Re: Testing Fedora? Please enable SELinux if you can

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/30/2010 08:22 PM, Camilo Mesias wrote: > OK, an update. I reinstalled F13, added Picasa 3 from the Google repo. > It does run although it triggers tens of SELinux alerts about > mmap_zero on "unknown". > > The messages are pretty confusing reall

Re: systemd acceptance, packaging guidelines (was Re: systemd and changes)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/24/2010 08:45 AM, Matthias Clasen wrote: > On Mon, 2010-08-23 at 23:06 -0400, Bill Nottingham wrote: > > Hey Bill, > > this is a very good initial list, this should make it very easy for QA > to whip up a test plan for systemd. Some comments be

Re: systemd acceptance, packaging guidelines (was Re: systemd and changes)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/24/2010 03:39 PM, Lennart Poettering wrote: > On Tue, 24.08.10 09:44, Daniel J Walsh (dwa...@redhat.com) wrote: > >> I would add security things. >> >> Starting a service sends audit messages from the proper loginuid.

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/25/2010 05:46 PM, Lennart Poettering wrote: > On Wed, 25.08.10 17:04, Matthew Miller (mat...@mattdm.org) wrote: > >> If you are using the libcgroup package, and in particular the cgconfig >> serivice, be aware that this will break systemd. This

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/26/2010 09:59 AM, Matthew Miller wrote: > On Wed, Aug 25, 2010 at 10:13:05PM -0400, Daniel J Walsh wrote: >>> Hmm, why is libcgroup pulled in by policycoreutils? What's the >>> rationale? >> It is used for conf

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/26/2010 12:18 PM, Matthew Miller wrote: > On Thu, Aug 26, 2010 at 09:59:59AM -0400, Matthew Miller wrote: >> Dan, *could* systemd as it stands provide what you need for sandboxes? > > Having looked a bit more at libcgroup, let me put this questi

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/26/2010 01:18 PM, Daniel P. Berrange wrote: > On Thu, Aug 26, 2010 at 01:04:33PM -0400, Daniel J Walsh wrote: >> >> I don't know. My goal with sandbox was to allow users to startup >> sandboxes in such a way that

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/26/2010 02:49 PM, Dhaval Giani wrote: > On Thu, Aug 26, 2010 at 8:44 PM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 08/26/2010 01:18 PM, Daniel P. Berrange wrote: >>>

Re: systemd and cgroups: heads up

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/27/2010 05:22 AM, Daniel P. Berrange wrote: > On Thu, Aug 26, 2010 at 02:44:15PM -0400, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 08/26/2010 01:18 PM, Daniel P. Berrange wrote:

Re: Orphaning a few packages

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/30/2010 06:07 PM, pbrobin...@gmail.com wrote: > I've orphaned the following packages if anyone wants to pick them up. > They are primarily dead upstream but some might still use them. > > libmatchbox > matchbox-window-manager > twitter-glib > >

Re: F14 youtube support?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/02/2010 08:42 AM, drago01 wrote: > On Thu, Sep 2, 2010 at 2:32 PM, Chris Jones wrote: >> On Thu, 2010-09-02 at 10:34 +, Petr Pisar wrote: >>> On 2010-09-01, Michał Piotrowski wrote: Is there any possibility to use Youtube in Fedor

Re: 1000 Bug reports

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/29/2010 01:10 PM, Orion Poplawski wrote: > I apologize for this little bit of hubris. I recently filed my 1000th bug > report at bugzilla.redhat.com (unfortunately closed NOTABUG). I thought I'd > take a look at my statistics. > > First bug

Re: Selinux: SSH broken after F-13 --> F-14 upgrade

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2010 01:49 PM, Michal Hlavinka wrote: > Hi all, > > I've recently upgraded my system, but after that I was not able to connect > through ssh. More things are wrong (from my POV): > 1)SELinux blocks all nondefault ports for ssh > > I have ss

Re: Selinux: SSH broken after F-13 --> F-14 upgrade

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2010 02:10 PM, Michal Hlavinka wrote: > > - "Daniel J Walsh" wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 10/12/2010 01:49 PM, Michal Hlavinka wrote: >>> H

