Re: Fedora 20 TC2 AMIs

en I would just run restorecon on them. > Daniel J Walsh wrote: > > On 11/21/2013 07:30 AM, Vitaly Kuznetsov wrote: > > Dennis Gilmore writes: > > Hi all, > > Final TC2 images have been uploaded to EC2 and are available at > > ami-3392b55a : us-east-1 image

Re: [Base] Summary/Minutes from today's Base WG meeting (2013-11-08)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2013 10:31 AM, Harald Hoyer wrote: > On 11/10/2013 01:39 PM, Daniel J Walsh wrote: >> A few other things, I would like to see broken out would be sort of a >> lower level definition for containers, based on the docker model

Re: [Base] Summary/Minutes from today's Base WG meeting (2013-11-08)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/08/2013 11:51 AM, Dennis Gilmore wrote: > -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > > == > #fedora-meeting: Fedora Base Design Working Group (2013-11-08) > =

Re: [Fedora Base Design WG] Reminder: Meeting on #fedora-meeting at 15:00 UTC today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/08/2013 08:19 AM, Phil Knirsch wrote: > Hi everyone. > > Just as a reminder, meeting time in roughly 1 1/2 hours from now. > > See you there! > > Thanks & regards, Phil > I can not make the meeting, I am at a conference in Washington DC.

Re: Draft Product Description for Fedora Workstation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/06/2013 10:12 PM, Kevin Kofler wrote: > Simo Sorce wrote: > >> On Wed, 2013-11-06 at 01:13 +0100, Kevin Kofler wrote: >>> Simo Sorce wrote: * and *ideally* I mean SELinux sanbdboxed with specific APIs that must be used to interact with

Re: $HOME/.local/bin in $PATH

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/2013 09:03 PM, Chris Adams wrote: > Once upon a time, Reindl Harald said: >> [root@srv-rhsoft:~]$ mkdir test i could rm -rf ~/ here >> >> [root@srv-rhsoft:~]$ cat /usr/local/bin/mkdir #!/bin/bash echo "i could >> rm -rf ~/ here" > > If I ca

Re: systemd no longer creating /var/log/journal?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/24/2013 08:15 PM, Adam Williamson wrote: > On Thu, 2013-10-17 at 08:55 -0500, Rex Dieter wrote: >> Matthew Miller wrote: >> >>> Back in May, the systemd package was changed to enable journal >>> persistancy by default, by creating /var/log/journ

Re: F21/F22 System Wide Change: Python 3 as the Default Implementation

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/17/2013 11:45 AM, Miloslav Trmač wrote: > On Thu, Oct 17, 2013 at 9:13 AM, Bohuslav Kabrda > wrote: >>> * The Change plan should be updated to take into account Dennis's >>> Feedback * I suggeested that perhaps a better contingency plan would be

Re: quotacheck, quotaoff, and quotaon are going to be usr-moved

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/16/2013 09:49 AM, Petr Pisar wrote: > To finish usr-move, I'm going to change quota package in that way. > /sbin/quotacheck, /sbin/quotaoff, and /sbin/quotaon files will be moved > under /usr. > > This may affect init scripts enabling quotas a

Re: There used to be a way to minimize the address section on Thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/15/2013 08:55 AM, Tom Hughes wrote: > On 15/10/13 13:41, Daniel J Walsh wrote: > >> This seems to have gone a way from Fedora 20/21 thunderbird. >> >> rpm -q thunderbird thunderbird-24.0-3.fc21.x86_64 >> >&

There used to be a way to minimize the address section on Thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This seems to have gone a way from Fedora 20/21 thunderbird. rpm -q thunderbird thunderbird-24.0-3.fc21.x86_64 Is this intended? Is this a bug? Is there a setting where I can turn this back on? Wasting this screen real estate on a small screen is

