In article [EMAIL PROTECTED] you wrote:
91 processes, only 1 running (think top)
1 Running Process - Load 1.0... no?
Gruss
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the FAQ at
In article [EMAIL PROTECTED] you wrote:
My problem is that if data is NOT available when select()
starts, but becomes available immediately afterwards, select()
doesn't wake up immediately, but sleeps for 1/100 second.
It does not sleep for a 1/100second, it will but the process in the run
Hello,
the following patch against 2.4.0 will allow the kernel to write a message
to the kernel log in case files are open for write or delete on a partition
which should be remounted.
I run my System with Read-Only /usr File System and this works fairly well.
I have a script to remount the
In article [EMAIL PROTECTED] you wrote:
There have been assorted reports of filesystem corruption on raid5 in
2.4.0, and I have finally got a patch - see below.
I don't know if it addresses everybody's problems, but it fixed a very
really problem that is very reproducable.
Do you know if it
Hello,
for Short: I had a mail exchange with Vic Abell, the lsof Author, and in the
next Version of lsof the open shared libs will be detected. So my Kernel
Patch is no longer needed:
# ~root/rw
# rm /usr/lib/jabber/jsm/libjsm.so
# ~root/ro
mount: /usr busy
# lsof_4.55A.linux/lsof -a +L1 /usr
In article [EMAIL PROTECTED] you wrote:
Now for the long version of the problem. I am using the TurboLinux
ClusterServer 6.0 product. This product uses what they refer to as
an advanced traffic manager that has the ip address of the web site
aliased to eth0. Thus this machine arps for the
In article [EMAIL PROTECTED] you wrote:
The snippet you posted doesn't describe what ClusterThingy exactly wants
to do with ARPs.
Andi, it is simple. There are 3 machines on one net with the same IP Address.
Two of them run a web server and one of them a packet redirector. The packet
In article [EMAIL PROTECTED] you wrote:
So in the setup I have, we have an ATM which gets all incoming requests
for the web site. And then we have 7 other machines that get the
requests passed onto them by the ATM.
You can hardwire the ARP entry of your redirector to your Router. In that
In article [EMAIL PROTECTED] you wrote:
The problem is complex and can't be solved with ifconfig -arp
why?
The needs for clusters with shared addresses include:
1. block ARP replies for such addresses
-arp will do that
2. don't announce these addresses in the ARP probes (can
can someone explain what is nagle or pinpoint explanation :)
nagel's algorithm is used to "wait" with sending of small packets until more
data is available, because sending biger packets has less overhead.
greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe
In article [EMAIL PROTECTED] you wrote:
-arp will do that
Not in Linux 2.2+, all addresses are replied. -arp only
means "don't talk ARP", in our case we talk through eth0, so we don't
want to stop it, right?
why not? if you hard wire the MAC Address of your web servers to all other
On Thu, Jan 25, 2001 at 01:02:32PM +0200, Julian Anastasov wrote:
Hey, the world is not only Linux. Sometimes the people build
clusters using different hardware and software. If your solution works
for your setup we can't claim it is universal.
It is a Linux News Group after all. So
In article [EMAIL PROTECTED] you wrote:
Just curious if others have noticed that hotmail is unable to deal with
ECN and wondering if this is a standard that should be encouraged, as in
should I tell hotmail that perhaps they should look into supporting it, or
should I not waste my breath and
In article [EMAIL PROTECTED] you wrote:
I've done a quick inspection of pre7 patch set and noticed about the
same thing. Is this an oversight, did someone intentionally turn off
core dumping until some other widget is incorporated into the patches,
or none of the above (a conspiracy, maybe?
In article [EMAIL PROTECTED] you wrote:
RFC793, where is lists the unused flag bits as "reserved".
That is pretty clear to me. It just has to say that
they are reserved, and that is what it does.