Re: Selinux: SSH broken after F-13 --> F-14 upgrade

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2010 05:51 PM, yersinia wrote: > On Tue, Oct 12, 2010 at 8:02 PM, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 10/12/2010 01:49 PM, Michal Hlavinka wrote: >>> Hi al

Re: rawhide report: 20101019 changes

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/20/2010 07:52 AM, Richard W.M. Jones wrote: > On Tue, Oct 19, 2010 at 04:50:43PM -0400, seth vidal wrote: >> On Tue, 2010-10-19 at 15:40 -0500, Chris Adams wrote: >>> Once upon a time, James Antill said: Putting my really old sysadmin hat

Re: experimental systemd + initscripts repo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/21/2010 12:47 PM, Michał Piotrowski wrote: > Hi, > > 2010/10/21 Bill Nottingham : >> I've set up a repo on r.fp.org: >> http://repos.fedorapeople.org/repos/notting/initscripts-systemd/ >> >> This repo includes updated initscripts and associated

Re: Mounting an encrypted volume presents the volume to all users on a machine

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/26/2010 02:36 AM, Tomas Mraz wrote: > On Tue, 2010-10-26 at 00:28 +0200, nodata wrote: >> Hi, >> >> I'm concerned about the default behaviour of mounting encrypted volumes. >> >> The default behaviour is that a user must know and supply a passph

Re: Mounting an encrypted volume presents the volume to all users on a machine

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/27/2010 06:35 AM, Bryn M. Reeves wrote: > On 10/26/2010 10:39 PM, Bruno Wolff III wrote: >> On Tue, Oct 26, 2010 at 14:07:53 -0700, >> Jesse Keating wrote: >>> -BEGIN PGP SIGNED MESSAGE- >>> >>> That's only if you give root the right t

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/28/2010 04:14 AM, Pekka Pietikainen wrote: > On Thu, Oct 28, 2010 at 12:44:52PM +0530, Rahul Sundaram wrote: >> This feature is now approved and I see bugs get filed. The documentation and >> guidelines are very incomplete. How does one figure

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/2010 07:18 AM, Daniel P. Berrange wrote: > On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote: >> On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote: >> >>> >>> >>> You want the libcap-ng-utils RPMs which provides a bunch o

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/2010 08:32 AM, James Antill wrote: > On Fri, 2010-10-29 at 12:18 +0100, Daniel P. Berrange wrote: >> On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote: >>> On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote: >>>

Re: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/29/2010 08:32 AM, James Antill wrote: > On Fri, 2010-10-29 at 12:18 +0100, Daniel P. Berrange wrote: >> On Fri, Oct 29, 2010 at 02:32:52PM +0530, Rahul Sundaram wrote: >>> On Fri, Oct 29, 2010 at 2:26 PM, Daniel P. Berrange wrote: >>>

Re: Polyinstantiated /tmp

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/31/2010 03:07 PM, Matt McCutchen wrote: > On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote: >> I have been trying to get system processes to stop using /tmp for years. >> >> http://danwalsh.livejournal.com/11467.html

Re: RemoveSETUID feature (Was: Summary/Minutes from today's FESCo meeting (2010-10-26) NEW TIME!)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/01/2010 09:44 AM, Paul Howarth wrote: > On 29/10/10 04:15, Jason L Tibbitts III wrote: >>> "JN" == Joe Nall writes: >> >> JN> On Oct 28, 2010, at 5:08 PM, Richard W.M. Jones wrote: >> More to the point, I can easily see the setuid bit

Re: RemoveSETUID feature

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/01/2010 04:31 PM, Jason L Tibbitts III wrote: > Yeah, it looks like the capabilities thing has broken my buildsystem: > > Error unpacking rpm package iputils-20101006-2.fc15.x86_64 > error: unpacking of archive failed on file /bin/ping: cpio: ca

Re: SELinux oddity

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/14/2011 06:11 AM, Andrew Haley wrote: > A strange alert: > > The process /usr/bin/tee attempted to mount on /proc/bus/usb. > > This is F14, fully updated. > > Any ideas what this might be? > > Thanks, Andrew. Please attach the actual AVC mess

