Re: SELinux FAQ
by Karsten Wade
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't disagree with Steve, but I don't have any cycles to work on
the problem. Perhaps someone from Docs wants to reach out to Steve to
see how to collaborate and make things better.
- - Karsten
On 11/09/2011 05:09 PM, Steve Kelem wrote:
> If that stuff on the Fedora 13 site is no longer valid, it would
> be useful to all of us who search the web for useful info to be
> directed to the place with the latest information. Is there any
> chance that whoever maintains the page that I found be told where
> the latest stuff is and then add a pointer to the latest stuff?
>
> When I upgraded to Fedora 15, a bunch of stuff stopped working. I
> only stumbled across a bunch of SElinux errors in a tool that
> suggests how to fix the problem but relies on the user being
> intimate with SElinux. I couldn't find any explanation or even a
> definition of what these 20 or so "labels" are, so I don't know
> what I'm going to break if I guess at what labels to use! I'm not
> a novice. I worked with Unix (yeah, the original Unix) in the
> 1980's. I have a Ph.D. in Computer Science and my former wife
> worked in formal security and was always talking about MAC and DAC
> access. So I at least know what the terminology is and why it's a
> good thing. This SElinux stuff looks like a good thing, but I've
> found very little info on how to use it, how to understand it, or
> how to fix the problems as my system seems to be upgraded
> automatically to use it. I'm hoping I can encourage people to put
> out some good documentation so that it will catch on and be used.
>
> Sincerely, Steve Kelem
>
> Karsten 'quaid' Wade said the following on 11/08/2011 11:10 AM:
>> Hi Steve:
>>
>> Looks like a lot of good points below. I'm not aware of the
>> status of the SELinux FAQ; I did think most of that info was
>> moved in to release-specific documentation. (I haven't been a
>> maintainer of that FAQ in a long time.)
>>
>> I'm Cc:ing this to the Fedora Docs team, who manage the depth and
>> breadth of Fedora technical content - definitely the folks to
>> ask.
>>
>> http://lists.fedoraproject.org/mailman/listinfo/docs
>>
>> - Karsten
>>
>> On 11/08/2011 07:29 AM, Steve Kelem wrote:
>>> Hi. I've been reading the Fedora 13 SELinux FAQ.
>>
>>> 1. I found the SELinux FAQ under Fedora 13 at
>>>
> http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html....
>>
>>
>>
>
I
>
was surprised that this document is tied to Fedora 13. With Fedora 15
>>> about to be replaced by Fedora 16, it seems strange to tie
>>> SELinux to a specific revision of Fedora. 2. Under "What are
>>> file contexts?" it says: "Fedora ships with the |fixfiles|
>>> script, which supports four options: |check|, |relabel|,
>>> |relabel| and |verify|." One of these "relabel" options should
>>> be "restore". 3. Under "How do I make a user public_html
>>> directory work under SELinux?", item #2 says:
>>
>>> *|ls -Z -d public_html/|* |drwxrwxr-x auser auser
>>> user_u:object_r:user_home_t public_html| *|chcon -R -t
>>> httpd_user_content_t public_html/ ls -Z -d public_html
>>
>>> This should be:|* *|ls -Z -d public_html/|* |drwxrwxr-x auser
>>> auser user_u:object_r:user_home_t public_html| *|chcon -R -t
>>> httpd_user_content_t public_html/ ls -Z -d public_html/
>>
>>> Better yet, you should distinguish what's type v.s. what's
>>> returned by the system:|*
>>
>>> *|% ls -Z -d public_html/|* |drwxrwxr-x auser auser
>>> user_u:object_r:user_home_t public_html| **|%|***|chcon -R -t
>>> httpd_user_content_t public_html/ |***|%|***|ls -Z -d
>>> public_html/|**||*
>>
>>> 4. In item 3, it says that there is a "SELinux tab" in
>>> system-config-selinux. My version is (c) 2006 (in Fedora 15!)
>>> and does not have a SELinux tab. It has tabs: Status, Boolean,
>>> File Labeling, User Mapping, SELinux User, Network Port,
>>> Policy Module, and Process Domain. The command described is
>>> under the "Boolean" tab, search for "home directories", and
>>> you'll find it.
>>
>>
>>
>
- --
name: Karsten 'quaid' Wade, Sr. Community Architect
team: Red Hat Community Architecture & Leadership
uri: http://communityleadershipteam.org
http://TheOpenSourceWay.org
gpg: AD0E0C41
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFOwcVb2ZIOBq0ODEERAmeYAKDCGwJkFiO3Hnjs5gLlw1Al33ETNQCfZ5yB
74VjFgJnKoahegeNRAl7TVc=
=Cry7
-----END PGP SIGNATURE-----
12 years, 4 months
Meeting summary -- 14 November 2011
by Ben Cotton
As a note, no one stepped up to challenge me for group leadership.
Since Zach posted it to the list last week, I'll assume no one objects
to my glorious rule.