Actually I read somehwre "must be 0", but I am afraid dont know where anymore.
anyway, it does
In article [EMAIL PROTECTED] you wrote:
Think of yourself as a firewall author now. You come across this, and
go, "these bits aren't used now; this means noone should be setting
them. I have no guarantee that anything in the future isn't going to use
these bits for something that isn't
In article [EMAIL PROTECTED] you wrote:
On Tue, Jan 30, 2001 at 02:17:57PM -0800, David S. Miller wrote:
8.5MB/sec sounds like half-duplex 100baseT.
No; I'm 100% its FD; HD gives 40k/sec TCP because of collisions and
such like.
Positive you are running at full duplex all the way
Hello,
if I run mkreiserfs on a 32megablocks /dev/loop0 it will lock up while
generating the journaling information. Sometimes at 20% sometimes at 60%.
Since mkreiserfs is not using the kernel module i guess this is a loop
device problem in 2.4.1 kernels.
There is no dmesg message at the
On Wed, Jan 31, 2001 at 11:15:56PM +, James Sutherland wrote:
dd if=/dev/zero of=/var/loop.img count=32768 size=4096
That just creates a 128Mb file of zeros... This sounds a bit small. Why
"size=4096"??
because i am too tired to calculate. mkreiserfs wants 32768 (32*1024) blocks
with a
In article [EMAIL PROTECTED] you wrote:
However, if I go to /proc/sys/kernel/sysrq does not exist.
It is a compile time option, so the person who compiled your kernel left it
out.
vm.freepages = 383 766 1149
tat feature is removed in recent VM Systems.
Greetings
Bernd
-
To unsubscribe from
In article [EMAIL PROTECTED] you wrote:
(1) An in-kernel resident lump, providing very basic services:
* file-change notification
this is interesting for other stuff too, i think irix has an interface for
that, i think its an ioctl?
* unicode string handling/conversion
In article [EMAIL PROTECTED] you wrote:
How about taking a decaying average (loadavg style) of the peak allocation-free
why? I think it is not a bad thing if you have some kind of setting like
"irq heavy system" - "applicaion heavy system" even in NT you hve this
slider. The current problem
In article [EMAIL PROTECTED] you wrote:
On a side note, does it/will it be implemented in the future?
it was implemented and it is phased out. It is only present to be
compatible. One would do that with user space arp daemons or auto_arp.
Greetings
Bernd
-
To unsubscribe from this list: send
In article [EMAIL PROTECTED] you wrote:
Is there an ETA on having ip6 in ip4 tunnelling working with the latest
net-utils??
what is the problem? Do u have a bug or do u mean general IPv6 Support?
There are a lot of unoficial IPv6 Packages, Debian has a good Collection,
and we are trying to get
On Sat, Oct 07, 2000 at 11:07:18PM -0700, Gerhard Mack wrote:
[root@innerfire /root]# ifconfig sit0 tunnel ::206.123.31.102
SIOCSIFDSTADDR: No buffer space available
what are you trying to do with this command? In case you want to set the
IPv4 Endpoint of the Tunnel you should set the IPv4
On Mon, Oct 09, 2000 at 11:44:34AM +0200, Jorg de Jong wrote:
your just a bit off here, I believe Gerhard has posted this bug
a number of times, further more I have submitted a fix for this
bug, but has still not been accepted. Neither has there been any feedback
on why ?
the address for
Hello,
with 2.4.0-test10-pre2 (possibly long before that version) i still can bring
the system to a halt while "tail /dev/zero" is running. I don't complain
that you can make a DOS by a trshing system, cause I can use ulimit to
actually avoid that.
But if i use the tail /dev/zero with nice as a
the oom_kill will output a kernel message without missing \n:
--- mm/oom_kill.c.org Sun Oct 15 06:18:24 2000
+++ mm/oom_kill.c Sun Oct 15 06:18:45 2000
@@ -156,7 +156,7 @@
if (p == NULL)
panic("Out of memory and no killable processes...\n");
-
On Sat, Oct 21, 2000 at 12:22:00PM -0200, Rik van Riel wrote:
as the proccess is killed. But still i wonder why the swap out
is such unfair to the rest of the system, especially to a
process which is not actually allocating memory at all.