Re: new cg-manager gui tool for managin cgroups

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/20/2011 03:20 PM, Jason Baron wrote: > Hi, > > I've been working on a new gui tool for managing and monitoring > cgroups, called 'cg-manager'. I'm hoping to get people interested in > contributing to this project, as well as to add to the conver

Re: new cg-manager gui tool for managin cgroups

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/21/2011 12:36 PM, Lennart Poettering wrote: > On Thu, 21.07.11 11:28, Vivek Goyal (vgo...@redhat.com) wrote: > >>> It is already possible for different applications to use cgroups >>> without stepping on each other, and without requiring every

Re: XDG and default directories (Re: Adding ~/.local/bin to default PATH)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/27/2011 10:52 AM, Stijn Hoop wrote: > Hi, > > On Wed, 27 Jul 2011 12:43:09 +0200 Nicolas Mailhot > wrote: >> Le mercredi 27 juillet 2011 à 12:26 +0200, Stijn Hoop a écrit : >>> and even better is the fact that I can now put that area >>> somew

Re: Heads-up: ipython-0.11 breaking anything :)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/02/2011 04:22 PM, Jerry James wrote: > 8.206691] type=1400 audit(1312314954.461:3): avc: denied { > dyntransition } for pid=1 comm="systemd" > scontext=system_u:system_r:kernel_t:s0 > tcontext=system_u:system_r:init_t:s0 tclass=process [

Re: Default services enabled

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 08/23/2011 10:58 PM, Kevin Kofler wrote: > Steve Grubb wrote: >> I think it was mentioned before that systemd is consuming a lot >> of memory. > > The amount quoted was actually ridiculously small considering both > today's memory sizes and the fac

Could I get a proven tester to test these packages so I can release them to F16.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 checkpolicy-2.1.3-1.fc16 policycoreutils-2.1.4-2.fc16 libsemanage-2.1.2-1.fc16 libselinux-2.1.4-2.fc16 libsepol-2.1.1-1.fc16 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - h

Did gtkhtml2 package disappear?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 policycoreutils has broken dependencies in the rawhide tree: On x86_64: policycoreutils-gui-2.1.5-2.fc17.x86_64 requires gtkhtml2 On i386: policycoreutils-gui-2.1.5-2.fc17.i686 requires gtkhtml2 Please resolve this as soon as possible.

Re: Did gtkhtml2 package disappear?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/06/2011 09:41 AM, Michael Schwendt wrote: > On Tue, 06 Sep 2011 09:34:32 -0400, DJW (Daniel) wrote: > >> policycoreutils has broken dependencies in the rawhide tree: On >> x86_64: policycoreutils-gui-2.1.5-2.fc17.x86_64 requires >> gtkhtml2 On i

Re: Did gtkhtml2 package disappear?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/06/2011 01:49 PM, Michael Schwendt wrote: > On Tue, 06 Sep 2011 13:00:21 -0400, DJW (Daniel) wrote: > >> I guess what I really need is gnome-python2-gtkhtml2, has this >> been replaced? > > What I could find is a request to drop it (it's a > g

Re: FYI, rawhide makes /usr/bin/install (matchpathcon) segfault

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2011 04:01 AM, Jim Meyering wrote: > I was getting ready to release coreutils-8.13, after two > pre-release snapshots, > > http://thread.gmane.org/gmane.comp.gnu.coreutils.general/1554 > http://thread.gmane.org/gmane.comp.gnu.coreutils.gener

Re: Did gtkhtml2 package disappear?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/07/2011 03:27 PM, Adam Williamson wrote: > On Tue, 2011-09-06 at 15:34 -0400, Daniel J Walsh wrote: >> On 09/06/2011 01:49 PM, Michael Schwendt wrote: >>> On Tue, 06 Sep 2011 13:00:21 -0400, DJW (Daniel) wrote: >>>

Re: selinux versus chcon

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2011 04:01 PM, Fulko Hew wrote: > On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris > wrote: >> On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote: >> >>> If so... why use chcon versus the semanage/restorecon >>> technique? or if my assesement is