Re: Self Introduction

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/16/2013 09:30 AM, Tomasz Torcz wrote: > On Sat, Sep 14, 2013 at 10:48:50AM +0930, William Brown wrote: >> I generally focus on server and networking systems, but I am willing to >> contribute to anything that I see that needs fixing. (IE writing

Re: Self Introduction

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/2013 09:18 PM, William Brown wrote: > Hi, > > I am a student of computer science, and systems administrator for a > University using el. I have been using Fedora as my primary OS for a number > of years now. > > I have had some intermittent

Re: I am thinking of adding compression to libselinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/12/2013 08:11 AM, Lennart Poettering wrote: > On Thu, 12.09.13 07:53, Daniel J Walsh (dwa...@redhat.com) wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> Basically looking at compressing the polic

I am thinking of adding compression to libselinux

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Basically looking at compressing the policy file to shrink SELinux footprint in the minimal install/cloud image. Currently the policy modules (pp files) are shipped with bzip compression but the actually policy file. But the /etc/selinux/targeted/pol

Re: Firewall blocking desktop features

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2013 09:18 AM, Reindl Harald wrote: > > > Am 11.09.2013 15:05, schrieb Daniel J Walsh: >> On 09/11/2013 08:56 AM, Alec Leamas wrote: >>> Although this would work for both our wifes I'd hate it myself. There &g

Re: Firewall blocking desktop features

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2013 08:56 AM, Alec Leamas wrote: > On 2013-09-11 14:46, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 09/11/2013 06:35 AM, Heiko Adams wrote: >>> Am 11.09.2013 12:30, schrieb

Re: are you annoyed by frequent password prompts?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2013 03:10 AM, Dhiru Kholia wrote: > Hi, > > In FESCo ticket #1115, it was decided to modify the privilege escalation > policy in order to allow local, active, admin user to update/remove/etc > signed software without requiring a password.

Re: Firewall blocking desktop features

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/11/2013 06:35 AM, Heiko Adams wrote: > Am 11.09.2013 12:30, schrieb Alec Leamas: >> >> That said, I see your point. Seems to boil down to that only the >> application knows which port(s) to open and why, whereas only the >> firewall can guar

Re: Proposal: AppData files in all application packages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2013 06:14 AM, Richard Hughes wrote: > On 7 September 2013 11:03, Daniel J Walsh wrote: >> Why not open bugzillas with the packages with .Desktop files to do this? > > Valid question, although that would be opening ~800 b

Re: Proposal: AppData files in all application packages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2013 05:30 AM, Richard Hughes wrote: > Hi all, > > A progress update: lots of upstreams have already merged AppData files (50 > and counting!) but we're still a long way from having all the default > packages on the GNOME spin with AppData fi

Re: COPR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/06/2013 03:38 PM, Richard W.M. Jones wrote: > On Fri, Sep 06, 2013 at 09:10:24PM +0200, 80 wrote: >> No, it's less secure than kvm but it still provides better isolation than >> a mere chroot. > > It doesn't matter if it's more secure than a chr

Re: COPR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/04/2013 03:48 PM, Michael Scherer wrote: > Le mardi 03 septembre 2013 à 15:37 -0400, Jay Greguske a écrit : >> On 09/03/2013 12:29 PM, Michael scherer wrote: >>> On Tue, Sep 03, 2013 at 09:48:52AM -0600, Kevin Fenzi wrote: On Tue, 03 Sep 201

Re: COPR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/03/2013 03:37 PM, Jay Greguske wrote: > On 09/03/2013 01:54 PM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 09/03/2013 12:29 PM, Michael scherer wrote: >>> On Tue, Sep 03, 2

Re: COPR

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/03/2013 12:29 PM, Michael scherer wrote: > On Tue, Sep 03, 2013 at 09:48:52AM -0600, Kevin Fenzi wrote: >> On Tue, 03 Sep 2013 10:10:32 -0400 Jay Greguske >> wrote: >> >>> If we had SELinux policy enabled on the builders and used MLS on the >>

Re: F20 System Wide Change: Enable SELinux Labeled NFS Support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/25/2013 06:45 PM, James Hogarth wrote: > > On 25 Jul 2013 19:55, "Daniel J Walsh" <mailto:dwa...@redhat.com>> wrote: > >> > > The only provisos/additions I could suggest on the above then is to m

Re: F20 System Wide Change: Enable SELinux Labeled NFS Support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/26/2013 03:40 AM, Florian Weimer wrote: > On 07/25/2013 08:55 PM, Daniel J Walsh wrote: > >> Labels are applied based on the client rules. Which does bring up an >> interesting idea of what happens if the server initiates a

Re: F20 System Wide Change: Enable SELinux Labeled NFS Support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/25/2013 10:57 AM, James Hogarth wrote: > On 25 Jul 2013 14:36, "Daniel P. Berrange" > wrote: >>> Updated testing section on >>> >>> https://fedoraproject.org/wiki/Changes/LabeledNFS >> >> Feature looks good to me no

Re: F20 System Wide Change: Enable SELinux Labeled NFS Support

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/25/2013 07:17 AM, Daniel P. Berrange wrote: > I think this feature needs to cover some app integration testing. For > example, one of the core use cases for NFS/SELinux support is to enable > sVirt to work for KVM guests with storage on NFS. So

Re: Tools to mount and promote Fedora on cybers.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/14/2013 06:39 PM, Sérgio Basto wrote: > On Dom, 2013-07-14 at 14:39 +0100, Álvaro Castillo wrote: >> Hello buddies, I want get more information about Fedora and tools to help >> on migration of cybers Windows into Fedora. But I only found old sof

Anyone bought the CLover sunbook and made Fedora run on it.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I have dreamed for years of buying a laptop that I can actually use outside, but I don't want to run Windows on it. It is a little steep at 700 + 75 for ssd. http://www.sunbook.us/?gclid=CPe1_ZPWqbcCFQdk7Aod9AMA0g -BEGIN PGP SIGNATURE- Versio

Re: su starts behaving oddly sometimes on F19

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/20/2013 03:29 PM, Adam Williamson wrote: > On Fri, 2013-05-17 at 12:33 +0200, Tomas Mraz wrote: >> On Thu, 2013-05-16 at 22:29 -0700, Adam Williamson wrote: >>> This is a weird bug I've seen 3 or 4 times since upgrading to F19, and >>> am having

Re: Does -devel package name only indicate "C" development packages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/18/2013 02:25 PM, Adam Williamson wrote: > On Sat, 2013-05-18 at 13:41 -0400, Rahul Sundaram wrote: >> On 05/18/2013 01:12 PM, Adam Williamson wrote: >>> On Sat, 2013-05-18 at 06:18 -0400, Daniel J Walsh wrote: Well, there >

Re: Does -devel package name only indicate "C" development packages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/18/2013 06:37 AM, David Strauss wrote: > I agree with Tomasz. "-devel" has always means "files and data necessary to > support use as a build dependency" to me. That's a superset of C header > files. > Well if you were building policy in out spe

Does -devel package name only indicate "C" development packages?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://bugzilla.redhat.com/show_bug.cgi?id=962081 I have a request to change the name of selinux-policy-devel to selinux-policy-devel-support, since "everywhere else in the distro -devel means just header files in c and not any other development too

Re: when startup delays become bugs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/14/2013 06:30 PM, Dan Williams wrote: > On Tue, 2013-05-14 at 15:51 -0600, Chris Murphy wrote: >> This is not intended to be snarky, but I admit it could sound like it is. >> When are long startup times for services considered to be bugs in their

Re: Each Fedora release I do series of blog on New Security Feature coming in the next Fedora.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/10/2013 10:10 AM, "Jóhann B. Guðmundsson" wrote: > On 04/10/2013 01:11 PM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> I need ideas for what to write about in Fedora 19.

