Navigation

You are here: Home MSCD 2007 February

Archive | February, 2007

SELinux Modules

By on February 2, 2007 in Home Page, Linux

Dan Walsh of Red Hat talks about SETroubleshooter that translates the gobbledegook error messages from SELinux and better explain what the issues are. Tool audit2allow generates the SELinux macro language (audit2allow’s been around for a while). audit2allwo -M builds a module and prompts the user the commands needed to incorporate it: a te file for type enforcement, a pp ‘policy package’ that contains the policy and a compiler that generates a .mod file.

Package selinux-policy-devel provides the tools to generate a new policy that can confine an application . Policygentool takes a ModuleNane and an Executable as parameters. Dan used the smart card daemon as an example. He used the tool and generated a basic template, started the service, viewed the logs, added in the policies needed to support the behaviors of the tool and re-generated the module. “Lather, rinse, repeat.”

There’s a package on the FC6 called policycoreutils-gui which I think is called system-configure-selinux (Dan didn’t have it installed) that will let you do much of this without working from the command windows.

Tag: fudconboston2007

Mugshot

By on February 2, 2007 in Home Page, Linux

Bryan Clark shows how Mugshot is linked to digg and and his blog and picasa and flickr and google video and yahoo video and… whew! Live client for Linux and Windows. See what your friends are doing, posting, reading, playing music. Mugshot can be the overarching links of IM, email, digg, del.icio.us and more. With a centralized server, you could open a VM on a foreign machine and have it bring down your web presence environment. Primarily they are working on client. Server is open sourced, but not well documented. They are supporting 5000 users on two boxes and believe they can scale. Sarbannes-Oxley and other regs would require a lot of corporate users to work on something inside their firewall or with auditing. Will be interesting to see how it grows.

Tag: fudconboston2007

Fedora Core Release Engineering

By on February 2, 2007 in Home Page, Linux

Jessie Keating, F13 (’cause his keyboard goes up to 13). Fedora Release Engineering. Very open topic – how its done, how he’d like to get it done. New build system trying to get open-sourced from RedHat, replacing Plague.

His job: marshall package collection and keep them working. “DistFC7” is a package collection of everything in FC6 plus Extras. “Rawhide” nightly build. Regularly, create a freeze. Tags are fairly inexpensive, so “F7Test1” is easy to apply. Spin off freeze, run intensive tests on that tag. Different “spins” or collections of tests are done for each frozen tag: desktop, server, KDE “spins” are coordinated by Jessie. Questions remain on how to triage failed builds – what qualifies as a showstopper.

Pungi” builds a distribution from a manifest, based on multiple languages and architectures. Reads from core repositories, extras, locals, finds the “best” module, resolves all of the dependencies to build a tree of source. Hands off the anaconda tools, build-install, that actually creates images. Next step involves sorting the many package dependencies to create a package order that would allow install from CD1, CD2, CD3. There’s a magic XML file called “comps” that is a combination of experience, black magic and wild guesses. Then, making ISO file systems requires its own black magic as there are a lot of obscure flags that differ depending on the target of i386, PPC, 64-bit and so forth.

Needed: post-build validation before handing things off to QA. Bloat is an issue: a 9-CD, 2DVD distro is hostile, expecially to bandwidth-expensive. Would like to create some different images that don’t include the kitchen sink: “desktop” that’s a browser, chat, email, etc. “server” is a base set plus a set of optional servers. “KDE” spin. Would like to be able to add additional recipies, like an “Eclipse” spin that has a fully-configured install with all the dev tools ready to go. Need help with fine-tuning the manifest. Sorting through the (many bizarrely-named) hardware packages. Need help with “comps” – how to overlay the different issues of dependencies and choices, mandatory, default and priorites.

I never knew how sausage was made 😉

Oh, and then there’s the issue of updates…

Tag: fudconboston2007

I’m Blogging This…

By on February 2, 2007 in Home Page, LAMP, Linux, Technology

Live from FUDCon Boston 2007 at Boston University’s Photonics Center. Wifi provided by the Fedora group, beautiful facilities. The Unconference format got presenters to do a 2-minute elevator pitch for their sessions. We took a break and voted on the sessions we wanted to attend, and the organizers shuffled the large and small rooms and time slots and I’m sitting in the first sesion on Mugshot.

Got to see a neat piece of hardware presented by an foaf as we got coffee. The Pepper Pad is a lightweight Linux-based, AMD Geode-based handheld Etch-A-Sketch sized device with full video capabilities, wireless networking, USB, and lots of features. It’s based off Fedora Core 4 with their own yum repositories. Nice form factor, major cuteness factor.

Tag: fudconboston2007

Livingston: Upgrade Vista with Vista

By on February 1, 2007 in Home Page, Microsoft, Technology

In Brian Livingston’s “Windows Secrets” newsletter, Brian writes, “Windows Vista, in my opinion, is a big improvement over Windows XP in many ways. But the new operating system is distinctly overpriced.” and “But I’ve tested a method that allows you to clean-install the Vista upgrade version on any hard drive, with no prior XP or W2K installation — or even a CD — required.” While this is good news for all who want to upgrade their hardware while installing Vista, it points out a way to buy the cheaper Upgrade version and get the same effect as the more expensive Full version.”

If you choose to dance with the devil, you need to pay the devil his due. A far better choice to send a message to Microsoft that their software is overpriced is by purchasing a Mac or installing Ubuntu or Fedora or Red Hat or SuSE or Debian or just sticking with the software you have. That’s how the market works. Using Microsoft’s software in violation of their questionable licenses just puts you in a bad position. I’m surprised to see Brian presenting it this way: it’s a handy tip for upgraders (and a best practice for getting a stable system), but it’s not the right path for people building new machines. I wonder if Microsoft will be able to patch this behavior to detect this kind of “upgrade” or whether they’ll change their installer to prevent it.

Newer posts

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.