Re: selinux versus chcon

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/19/2011 04:01 PM, Fulko Hew wrote: > On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris > wrote: >> On Mon, 2011-09-19 at 14:49 -0400, Fulko Hew wrote: >> >>> If so... why use chcon versus the semanage/restorecon >>> technique? or if my assesement is

Re: slow speed of selinux commands

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/12/2011 09:00 AM, Fulko Hew wrote: > > > On Mon, Sep 19, 2011 at 4:01 PM, Fulko Hew > wrote: >> On Mon, Sep 19, 2011 at 3:32 PM, Eric Paris > wrote: >>> On Mon, 2011-09-19 at 14:49 -0400,

Re: UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 10/25/2011 03:21 PM, Adam Williamson wrote: > On Tue, 2011-10-25 at 20:39 +0200, Michał Piotrowski wrote: >> 2011/10/25 Richard W.M. Jones : >>> On Tue, Oct 25, 2011 at 08:33:28PM +0200, Michał Piotrowski >>> wrote: 2011/10/25 Chris Adams : >>>

Re: UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 If people do start to randomly move executables around to locations like /usr/lib/PACKAGENAME/PACKAGED or from /sbin to /usr/bin Make sure the SELinux team knows. As a matter of fact, any time you move the location of a network daemon check to make

Re: F16 - random shutdown delays - systemd related ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/04/2011 02:34 AM, JB wrote: > JB gmail.com> writes: > >> >> Michal Schmidt redhat.com> writes: >> >>> ... Show us the shutdown-log.txt. >> ... >> >> Here you go: >> >> http://pastebin.com/EHTiuiR8 >> >> JB >> > > This is related to seli

Re: What's this /run directory doing on my system and where does it come from?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/30/2011 04:59 PM, Chris Adams wrote: > Once upon a time, Michał Piotrowski said: >> First, people are wondering if this change is compatible with some >> obsolete specification, next people are wondering if this change is >> compatible with dist

Re: heads up: new rawhide kernel doesn't boot for me

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/07/2011 07:46 AM, Jim Meyering wrote: > I updated my rawhide VM today (on F15 host), but it failed to reboot > using the new kernel, vmlinuz-2.6.39-0.rc1.git5.0.fc16.x86_64 > I got a failure (VFS diagnostic complaining that the UUID-specified > r

Re: xorg-x11 gone squiffy in rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/21/2011 11:50 AM, darrell pfeifer wrote: > I'm running 1.10.0-5.fc16 (There were two 1.10.99 newer versions) > > darrell > > On Thu, Apr 21, 2011 at 08:48, Paul Johnson > wrote: > > Hi, > > On 21 A

Re: Fedora PPC status & work in progress :)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/28/2011 10:26 AM, Peter Lemenkov wrote: > 2011/4/28 Wolfgang Denk : >> Dear David Woodhouse, >> >> In message <1303997568.2912.117.ca...@macbook.infradead.org> you wrote: >>> >>> There's no real reason you shouldn't be able to update to the F15 >

Re: systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/29/2011 11:07 AM, Stephen Smalley wrote: > On Fri, 2011-04-29 at 00:37 +0200, Michał Piotrowski wrote: >> Hi, >> >> I think it's a very good decision - I never understood why selinux dir >> is directly under /. > > I guess I missed some discussi

Re: systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/29/2011 06:56 PM, Lennart Poettering wrote: > On Fri, 29.04.11 00:37, Michał Piotrowski (mkkp...@gmail.com) wrote: > >> Hi, >> >> I think it's a very good decision - I never understood why selinux dir >> is directly under /. > > Yes, I think th

Re: [systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/29/2011 07:54 PM, Lennart Poettering wrote: > On Fri, 29.04.11 16:34, Greg KH (g...@kroah.com) wrote: > I think it's a very good decision - I never understood why selinux dir is directly under /. >>> >>> Yes, I think this would be a go