Each Fedora release I do series of blog on New Security Feature coming in the next Fedora.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I need ideas for what to write about in Fedora 19. Could people send some to me. If you google "security features site:danwalsh.livejournal.com" you will see a lot of the past blogs. Things I have covered in the past in addition to SELinux advanc

Orphaning libmatchbox

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Since sandbox has moved over to use openbox. (Someday I dream of it using gnome-shell) I no longer need libmatchbox, and since I believe sandbox was the last app to require it, we could probably retire the package, unless anyone else needs it. -

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/20/2013 09:49 PM, Kees Cook wrote: > On Sun, Mar 17, 2013 at 10:07:48PM +0100, Kevin Kofler wrote: >> Kees Cook wrote: >>> AFD was a single specific program doing a very specific task and >>> hardly represents an "average workload". I remain extr

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 11:11 AM, Rahul Sundaram wrote: > On 03/15/2013 10:52 AM, Chris Adams wrote: >> I agree that it doesn't really need a feature page, but IMHO it should be >> in the release notes (this is something that could break existing >> programs).

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/15/2013 09:04 AM, Josh Boyer wrote: > On Fri, Mar 15, 2013 at 7:42 AM, Josh Boyer wrote: >> On Thu, Mar 14, 2013 at 8:48 PM, Chris Adams wrote: >>> Once upon a time, Josh Boyer said: My patch put it in /usr/lib/sysctl.d, just coming from

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2013 10:08 AM, Casey Dahlin wrote: > On Thu, Mar 14, 2013 at 09:08:48AM -0400, Daniel J Walsh wrote: >> Well I believe Ubunto has been using this feature for years and maybe we >> should consider turning it on via systemd

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/14/2013 04:09 AM, yersinia wrote: > On Wed, Mar 13, 2013 at 7:52 PM, Daniel J Walsh <mailto:dwa...@redhat.com>> wrote: > > -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > > sysctl -a | grep protected fs

Re: Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/13/2013 02:55 PM, seth vidal wrote: > On Wed, 13 Mar 2013 14:52:37 -0400 Daniel J Walsh > wrote: > >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > >> sysctl -a | grep protected fs.protected_hardlinks = 0 >

Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sysctl -a | grep protected fs.protected_hardlinks = 0 fs.protected_symlinks = 0 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlFAyvUACgkQrlYvE4MpobPhWQCfQ

Customizing Firefox Search.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Any know of a way to build a customized search into firefox. Basically I want to setup a search pull down which is hard coded to a particular site. For example, add a menu item called MyBlog And what ever I put into the search window ends up going t

Re: Proposed F19 Feature: High Availability Container Resources

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/01/2013 03:55 PM, David Vossel wrote: > > > - Original Message - >> From: "Daniel J Walsh" To: "Development discussions >> related to Fedora" Sent: Friday, February >> 1, 2013 10:0

Re: Proposed F19 Feature: High Availability Container Resources

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 03:17 PM, Glauber Costa wrote: = Features/ High Availability Container Resources = https://fedoraproject.org/wiki/Features/High_Availability_Container_Resources Feature owner(s): David Vossel The Con

Re: Proposed F19 Feature: Dracut HostOnly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 01:34 PM, Simo Sorce wrote: > On Tue, 2013-01-29 at 13:28 -0500, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 01/29/2013 11:20 AM, John Reiser wrote: >>>>>> A gen

Re: Proposed F19 Feature: Dracut HostOnly

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2013 11:20 AM, John Reiser wrote: A generic fallback image should be installed by anaconda on installation/update and never ever be removed. > >> Also, fallback has interesting security properties… > > > "Rescue mode" forces a SEL

Re: Whats happened to SELinux commands and directories on F18 ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/02/2013 03:09 PM, Lukas Berk wrote: > Hey, > > [...] > >> >> audit2allow is in policycoreutils-python these days I believe. >> > > At least in rawhide (not sure about F18), audit2allow seems to have been > moved from policycoreutils-python