Meeting summary
---------------
* Roll Call (bcotton, 14:06:43)
* Follow up on last week's action items (bcotton, 14:08:36)
* ACTION: zoglesby to work on QA wiki page, and restart conversation
on docs list (bcotton, 14:08:53)
* ACTION: Sparks to take to the list a request for video recording
equipment. (bcotton, 14:09:16)
* ACTION: parks to send proposed Docs QA goals to mailing list
(bcotton, 14:09:31)
* ACTION: bcotton to email list to schedule Docs Bug Squashing Party
(bcotton, 14:09:49)
* FUDcon Blacksburg (bcotton, 14:10:52)
* LINK: http://fedoraproject.org/wiki/FUDCon:Blacksburg_2012
(bcotton, 14:10:58)
* Docs is sponsoring two classes at FUDCon Blacksburg: Introduction to
Docs and DocBookXML/Publican (bcotton, 14:11:04)
* LINK:
https://fedoraproject.org/wiki/FUDCon:Blacksburg_2012#Saturday_20120114
(Southern_Gentlem, 14:13:45)
* next subsidy approval meeting for FUDcon Blacksburg is this
Wednesday (bcotton, 14:17:05)
* Guide Status (bcotton, 14:18:09)
* ACTION: fnadge to start a Style Guide book (bcotton, 14:33:43)
* Outstanding BZ Tickets (bcotton, 14:36:11)
* LINK: http://tinyurl.com/lbrq84 (bcotton, 14:36:19)
* Leader? (bcotton, 14:39:02)
* AGREED: bcotton is the next victim (bcotton, 14:43:52)
* Open floor discussion (bcotton, 14:44:01)
* ACTION: pkovar to post to docs and trans lists to disucss
formalizing procedure for what to translate (bcotton, 14:49:47)
Meeting ended at 14:51:01 UTC.
Action Items
------------
* zoglesby to work on QA wiki page, and restart conversation on docs
list
* Sparks to take to the list a request for video recording equipment.
* parks to send proposed Docs QA goals to mailing list
* bcotton to email list to schedule Docs Bug Squashing Party
* fnadge to start a Style Guide book
* pkovar to post to docs and trans lists to disucss formalizing
procedure for what to translate
Action Items, by person
-----------------------
* bcotton
* bcotton to email list to schedule Docs Bug Squashing Party
* fnadge
* fnadge to start a Style Guide book
* pkovar
* pkovar to post to docs and trans lists to disucss formalizing
procedure for what to translate
* **UNASSIGNED**
* zoglesby to work on QA wiki page, and restart conversation on docs
list
* Sparks to take to the list a request for video recording equipment.
* parks to send proposed Docs QA goals to mailing list
People Present (lines said)
---------------------------
* bcotton (60)
* pkovar (19)
* fnadge (12)
* jjmcd (11)
* suehle (9)
* Southern_Gentlem (5)
* randomuser (3)
* nb (3)
* zodbot (3)
* LoKoMurdoK (3)
* jsmith (2)
* shaiton (2)
* jhradilek (1)
Minutes:
http://meetbot.fedoraproject.org/fedora-meeting/2011-11-14/fedora_docs.20...
Minutes (text):
http://meetbot.fedoraproject.org/fedora-meeting/2011-11-14/fedora_docs.20...
Log:
http://meetbot.fedoraproject.org/fedora-meeting/2011-11-14/fedora_docs.20...
--
Ben Cotton
12 years, 4 months
Re: [web] Adding ja-JP of Security Guide
by Tadashi Jokagi
Hi Eric,
(2011/11/10 1:45), Eric Christensen wrote:
> commit 91fa67667c82e2ecb80c7c92ca7fe979e444a6d5
> Author: Eric 'Sparks' Christensen<sparks(a)fedoraproject.org>
> Date: Wed Nov 9 11:45:12 2011 -0500
>
> Adding ja-JP of Security Guide
This work is not completed correctly.
Because, a version number is not in a path.
http://docs.fedoraproject.org/ja-JP/Fedora/html/Security_Guide/
> .../ja-JP/Fedora/html/Security_Guide/apas02.html | 44 +
(snip)
> .../ja-JP/Fedora/html/Security_Guide/index.html | 33 +
(snip)
> diff --git a/public_html/ja-JP/Fedora/html/Security_Guide/Common_Content/css/common.css b/public_html/ja-JP/Fedora/html/Security_Guide/Common_Content/css/common.css
> new file mode 100644
> index 0000000..d7dc3f2
> --- /dev/null
> +++ b/public_html/ja-JP/Fedora/html/Security_Guide/Common_Content/css/common.css
> @@ -0,0 +1,1528 @@
> +* {
> + widows: 2 !important;
> + orphans: 2 !important;
> +}
> +
> +body, h1, h2, h3, h4, h5, h6, pre, li, div {
> + line-height: 1.29em;
> +}
> +
(snip)
--
----.----1----.----2----.----3----.----4----.----5----.----6----.----7
Tadashi Jokagi mailto:elf@elf.no-ip.org Twitter: http://bit.ly/a4DzKL
Yokukitana III http://poyo.jp/
Yokukita blog http://blog.poyo.jp/ Yokukita wiki http://wiki.poyo.jp/
HotPHPPER News http://news.hotphppher.net/
12 years, 4 months
Trouble Publishing Musicians' Guide
by Christopher Antila
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi:
I'm having problems publishing the Musicians' Guide for Fedora 16. But
you probably guessed that from the title.