Re: execve()ing non-existent command returns EPERM instead of ENOENT in Koji

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/26/2011 06:57 AM, Kevin Kofler wrote: > Petr Pisar wrote: >> A test executes non-existent command and expects ENOENT. This is how it >> works even in my local Rawhide. However Koji glibc returns [EACCESS]. > > I guess the difference is due to SE

Re: What to do if a package needs a modified SELinux policy?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/30/2011 04:52 AM, Kurt Seifried wrote: > I'm experimenting with a package that needs to have rsyslog write to a > named fifo pipe (so log data can be handed off from rsyslog to an > external program). As I see it the options are: > > 1) apologiz

Re: selinux alert from gccgo

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/09/2011 09:19 AM, Neal Becker wrote: > I just compiled 'hello world.go' with gccgo on F15 and got selinux alert > about > mmap_zero when executable was run. > THen I would open a big bug with gccgo and tell them to fix their code. mmap_zero i

Re: Are 3.0 kernels working for anyone?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/11/2011 03:11 PM, Lucas wrote: > On 06/11/2011 11:00 PM, Andre Robatino wrote: >> Lucas gmail.com> writes: >> >>> I use systemd-28-3.fc16.i686 and updated it when it became available, >>> but still have real problems >>> with boot. >>> If it st

Re: system can't finish boot with systemd-28-4.fc16 and kernel-3.0-0.rc2.git0.2.fc16

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/14/2011 06:37 AM, Lucas wrote: > On 06/14/2011 02:10 PM, Frank Murphy wrote: >> On 14/06/11 11:02, Lucas wrote: >> >>> The only possible way to boot is to add "selinux=0". >>> Especially for Daniel J W

Re: systemd: please stop trying to take over the world :)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/14/2011 04:00 AM, Lennart Poettering wrote: > On Mon, 13.06.11 18:18, Denys Vlasenko (dvlas...@redhat.com) wrote: > >> >> On Sat, 2011-06-11 at 10:17 +0200, drago01 wrote: >>> On Fri, Jun 10, 2011 at 3:07 PM, Denys Vlasenko wrote: Hi Lenna

Re: system can't finish boot with systemd-28-4.fc16 and kernel-3.0-0.rc2.git0.2.fc16

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/14/2011 04:42 PM, Jerry James wrote: > On Tue, Jun 14, 2011 at 1:16 PM, Jerry James wrote: >> I'm having the same problem with an i686 Rawhide virtual machine >> (using KVM, on a Fedora 15 x86_64 host). The last few lines I see >> before the ha

Re: systemd: please stop trying to take over the world :)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/15/2011 11:03 AM, Miloslav Trma? wrote: > On Wed, Jun 15, 2011 at 4:44 PM, Stephen Smalley wrote: >> Ways to improve the situation for systemd would include: >> - Only load a subset of file_contexts entries, similar to udev. >> - Only load the f

Re: /dev/pts/ptmx SELinux label

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/17/2011 12:42 PM, Jerry James wrote: > While trying to debug the Rawhide boot lockup on my i686 virtual > machine that has been discussed here recently, I've had to do a number > of SELinux relabels. Every single time, I see this one: > > reset

Re: Rawhide: selinux: "Unable to get valid context for "

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/19/2011 12:59 PM, Richard W.M. Jones wrote: > On Sun, Jun 19, 2011 at 06:42:34PM +0200, Jim Meyering wrote: >> Richard W.M. Jones wrote: >>> Anyone seeing this error? Unless I boot with enforcing=0, I see >>> this error when I try to log in as a

Re: Trusted Boot in Fedora

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/22/2011 04:57 PM, Camilo Mesias wrote: > I'm curious to know the use case(s) for this technology. > > Does it enable certain types of behaviour that aren't possible currently? > > Would it enable a system running Fedora to interact with other s

Re: [INFO] New benchmark on SELINUX and Fedora 15 from Phoronix

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/23/2011 08:58 AM, Pádraig Brady wrote: > On 23/06/11 12:28, Lennart Poettering wrote: >> On Thu, 23.06.11 12:58, yersinia (yersinia.spi...@gmail.com) wrote: >> >>> Greetings >>> >>> Perhaps it is of interest to this list that Phonorix has produce

Re: [HEADS-UP] replacing report with libreport

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 06/29/2011 05:50 AM, Jiri Moskovcak wrote: > Hi! > I'm going to replace the report library with the new libreport. Today I > plan to replace it in rawhide and if it goes smoothly I'd like to > replace it in F15 as well. > Hasn't this already reac

Re: selinux-policy-targeted update failure

On 03/07/2010 09:48 AM, Neal Becker wrote: > Updating : selinux-policy-targeted-3.6.32-92.fc12.noarch > 64/215 > libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: > type/attribute entropyd_var_ru\ > n_t (No such file or directory). > libsemanage.semanage_link_sand

Re: selinux-policy-targeted update failure

On 03/08/2010 06:28 AM, Rakesh Pandit wrote: > On 7 March 2010 20:18, Neal Becker wrote: > >> Updating : selinux-policy-targeted-3.6.32-92.fc12.noarch >> 64/215 >> libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: >> type/attribute entropyd_var_ru\ >> n_t (No

Re: selinux-policy-targeted update failure

On 03/08/2010 02:47 PM, Adam Williamson wrote: > On Sun, 2010-03-07 at 09:48 -0500, Neal Becker wrote: > >> Updating : selinux-policy-targeted-3.6.32-92.fc12.noarch >> 64/215 >> libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: >> type/attribute entropyd_var_ru\

Re: Akonadi's unix sockets location

On 03/16/2010 11:17 AM, Colin Walters wrote: > On Tue, Mar 16, 2010 at 10:54 AM, Matthias Clasen wrote: > >> Any reason this cannot be an abstract socket ? Of course, then you have >> to check peer creds and figure out a way to communicate the socket name, >> but at least you don't have to wor

Re: Akonadi's unix sockets location

On 03/16/2010 12:29 PM, Colin Walters wrote: > On Tue, Mar 16, 2010 at 12:16 PM, Daniel J Walsh wrote: > >> PLEASE do not use /tmp for communications. Use /var/run if the service is >> running as root, or can create a socket in /var/run. >> > In this cas

Re: Akonadi's unix sockets location

On 03/21/2010 10:44 AM, Jonathan Underwood wrote: > On 19 March 2010 23:52, Lennart Poettering wrote: > >> That is a security hole. Since /tmp knows no further access control an >> evil user can just create dirs there for each and every single user on >> the system. Those directories will then

Re: syslog-ng

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/08/2010 10:02 AM, Peter Czanik wrote: > Hello, > > I'm helping to upgrade syslog-ng to current version in major Linux > distributions. I would like to ask, if you could update syslog-ng to > version 3.1. I'm working on the openSUSE version of sy

Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 It seems to be a weekly occurrence of a new CVE for some app that uses /tmp insecurely. I have been on a crusade for years to stop privileged services from using /tmp and /var/tmp. These services can be potentially be interfered by unprivileged users

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2011 03:38 PM, Matej Cepl wrote: > Dne 7.11.2011 20:50, Daniel J Walsh napsal(a): >> systemd as of Fedora 16 has the ability to run system services >> with private /tmp and /var/tmp. I would like to propose that we >>

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2011 03:44 PM, Chris Adams wrote: > Once upon a time, Daniel J Walsh said: >> I know I just opened a couple of other features on Fedora 17. I >> just wanted to open discussion on this about what would be the >>

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2011 04:08 PM, Simo Sorce wrote: > On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote: >> -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >> >> On 11/07/2011 03:38 PM, Matej Cepl wrote: >>> Dne 7.11.2011

Re: F17 heads up: gnome-shell for everyone!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2011 10:48 PM, Kevin Kofler wrote: > Adam Williamson wrote: >> It seems like a similar bug has come up before in clamav: >> >> https://bugzilla.redhat.com/show_bug.cgi?id=573191 > > This issue affects many JITs. The WebKit JIT is affected to

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/07/2011 08:48 PM, Lennart Poettering wrote: > On Mon, 07.11.11 19:15, Chris Adams (cmad...@hiwaay.net) wrote: > >> Once upon a time, Lennart Poettering >> said: >>> Yes, since they are created as subdirectories of the real / >>> with mkdtemp()

Re: F17 heads up: gnome-shell for everyone!

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/08/2011 01:11 AM, Adam Williamson wrote: > On Tue, 2011-11-08 at 04:48 +0100, Kevin Kofler wrote: >> Adam Williamson wrote: >>> It seems like a similar bug has come up before in clamav: >>> >>> https://bugzilla.redhat.com/show_bug.cgi?id=573191

Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/08/2011 02:35 AM, Matej Cepl wrote: > Dne 7.11.2011 22:12, Matthew Garrett napsal(a): >> Having some public discussion of a potentially contentious >> feature is a great way to help fesco make decisions. I'm >> personally in favour of that happen

I am running a rather locked down environment

I do not allow services to run on my desktop to listen on networks, using SELinux user staff_t in rawhide. A couple of weeks ago I noticed this AVC message. time->Wed Nov 9 22:29:26 2011 type=SYSCALL msg=audit(1320895766.065:125): arch=c03e syscall=50 success=no exit=-13 a0=7 a1=1 a2=a a3

Re: F17 heads up: X server git snapshots

On 11/11/2011 02:42 AM, Adam Williamson wrote: > On Fri, 2011-11-11 at 15:01 +1000, Peter Hutterer wrote: > >>> So I put through a new xorg-x11-drv-evdev build which bumped it again to >>> catch the fix from upstream. If you wind up with: >>> >>> xorg-x11-drv-evdev-2.6.99-2.2009git745fca03a.fc1

Re: PolicyKit not working in Rawhide?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 11/11/2011 04:48 PM, Adam Williamson wrote: > On Thu, 2011-11-10 at 23:48 -0800, Adam Williamson wrote: >> On Fri, 2011-11-11 at 08:25 +0100, Michael Schwendt wrote: >>> On Thu, 10 Nov 2011 18:22:55 -0800, AW (Adam) wrote: >>> Anyone else noti

On F16 and F17 I am seeing lots of apps requiring access to /sys/devices/system/cpu/online

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone know what library is causing this? type=AVC msg=audit(1322851411.945:2185): avc: denied { read } for pid=1499 comm="dbus-daemon" name="online" dev=sysfs ino=34 scontext=staff_u:staff_r:staff_dbusd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:s

Re: Starting mysql

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 12/12/2011 01:15 AM, Tom Lane wrote: > "Paul F. Johnson" writes: >> /var/log/mysqld.log shows this > >> 111211 20:48:32 [ERROR] /usr/libexec/mysqld: Can't find file: >> './mysql/proxies_priv.frm' (errno: 13) 111211 20:48:32 [ERROR] >> Fatal error

Re: FYI: new rawhide boot failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 06:59 AM, Frank Murphy wrote: > On 13/01/12 11:46, Jim Meyering wrote: >> Just a heads up. > > Ran into it yesterday: > https://lists.fedoraproject.org/pipermail/test/2012-January/105084.html > > Thought it was systemd update from day

Re: FYI: new rawhide boot failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 11:42 AM, Daniel J Walsh wrote: > On 01/13/2012 06:59 AM, Frank Murphy wrote: >> On 13/01/12 11:46, Jim Meyering wrote: >>> Just a heads up. > >> Ran into it yesterday: >> https://lists.fedoraprojec

Re: FYI: new rawhide boot failure

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/13/2012 01:17 PM, Jim Meyering wrote: > Daniel J Walsh wrote: >> On 01/13/2012 11:42 AM, Daniel J Walsh wrote: >>> On 01/13/2012 06:59 AM, Frank Murphy wrote: >>>> On 13/01/12 11:46, Jim Meyering wrote: >>>

Re: Testing needed (mongodb)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/17/2012 02:12 PM, Jon VanAlten wrote: > > > - Original Message - >> From: "Nathaniel McCallum" To: >> "Development discussions related to Fedora" >> Sent: Tuesday, January 17, 2012 >> 1:24:25 PM Subject: Testing needed (mongodb) >> >