Look again ... "tail /dev/zero" allocates
In article [EMAIL PROTECTED] you wrote:
I know it does thats why i have run that tool- The question is still, why
gets my system unusable in the same second my systems starts to page out?
To follow up on myself: the question was why are programs which do not
allocate memory be delayed while
In article [EMAIL PROTECTED] you wrote:
A few years ago, there was an intense debate around the question of
cooperative vs. preemptive multitasking operating system design. Today,
however, cooperative multitasking is a thing of the past, and it is virtual=
ly
undisputed that the preemptive
On Mon, Oct 23, 2000 at 02:21:11PM -0200, Rik van Riel wrote:
1) some process allocates gobs of memory
2) the kernel swaps out memory from all processes
3) some of the other - partly swapped out - processes
wake up and need to be swapped in
4) these other processes have to ALLOCATE MEMORY
In article 000b01c03bef$17e43c30$0200a8c0@W2K you wrote:
PS this is my first post to lkml so please keep that in mind...
PPS ... so, was I right?
yes welcome, thanks for reminding me of that. And i think exactly that point
could be a bit optimized.
Greetings
Bernd
-
To unsubscribe from this
In article 87861.983061717@tiny you wrote:
Exactly. The tail conversion code depends heavily on the page up to date
bit being set right. It is more than possible that I've screwed up
something there, and the code thinks a page is valid when it really isn't.
I have seen null byte
In article 20010225060326.K127@pervalidus you wrote:
hda: dma_intr: status=0x51 { DriveReady SeekComplete Error }
hda: dma_intr: error=0x84 { DriveStatusError BadCRC }
I think I saw that with broken Drives, too.
Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe
In article F1457AD86AB6D311A6F200105AD9FB0219E251@EPCNETIN you wrote:
What are the biggest problems? (i know that many userland-tools must be
changed for this).
AFAIK there is no Support in User Land Programs required. You just have
additional tools for managing the ACLs . The main problem
In article [EMAIL PROTECTED] you wrote:
Alert on LAN makes the system up from power management type sleep when
there are packets to be processed. Why you would ever have sleep mode on
a server is beyond me.
Most professional UPS with Network Management Cards can go a sever to sleep
mode if
In article [EMAIL PROTECTED] you wrote:
Yesterday I discovered that the load I can throw out to network seems to
depend on other activities running on machine. I was able to get
throughput of 33M/s with ATM when machine was idle, while I compiled
kernel at same time, the throughput was
In article [EMAIL PROTECTED] you wrote:
Aha.. so that's it. I've never been able to get /linuxrc to execute
automagically. I wonder why /linuxrc executes on Art's system, but
not on mine. I can call it whatever I want and it doesn't run unless
I explicitly start it with init=whatever.
In article [EMAIL PROTECTED] you wrote:
This is mostly a heads-up to say that in this regard gcc is not ready
for prime time, so we really can't get away with using if() as an ifdef
yet, at least not without penalty.
Humm.. whats the Advantage of this?
Greetings
Bernd
-
To unsubscribe from
In article [EMAIL PROTECTED] you wrote:
If you mean preferring 'if ()' over 'ifdef'... Linus. :) And I agree
with him: code looks -much- more clean without ifdefs. And the
compiler should be smart enough to completely eliminate code inside an
'if (0)' code block.
Oh I see. Well...
In article [EMAIL PROTECTED] you wrote:
This email is here to announce the availability of a port of ORBit (the
GNOME ORB) to the Linux kernel.
OMG you guys are so cool :)
Hey, this is real craftsmanship (not sure if it useful :)
Does this revamp the Micro Kernel Discussin? ONLY KIDDING :)
In article [EMAIL PROTECTED] you wrote:
Why would you *ever* want to write a device driver in perl???
Actually there is kind of device driver in perl, and besides it's
performance I think it proofed that a High-Level Language can do good for
rapid prototyping.
http://www.inter-mezzo.org - a
In article [EMAIL PROTECTED] you wrote:
A potential weakness. The entropy estimator can be manipulated by
feeding data which looks random to the estimator, but which is in fact
not random at all.
That's why feeding randomness is a priveledgedoperation.
Greetings
Bernd
-
To unsubscribe from
In article [EMAIL PROTECTED] you wrote:
Even if you were able to predict all entropy sources, to predict the generated
random numbers you would need to invert the cryptographic hash used there.
If you can predict ALL input in the pool, including the initial boot state
you can just rerun the
In article [EMAIL PROTECTED] you wrote:
Hello Linux World,
Is there a way to add a generic and transparent presenation layer in the
path of TCP/IP packets. I am speaking about something probably in the
path between the user space mechanims (send/recv/read/write) and the
actual
In article [EMAIL PROTECTED] you wrote:
Hi. Is there a way to support vpn in the 2.4.0 kernels like we had
with the patch for the 2.2.x kernels?
What kind of VPN, there are all kinds of User mode solutions, some for
kernel modules. Are you talking about IPSec?
Greetings
Bernd
-
To
In article [EMAIL PROTECTED] you wrote:
Well, consider the scenario of an application which opens a control connection
and a data connection, and the data connection remains idle for some hours
while you get to the beginning of the queue, and then the transfer starts. The
data connection is
In article [EMAIL PROTECTED] you wrote:
What may be calling this? Any advice where to go ferreting?
Somebody may try to open the device file.
Greetings
Bernd
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
Please read the
In article [EMAIL PROTECTED] you wrote:
Also thing about cases where powerplant fails, or when electricity in
the house fails. I've seen places where electricity failed 5 times a
day, because someone put 10A fuse and we were using just about 2kW...
Especially evil is a power failure, and then
In article [EMAIL PROTECTED] you
wrote:
I simultaneously run "top d1" and two of the test computations. All is
well (top updates smoothly) until physical RAM is exhausted. However, as
soon as swap is touched, then top freezes and does not update. In this
state, I can switch virtual
In article [EMAIL PROTECTED] you wrote:
I'm still not sure why it's been decided not to do fallback or how this
whole situation is any different from path MTU discovery.
Because this will add a Fallback (non ECN) packet to every denied target. I
think this is bad policy at least. It might
In article [EMAIL PROTECTED] you wrote:
The cobalt machines have now had a kernel upgrade (only to 2.2.14, thats
the most recent that Cobalt provide...), and the problem has
disappeared.
Should we ignore "timestamp 0" if there are systems out there which will
break on that. Or is timestamp 0
In article [EMAIL PROTECTED] you wrote:
But also scalability: 2TB is a problem for me in some cases, 32bit just don't
cut it all the time - but I need to circumvent the storage problem even on a
32bit system. And adding disks to the system while running is desireable.
Why do you run 32bit
In article [EMAIL PROTECTED] you wrote:
Sorry, ignoring some values of timestamp is simply impossible.
It is PAWS. One packet is more than enough to kill you. 8)
Hmm... Isnt this only important for the first SYN with a Zero Timestamp
which is not very critical for PAWS?
Greetings
Bernd
-
To
In article [EMAIL PROTECTED] you wrote:
Timestamp is not a random number, so that probability of PAWS failure
does not depend on restricting it at all. The only thing which can help
to reduce probability is dropping all tpacket with ts_val==0
or shutting down your machine while time of your
In article [EMAIL PROTECTED] you wrote:
So FS_create() starts out by allocating the backing store for the
semaphore. This can basically be done in user space, although the
kernel does need to get involved for the second part of it, which
is to (a) allocate a kernel "backing store"
In article [EMAIL PROTECTED] you wrote:
47.129.82.116 * * MPeth0
the asteriks simply show you, that the new linuix kernel will not be able to
remeber any mac address for a proxy arp entry. It will always respond with the
device' own MAC address. Can't
In article [EMAIL PROTECTED] you wrote:
How can I access more than 16 harddisks?
Create the Device File with:
cd /dev ; MAKEDEV sdq
-or-
cd /dev ; mknod sdq b 65 0
mknod sdq1 b 65 1
...
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
In article [EMAIL PROTECTED] you wrote:
We seem to have come full circle. My original question was about
providing a better way for sockets applications to take advantage of
SAN hardware. W2K Datacenter introduces Winsock Direct, which will
bypass the protocol stack when appropriate. The
In article 01e701c09a2a$21e789a0$bba6b3d0@Toshiba you wrote:
I see . The biggest negative point of running kernel from ROM is that ROM
speed is slow :(
Well, normally you use the ROM only as a "boot device". You copy the Kernel
into RAM and run it. Ram is not more expensive than ROM :)
What
In article [EMAIL PROTECTED] you wrote:
Feb 18 23:05:50 rhino kernel: ip_conntrack: maximum limit of 8184 entries exceed
ed
while running nessus, with 100 simultaneous connections set, against a
company machine. This is the first time I've observed this error.
It is not an error, you just
In article 01022100361408.18944@gimli you wrote:
But actually, rm is not problem, it's open and create. To do a
create you have to make sure the file doesn't already exist, and
without an index you have to scan on average half the directory file.
Unless you use a File System which is better
In article 000201c0c0a4$eb5c7b10$321ea8c0@saturn you wrote:
rename("/usr/hybrid/cfg/data","/usr/mytemp/data1"); /*for process 1*/
rename("/usr/mytemp/data1","/usr/test");/* for process 2*/
Rename syscall is expected to be atomic on unixoid systems. And I dont know of
a case where a problem
In article 01041321112600.23961@oscar you wrote:
oscar% sudo mount /tmp/disk /snap -oloop -text2
ioctl: LOOP_SET_FD: Invalid argument
are you sure you have a working loop device? Try to verify it in a non tmpfs
filesystem.
stat64("/dev/loop0", {st_mode=S_IFBLK|0660, st_rdev=makedev(7, 0),
In article [EMAIL PROTECTED] you wrote:
(There is no config file to disable/alter this .. no work-around that I
know of ..)
You can't be serious. Go sit down and think about what's going on.
Well, there are two potential solutions:
a) stop rebuild until fsck is fixed
b) wait with fsck until
In article [EMAIL PROTECTED] you wrote:
Is this a pathological case because of the way fsck does business, or does the RAID
re-sync affect any disk-bound process that severely?
i gues the seeks are the problem. fsck will quite heavyly reposition, so does
the rebuild, most likely on different
In article 01041521302600.15046@tabby you wrote:
a) stop rebuild until fsck is fixed
And let fsck read bad data because the raid doesn't yet recognize the correct
one
a degraded raid will not deliver broken data. and even if it does, one more
reason not to check a degraded raid.
There
In article [EMAIL PROTECTED] you wrote:
The second one is the valid one, but both interfaces seem to answer to the
broadcasted packet with their own ARP addresses.
it is because the kernel does not know if both interfaces are on one subnet,
or not. The easisets thing to solve this is t use the
but why would you want it to reply for the IP of the other interface even if
it was NOT on the same subnet?
Because Linux is always answering to all its local IP addresses, regardless
of the Network interface. Even if you tun off the IP Forwarding.
This is by Designs, there are situation
In article [EMAIL PROTECTED] you wrote:
I meant that the central requirement on the design and implementation of
audio subsystems is an (ideally guaranteed) bounded maximum of
latencies; and that's exactly the major point where I heard that there
are problems with ALSA driver components in
In article [EMAIL PROTECTED] you wrote:
Unfortunatelle Latency is critical for a number of critical applications
like databases or file based transaction systems (mail, news) - mainly the
users of fsync().
Whether you mix audio in userspace or kernel does not impact latency -
you still need
In article [EMAIL PROTECTED] you wrote:
Top (VCPU maybe?)
User
Process
Thread
The problem with that is, that not all Schedulers might work on the User
level. You can think of Batch/Job, Parent, Group, Session or namespace
level. That would be IMHO a generic Top, with no
In article [EMAIL PROTECTED] you wrote:
Perhaps -- until your httpd is compromised via a buffer overflow or
simply misbehaves due to a software or configuration flaw, then the
assumptions being made about its use of pathnames and their security
properties are out the window.
Hu? Even a
In article [EMAIL PROTECTED] you wrote:
Could you explain for the audience the technical definition of fairness
and what sorts of error metrics are commonly used? There seems to be
some disagreement, and you're neutral enough of an observer that your
statement would help.
And while we are at
In article [EMAIL PROTECTED] you wrote:
2) Output of yes --help from the same terminal
Question: what do you expect?
# yes --version
#yes (GNU coreutils) 5.2.1
#Written by David MacKenzie.
#
#Copyright (C) 2004 Free Software Foundation, Inc.
#This is free software; see the source for copying
In article [EMAIL PROTECTED] you wrote:
Otherwise, the client would have to cache _all_ previous READDIR results
since the last opendir()/rewinddir() in order to be able to do its own
loop detection and that will obviously never scale for large directories
or for directories that change
In article [EMAIL PROTECTED] you wrote:
A development process like this is likely to exclude smart people from wanting
to contribute to Linux and folks should be conscious about this issues.
Nobody is excluded, you can always have a next iteration.
Gruss
Bernd
-
To unsubscribe from this list:
In article [EMAIL PROTECTED] you wrote:
Just to clarify, I had about 60 days of uptime, and hence at least
60 days since the last FS check/mount/etc., when Linux crashed those
few days ago, and wanted to start checking disks with 9192 days since
last file system check.
This, however sounds
In article [EMAIL PROTECTED] you wrote:
1. This design stretches the POSIX timers API in strange
ways.
Maybe it is possible to reimplement the POSIX API in usermode using the
kernel's FD implementation? (and drop the posix support from kernel)
Gruss
Bernd
-
To unsubscribe from this list:
In article [EMAIL PROTECTED] you wrote:
it doesn't add value memset with a constant 0 is just as fast
(since the compiler knows it's 0) than any wrapper around it, and the
syntax around it is otherwise the same.
it would however allow easier changing if you need to add a page cleaning
In article [EMAIL PROTECTED] you wrote:
Make kernel configuration option? (e.g. disable over commit
mis-feature :-)
# egrep . /proc/sys/vm/overcommit_*
/proc/sys/vm/overcommit_memory:0
/proc/sys/vm/overcommit_ratio:50
Gruss
Bernd
-
To unsubscribe from this list: send the line unsubscribe
In article [EMAIL PROTECTED] you wrote:
So you can't draw any relationships between Protect the end-user
with Protect the device FROM the end-user, the former can be done
very reliably to whatever level of risk-reduction you need and the
latter can't practically be done at all.
Unless
In article [EMAIL PROTECTED] you wrote:
What's the deal with the underscore and the parentheses surrounding the
call to menu_get_help?
it is a macro from gettext, used to translate the string. Usually this
should only be used on string constants.
Gruss
Bernd
-
To unsubscribe from this list:
In article [EMAIL PROTECTED] you wrote:
I found that O_NOFOLLOW is used for opened core file in Linux 2.6.10.
I think that is for security reasons, otherwise one has to (atomically)
check who is the owner of the symlink and where it points to. If you dont
have hostile users on your system you
In article [EMAIL PROTECTED] you wrote:
a) it may do so for a short and bound time, typically less than the
maximum acceptable latency for other tasks
if you have n threads in runq and each of them can have md (d=max latency
deadline) overhead, you will have to account on d/n slices. This
In article [EMAIL PROTECTED] you wrote:
You can't have it even do a search to see if it already has something similar
without creating an account and logging in. Since I'm out of wall space, and
the missus is bugging me to paint over all that, I left.
Well, thats not a bugzilla problem.
In article [EMAIL PROTECTED] you wrote:
If it is considered useful it shouldn't be a problem to automatically
forward all incoming Bugzilla bugs to linux-kernel.
Yes, most of it to linux-kernel, some components (netdev@, architecture) to
a more specific list.
Gruss
Bernd
-
To unsubscribe from
In article [EMAIL PROTECTED] you wrote:
Ralph wrote:
Watch out for when xargs invokes do_something more than once and the `'
is parsed by a different one than the `'.
It will take a pretty long list to do that. It seems that
GNU xargs on top of a Linux kernel has a 128 KByte ARG_MAX.
In the
In article [EMAIL PROTECTED] you wrote:
(I repeat the xxx in the leaf name - easier to code.)
It is a bit OT, but just a note: there are file systems (hash functions) out
there who dont like a lot of files named the same way. For example NTFS with
the 8.3 short names.
Greetings
Bernd
-
To
In article [EMAIL PROTECTED] you wrote:
The ssh keys are *encrypted* in the swap when dmcrypt is used.
When the swap runs over dmcrypt all writes including those from
swsusp are encrypted.
The problem is that after an resume the running system has access to the
swap, because the key is
In article [EMAIL PROTECTED] you wrote:
The dmcrypt swap can only be unlocked by the user with a passphrase,
which is analogous to how you unlock your ssh private key stored
on the disk using a passphrase.
We talk about the unlocked system getting hacked. However I am not why the
hacker would
In article [EMAIL PROTECTED] you wrote:
maybe one day you would be able to offload your firewall and policy
router too :)
There are quite a few filtering NICs out there.
Greetings
Bernd
-
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to [EMAIL
In article [EMAIL PROTECTED] you wrote:
Why not simply unset the write bit for all three groups of users?
That seems to be enough to prevent file modification.
# touch test
# chmod a-w test
# echo test test
# cat test
test
Because this does not protect against writes from root and it does
In article [EMAIL PROTECTED] you wrote:
Yes. I know, with immutable, even root cannot modify sensitive
files. What I am curious is if an intruder has root access, he may
have many ways to turn off the immutable protection and modify files.
If you secure your system correctly (i.e make
On Sun, Apr 17, 2005 at 07:48:50PM -0400, Xin Zhao wrote:
any kernel level protection, including
SELinux, could be disabled after the kernel is compromised. Am I
missing some points here?
No, Immutable bit is an application of capabilities (or securelevel), you
are right.
If the kernel is
In article [EMAIL PROTECTED] you wrote:
The machine we plan to buy is a HP Proliant Xeon machine and I want to run a
32 bit linux kernel on it (the xeon we want doesn't have the 64-bit stuff
yet)
You cant have 16GB of Memory with 32bit CPUs.
Bernd
-
To unsubscribe from this list: send the
On Fri, Jul 22, 2005 at 01:00:18PM +0200, Stefan Smietanowski wrote:
You cant have 16GB of Memory with 32bit CPUs.
PAE
CONFIG_HIGMEM64G
Supports a 36bit address space, which Xeons do support.
Yes right, I was just not aware recent hardware (still) supports that. I
mean even mit 2MB modules
In article [EMAIL PROTECTED] you wrote:
My RTC clock is set to the local timezone. However, when I boot linux using
the -b option, to stop by a shell before the bootscripts begin, the clock is
exaclty two hours ahead.
The problem is that the clock is correct, but the timezone of your system
In article [EMAIL PROTECTED] you wrote:
Why? Because I'm still using the stupid get all objects thing when I
pull.
one could do a symlink/hardlink parallel tree for a specific snapshot with
GIT tools, and then only poll that with git-unaware copy tools.
I guess this would make sense for the
1 - 100 of 290 matches
Mail list logo