Re: rawhide report: 20121214 changes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/15/2012 06:13 AM, Richard W.M. Jones wrote: > On Fri, Dec 14, 2012 at 01:17:02PM +, Fedora Rawhide Report wrote: >> [libguestfs] 1:libguestfs-1.20.0-1.fc19.i686 requires selinux-policy >= >> 0:3.11.1-63 1:libguestfs-1.20.0-1.fc19.x86_64 requi

Re: selinux-policy-3.11.1-57 and 3.11.1-58 breaking access to 'storage' drives

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/07/2012 01:46 AM, Ankur Sinha wrote: > On Mon, 2012-12-03 at 12:53 -0600, Bruno Wolff III wrote: >> In bohdi, people have reported that -59 fixed the problem going forward. >> But people already affected need to relabel. > > Looks like I got cau

Re: selinux-policy-3.11.1-57 and 3.11.1-58 breaking access to 'storage' drives

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/01/2012 12:58 PM, Adam Williamson wrote: > Just a heads-up - several reporters (including me) have noticed that they > can't access 'storage' drives in their systems (disks mounted at non-system > locations - mine's at /media/Sea500 - to contain

Re: Fedora 18 Beta Go/No-Go Meeting, Thursday, November 22 @ 20:00 UTC (3pm Eastern, 12pm Pacific)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/20/2012 11:15 AM, Peter Jones wrote: > On Tue, Nov 20, 2012 at 08:14:08AM -0500, Jaroslav Reznik wrote: >> Btw. Thanksgiving conflict is known, but we decided not to move Go/No-Go >> to Wednesday because of limited time for testing, let me know i

Re: Fedora ARM weekly status meeting 2012-11-07

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2012 01:51 PM, Paul Whalen wrote: > Good day all, > > This weeks Fedora ARM status meeting will take place today (Wednesday Nov > 7th) in #fedora-meeting-1 on Freenode. Times in various time zones (please > let us know if these do not work):

Re: Rawhide

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 For the most part I always run Rawhide. Except for a few weeks after branch. I like to find the SELinux issues early... -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ i

Re: [Feature Suggestion] UsrMove continued

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/09/2012 04:01 PM, Konstantin Ryabitsev wrote: > On Tue, Oct 9, 2012 at 4:13 AM, tim.laurid...@gmail.com > wrote: >> +1 to Richard, I really don't see the purpose, why does it matter that >> number of dirs in /. Lot of apps will break if you mo

Anyone have any idea why apps are starting to search /proc/sys/vm?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 https://bugzilla.redhat.com/show_bug.cgi?id=863258 https://bugzilla.redhat.com/show_bug.cgi?id=863257 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBwGYAACgk

Re: rawhide report: 20120925 changes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2012 03:23 PM, Jerry James wrote: > On Tue, Sep 25, 2012 at 6:58 AM, Fedora Rawhide Report > wrote: >> Broken deps for i386 >> -- > [snip] >> [policycoreutils] policycoreutils-sandbox-

Re: SELinux & Koji question

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/25/2012 12:29 PM, Richard W.M. Jones wrote: > > This command fails: > > + chcon system_u:object_r:tmp_t:s0 tmp chcon: failed to change context of > 'tmp' to 'system_u:object_r:tmp_t:s0': Operation not permitted > > when run on Koji. However i

Re: building compose, selinux problems

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/14/2012 03:49 AM, Ian Malone wrote: > Hi, > > I'm trying to build a spin on F16 against F17 (specifically the fedora-jam > spin, ssh://git.fedorahosted.org/git/music-creation > spin-kickstarts/fedora-jam/fedora-live-jam-kde.ks, with the mono-br

Re: time to fix silly ssh bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/21/2012 03:49 AM, Richard W.M. Jones wrote: > On Tue, Jun 19, 2012 at 10:10:43AM -0400, Neal Becker wrote: >> Adam Jackson wrote: >> >>> On 6/19/12 9:01 AM, Neal Becker wrote: >>> This is rediculous. I liked the idea of 775 when it was in

Re: time to fix silly ssh bug

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/19/2012 01:02 PM, Tomas Mraz wrote: > On Tue, 2012-06-19 at 09:01 -0400, Neal Becker wrote: >> It's been true for a long time that fedora sets up home dir as 775. But >> ssh, with default settings, won't allow public keys to work when home dir >>

Re: As we develop SELinux we are adding new labels to homedir content

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/01/2012 08:10 AM, Bill Peck wrote: > On 06/01/2012 06:14 AM, Lennart Poettering wrote: >> On Thu, 31.05.12 15:44, Daniel J Walsh (dwa...@redhat.com) wrote: >> >> Heya, >> >>> We have added file trans by

Re: As we develop SELinux we are adding new labels to homedir content

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/01/2012 06:14 AM, Lennart Poettering wrote: > On Thu, 31.05.12 15:44, Daniel J Walsh (dwa...@redhat.com) wrote: > > Heya, > >> We have added file trans by name rules to policy to fix a lot of >> files/directorie

As we develop SELinux we are adding new labels to homedir content

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 We have added file trans by name rules to policy to fix a lot of files/directories being created with the correct label. We have problems on Distribution updates (F16-F17) though, where there is a files/directories in the homedir that are mislabeled.

Re: /usr/sbin/validate clash with /usr/bin/validate

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/24/2012 12:04 AM, Matt Domsch wrote: > On Wed, May 23, 2012 at 01:22:35PM -0500, Paul Wouters wrote: >> >> I just got caught in having two different "validate" commands in my >> path. >> >> The /usr/bin/validate version is from the dnssec-tool

Re: Announcing easyfix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/26/2012 06:49 AM, Vít Ondruch wrote: > Dne 26.4.2012 12:25, Pierre-Yves Chibon napsal(a): >> On Thu, 2012-04-26 at 12:19 +0200, Vít Ondruch wrote: >>> Dne 26.4.2012 11:12, Pierre-Yves Chibon napsal(a): Good news everyone (© Farnsworth),

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/13/2012 03:55 AM, Mark Wielaard wrote: > On Thu, Apr 12, 2012 at 04:01:58PM -0400, Daniel J Walsh wrote: >> On 04/12/2012 02:39 PM, Mark Wielaard wrote: >>> On Mon, Apr 09, 2012 at 09:38:40AM -0400, Eric Paris wrote: >>>> (Think about it a moment. gdb -p is

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/12/2012 02:39 PM, Mark Wielaard wrote: > On Mon, Apr 09, 2012 at 09:38:40AM -0400, Eric Paris wrote: >> (Think about it a moment. gdb -p is the same as firefox trying to ptrace >> gnome-keyring) > > I thought a bit about it. And now I am even more confused :) > > It seems you are already n

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/11/2012 10:21 AM, Matthew Garrett wrote: > On Wed, Apr 11, 2012 at 03:58:55PM +0200, Mark Wielaard wrote: >> On Tue, 2012-04-10 at 14:04 +0100, Matthew Garrett wrote: >>> Option 2: Disable ptrace for everything except direct child processes. >>> Allows the common case of running a task direc

Re: Mozilla plugins packaging [Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?]

On 04/10/2012 11:08 AM, drago01 wrote: > On Tue, Apr 10, 2012 at 4:29 PM, Paul Wouters wrote: >> On Tue, 10 Apr 2012, drago01 wrote: >> Wouldn't it be better to package Mozilla plugins in Fedora so that they are trusted? >>> >>> >>> rpm packages do not magically fix security issues. A

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/10/2012 09:04 AM, Matthew Garrett wrote: > On Tue, Apr 10, 2012 at 11:27:12AM +0200, Michael Scherer wrote: >> Le mardi 10 avril 2012 à 02:57 +0100, Matthew Garrett a écrit : >>> Ok, so if anything that's already a likely target of attack is unable >>> to initiate ptrace or start a process th

Re: Mozilla plugins packaging [Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?]

