.

COMMANDS

       semanage fcontext can also be used to manipulate default file context mappings.

       semanage permissive can also be used to manipulate whether or not a process type is permissive.

       semanage module can also be used to enable/disable/install/remove policy modules.

       semanage boolean can also be used to manipulate the booleans

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was auto-generated using sepolicy manpage .

SEE ALSO

       selinux(8), lvm(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8)

lvm								     14-06-10							    lvm_selinux(8)
All times are GMT -4. The time now is 09:35 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy