SysAdmin

Posts tagged with #sysadmin
Total: 13

How SELinux screws with scripts when run over VMware Tools

Notes | 2021-08-08 (updated 2025-10-25) | 1 min read
#ansible #automation #linux #security #selinux #sysadmin #vmware

SELinux by default prohibits certain things from working through VMware tools (Ansible connection or plain API).

This can be solved two ways:

Disabling SELinux: BAD, but easy
Writing a custom SELinux policy: complicated but more secure

Note: Adding/Changing this policy through a VMware tools connection is thankfully possible

Example policy

This policy is the base for a VMware tools policy and allows entering the rpm context (yum).

module custom-vmtools 1.0;

require {
        type rpm_script_t;
        type vmtools_unconfined_t;
        class process transition;
}

#============= vmtools_unconfined_t ==============

allow vmtools_unconfined_t rpm_script_t:process transition

curl: Modify DNS Resolution

Notes | 2021-08-08 (updated 2025-10-25) | 1 min read
#curl #productivity #sysadmin

You can intercept normal name resolution in curl with the --resolve parameter allowing you to do things like talk to a specific site of a DNS load-balanced setup or talk to a new deployment not yet made productive.

You can specify the resolve option multiple times so you can even catch redirects and move them to where you want as well.

It’s important to note that this intercept does only work on the ports you specify in the entries.

Delete Your Old VMware Snapshots

Posts | 2021-01-01 (updated 2025-10-22) | 3 min read
#powershell #sysadmin #vmware-powercli

For the love of Pete, please delete your old snapshots regularly!

Old snapshots have caused incidents and even outages more than once in my career and it is really easy to preemptively look for them and get them removed before anything happens.