On 04/10/2012 09:24 AM, Jan Kratochvil wrote: > On Tue, 10 Apr 2012 15:07:45 +0200, Kevin Kofler wrote: >> Jan Kratochvil wrote: >>> This is still unrelated to the point whether Fedora is a Free distro >>> or not (it is not due to Linux firmwares - this part is known). So why >>> isn't Flash + acro

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 09:58 PM, Kevin Kofler wrote: > Matej Cepl wrote: >> I am afraid you are not an ordinary Fedora user. If abrt/breakpad/etc. >> works as they should, then I don't think majority of Fedora users have >> any reason why to pull out gdb at all. > > Because DrKonqi or some other similar c

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 10:00 PM, Kevin Kofler wrote: > Daniel J Walsh wrote: >> We already block ptrace from almost every confined domain other then >> user domains. > > Then why not just keep it that way instead of breaking GDB? > > Kevin Kofler > Because we are trying

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 05:06 PM, Matthew Garrett wrote: > On Mon, Apr 09, 2012 at 04:55:27PM -0400, Daniel J Walsh wrote: > >> And guess what I use these tools, and I just execute setsebool >> deny_ptrace 0 anytime I need to strace or debug an application, then I >> turn i

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 04:11 PM, Przemek Klosowski wrote: > On 04/09/2012 06:08 AM, Matej Cepl wrote: > >> Without getting into this discussion much, I would just note a bit of >> shocking news for you ... I am afraid you are not an ordinary Fedora >> user. If abrt/breakpad/etc. works as they should, the

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 02:15 PM, Miloslav Trmač wrote: > On Mon, Apr 9, 2012 at 4:58 PM, Daniel J Walsh wrote: >> One suggestion I have heard is to turn the feature off if someone install >> gdb like we do with DrKonji, which might be a better solution then >> disabling by defaul

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

On 04/09/2012 11:11 AM, Frank Ch. Eigler wrote: > > dwalsh wrote: > >> I thought I made this clear in my blogs and the feature page that I >> wanted this on deny_ptrace on by default. [...] >> https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace > > The version of this page that you last e

Re: SELinuxDenyPtrace: Write, compile, run, but don't debug applications?

I thought I made this clear in my blogs and the feature page that I wanted this on deny_ptrace on by default. http://danwalsh.livejournal.com/49336.html https://fedoraproject.org/wiki/Features/SELinuxDenyPtrace http://danwalsh.livejournal.com/49564.html Even on You Tube. https://www.youtube.com/

Re: /tmp on tmpfs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/04/2012 04:31 AM, Jonathan Underwood wrote: > On 2 April 2012 20:58, Richard W.M. Jones wrote: >> On Mon, Apr 02, 2012 at 08:32:56PM +0200, Miloslav Trmač wrote: >>> * #834 F18 Feature: /tmp on tmpfs - >>> http://fedoraproject.org/wiki/Features

Re: /tmp on tmpfs

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/02/2012 04:25 PM, Lennart Poettering wrote: > On Mon, 02.04.12 20:58, Richard W.M. Jones (rjo...@redhat.com) wrote: > Heya, > >> The feature page is wrong about "The user experience should barely >> change. This is mostly a low-level change t

Re: httpd 2.4 is coming, RFC on module packaging draft

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/27/2012 03:19 PM, "Jóhann B. Guðmundsson" wrote: > On 03/27/2012 05:15 PM, Kevin Kofler wrote: >> I think "removing the legacy cruft" just for the goal of removing it is not >> helpful at all and is actually the main cause of "half baked", "half

Re: Chromium

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 11:30 AM, Tom Callaway wrote: > On 03/19/2012 11:17 AM, Antonio Trande wrote: >> I'm sorry, i do not want contradict you but ... i haven't any >> AVC message about Chromium although deny_ptrace is on >> (selinux-policy-3.10.0-95.fc17). :