Re: Testing needed (mongodb)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/17/2012 03:48 PM, Nathaniel McCallum wrote: > Daniel, can you point me to some docs on how to do this? > > If you want to allow it for now you could build a custom policy # grep mongod /var/log/audit/audit.log | audit2allow -M mongod # semodu

Re: Package categorization and distribution construction

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/19/2012 08:54 AM, Bill Nottingham wrote: > Peter Robinson (pbrobin...@gmail.com) said: >> Great idea, I would also love to see a clear out of the packages >> that aren't core/part of particular categories. MTAs in minimal >> would be one that com

Re: Fedora 17’s unified filesystem (/usr-move)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/27/2012 08:10 AM, Harald Hoyer wrote: > Hello Testers and rawhide Users, > > Fedora 17 will locate the entire base operating system in /usr. The > directories /bin, /sbin, /lib, /lib64 will only be symlinks: /bin → > /usr/bin /sbin → /usr/sbin /

Re: Rawhide build failure (Requires: /usr/sbin/ldconfig)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/27/2012 04:13 PM, Rex Dieter wrote: > Roland Grunberg wrote: > >> I noticed that libselinux was just updated to have ldconfig in >> /usr/sbin/ as per : >> https://fedoraproject.org/wiki/Features/UsrMove. >> >> It seems glibc hasn't yet been up

Re: Rawhide build failure (Requires: /usr/sbin/ldconfig)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/27/2012 09:16 PM, Adam Williamson wrote: > On Fri, 2012-01-27 at 16:36 -0500, Daniel J Walsh wrote: >> On 01/27/2012 04:13 PM, Rex Dieter wrote: >>> Roland Grunberg wrote: >>> >>>> I noticed that libse

Re: Fedora 17’s unified filesystem (/usr-move)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/29/2012 05:33 PM, Michel Alexandre Salim wrote: > On 01/27/2012 04:08 PM, Daniel J Walsh wrote: >> On 01/27/2012 08:10 AM, Harald Hoyer wrote: >>> The packages, which are about to land in rawhide, are at this >>> mo

Re: Fedora 17’s unified filesystem (/usr-move)

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/30/2012 09:34 AM, Frank Murphy wrote: > On 30/01/12 14:28, Daniel J Walsh wrote: >>> >> Yes grep autorelabel /usr/lib/dracut/modules.d/30usrmove/* >> /usr/lib/dracut/modules.d/30usrmove/usrmove-convert.sh:echo &

Re: SELinux-related Rawhide breakage today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 01/31/2012 12:07 PM, Jerry James wrote: > After installing today's Rawhide updates on an x86_64 VM, I > started having troubles running programs. Nothing linked with > libselinux.so.1 could actually open that library; the programs were > getting EA

Re: SELinux-related Rawhide breakage today

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/01/2012 12:49 PM, Kevin Kofler wrote: > Daniel J Walsh wrote: >> Yes we have shipped a policy that requires the usrmove >> functionality. > > How many times do we have to tell you that you MUST build usrmove > stuff

Re: F17 Slowness

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/16/2012 12:18 PM, Adam Williamson wrote: > On Thu, 2012-02-16 at 10:44 -0600, Mike Chambers wrote: >> Just seeing if it's just me, or we back to being slow again >> during testing with the debug options and the kernel? Am on a >> F16 kernel and

Re: /usrmove? -> about the future

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/16/2012 09:59 AM, John5342 wrote: > On Thu, Feb 16, 2012 at 03:34, Stephen John Smoogen > wrote: >> A bad autocomplete can cause you to sit 3-4 minutes as DNS or >> other things time out. > > Ctrl+C will cancel the command and the completion wi

Re: Headsup! krb5 ccache defaults are changing in Rawhide

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 02/24/2012 08:44 AM, David Quigley wrote: > On 02/24/2012 00:22, Simo Sorce wrote: >> On Thu, 2012-02-23 at 20:41 -0500, David Quigley wrote: >>> On 02/23/2012 14:28, Stephen Gallagher wrote: Dear fellow developers, with the upcoming

  1   2   3   4   >