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 10:36 AM, Michael Cronenworth wrote: > Daniel J Walsh wrote: >> We could put the info into systemd-journal. > > Back when sendmail and logwatch were part of the default install, > it would have been nice to hav

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 10:16 AM, Michał Piotrowski wrote: > W dniu 19 marca 2012 15:13 użytkownik Michał Piotrowski > napisał: >> 2012/3/19 Daniel J Walsh : > On 03/17/2012 11:25 PM, Dave Quigley wrote: >>>>> On 3/17/2012 7:17 A

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 11:25 PM, Dave Quigley wrote: > On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 05:38 AM, > Matej Cepl wrote: >>>> On 17.3.2012 10:18, Daniel J Walsh wrote: >>>>> Here is the current

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 05:38 AM, Matej Cepl wrote: > On 17.3.2012 10:18, Daniel J Walsh wrote: >> Here is the current httpd man page. >> >> http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > >> > OK, in

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 03:45 AM, Matej Cepl wrote: > On 16.3.2012 18:49, David Quigley wrote: >> Short of educating web server administrators about SELinux and >> the correct labels for web resources I'm not sure what else can >> be done. You don't want to use

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/16/2012 12:47 PM, Adam Williamson wrote: > On Fri, 2012-03-16 at 09:56 +0100, Matej Cepl wrote: >> On 15.3.2012 09:38, Tomasz Torcz wrote: Why and why just us? >>> >>> Good question, we deviate from upstream default: >>> http://wiki.apache

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2012 11:38 AM, Michał Piotrowski wrote: > 2012/3/6 Pádraig Brady : >> On 03/06/2012 04:21 PM, Daniel J Walsh wrote: >>> On 03/05/2012 03:20 PM, Michał Piotrowski wrote: >>>> Hi, >>> >>>> I w

Re: /etc/default in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2012 03:20 PM, Michał Piotrowski wrote: > Hi, > > I wanted to add "selinux=0" to the kernel command line on F17. I > checked /etc/sysconfig/, /etc/grub.d/, next I started to read > /etc/grub.d/10_linux (this new grub2 is so user friendly..)

Re: Torvalds:requiring root password for mundane things is moronic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/02/2012 10:38 AM, Sérgio Basto wrote: > On Thu, 2012-03-01 at 20:49 -0500, Daniel J Walsh wrote: >> On 03/01/2012 05:43 PM, Adam Jackson wrote: >>> On Thu, 2012-03-01 at 16:39 -0500, Daniel J Walsh wrote: >>> >>

Re: Torvalds:requiring root password for mundane things is moronic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/01/2012 05:43 PM, Adam Jackson wrote: > On Thu, 2012-03-01 at 16:39 -0500, Daniel J Walsh wrote: > >> I believe Fedora 17 has an add user to admin group checkbox when >> adding the initial user, not sure if it is ch

Re: Torvalds:requiring root password for mundane things is moronic

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/29/2012 04:03 PM, Scott Doty wrote: > On 02/29/2012 08:46 AM, David Malcolm wrote: >> On Wed, 2012-02-29 at 07:02 -0500, Neal Becker wrote: >>> I think he's got a point >>> >>> http://www.osnews.com/story/25659/Torvalds_requiring_root_password_f

Re: Headsup! krb5 ccache defaults are changing in Rawhide

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/24/2012 08:44 AM, David Quigley wrote: > On 02/24/2012 00:22, Simo Sorce wrote: >> On Thu, 2012-02-23 at 20:41 -0500, David Quigley wrote: >>> On 02/23/2012 14:28, Stephen Gallagher wrote: Dear fellow developers, with the upcoming

Re: /usrmove? -> about the future

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/16/2012 09:59 AM, John5342 wrote: > On Thu, Feb 16, 2012 at 03:34, Stephen John Smoogen > wrote: >> A bad autocomplete can cause you to sit 3-4 minutes as DNS or >> other things time out. > > Ctrl+C will cancel the command and the completion wi

<    1   2   3   4   >