I'm working from the "f16" branch in the git repository (see link
[0]). I think I've followed the instructions correctly from links [1]
and [2], but when I get to step 3 in the "Publishing a document"
section of link [2], the HTML and HTML-single versions have the
"draft" background image, even though everything else is correct.
- ----
Worse still, the PDF version won't build, but throws the following error:
SEVERE: javax.xml.transform.TransformerException:
file:/~/musicians-guide/tmp/en-US/xml/Musicians_Guide.fo:5:814:
"fo:table-body" is missing child elements. Required content model:
marker* (table-row+|table-cell+) (See position 5:814)
Maybe because I'm using the Oracle VM?
- ----
The two problems are probably unrelated, but I don't have much time to
experiment with how to fix either of them, so any help is greatly
appreciated.
Regards,
Christopher.
[0] https://fedorahosted.org/musicians-guide/
[1]
http://fedoraproject.org/wiki/Unpublishing_draft_documentation_using_Publ...
[2] https://fedoraproject.org/wiki/Publishing_a_document_with_Publican
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
iQEcBAEBAgAGBQJOu0MYAAoJEInCktGVqZ8VOrgH/RwWwhi7JcYVczSSJOkPaCue
XT+38vq5kr6cJqrUG4WVYlbEDeAMwxSeH/NtES2v1M7BSHz5KbTfwwva9nhOaREC
Z9HvJyfJEzrdcClMfIqmW4eoJjxHK0L4MWOqNPRQaZftUAMpFVNrm2XGjCjpFAgl
R4gCZ9jjQeg87VTZ4OboncyVyndnII7kXLpWngYo2NfA06d+gQu4l2C1pWLygm4X
fAeFYUe5oIjoUw4x5MP9vK+rV10/fIMZz56ne+rMpUTCvAG/4cGWi2VYWWROA1Tt
aG4YpFhtmM8apzfmkC7RhEdjdfvbWRrleOo+3ShgvwFMac851D4v0GwwfHeJook=
=Pu9E
-----END PGP SIGNATURE-----
12 years, 4 months
Fwd: Re: SELinux FAQ
by Karsten Wade
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Trying again ... first got bounced for some reason.
- -------- Original Message --------
Subject: Re: SELinux FAQ
Date: Tue, 08 Nov 2011 11:10:12 -0800
From: Karsten 'quaid' Wade <kwade(a)redhat.com>
Organization: Red Hat
To: Steve Kelem <steve(a)kelem.net>
CC: docs(a)fedoraproject.org
Hi Steve:
Looks like a lot of good points below. I'm not aware of the status of
the SELinux FAQ; I did think most of that info was moved in to
release-specific documentation. (I haven't been a maintainer of that
FAQ in a long time.)
I'm Cc:ing this to the Fedora Docs team, who manage the depth and
breadth of Fedora technical content - definitely the folks to ask.
http://lists.fedoraproject.org/mailman/listinfo/docs
- - Karsten
On 11/08/2011 07:29 AM, Steve Kelem wrote:
> Hi. I've been reading the Fedora 13 SELinux FAQ.
>
> 1. I found the SELinux FAQ under Fedora 13 at
> http://docs.fedoraproject.org/en-US/Fedora/13/html/SELinux_FAQ/index.html....
>
>
I
>
was surprised that this document is tied to Fedora 13. With Fedora 15
> about to be replaced by Fedora 16, it seems strange to tie SELinux
> to a specific revision of Fedora. 2. Under "What are file
> contexts?" it says: "Fedora ships with the |fixfiles| script,
> which supports four options: |check|, |relabel|, |relabel| and
> |verify|." One of these "relabel" options should be "restore". 3.
> Under "How do I make a user public_html directory work under
> SELinux?", item #2 says:
>
> *|ls -Z -d public_html/|* |drwxrwxr-x auser auser
> user_u:object_r:user_home_t public_html| *|chcon -R -t
> httpd_user_content_t public_html/ ls -Z -d public_html
>
> This should be:|* *|ls -Z -d public_html/|* |drwxrwxr-x auser
> auser user_u:object_r:user_home_t public_html| *|chcon -R -t
> httpd_user_content_t public_html/ ls -Z -d public_html/
>
> Better yet, you should distinguish what's type v.s. what's
> returned by the system:|*
>
> *|% ls -Z -d public_html/|* |drwxrwxr-x auser auser
> user_u:object_r:user_home_t public_html| **|%|***|chcon -R -t
> httpd_user_content_t public_html/ |***|%|***|ls -Z -d
> public_html/|**||*
>
> 4. In item 3, it says that there is a "SELinux tab" in
> system-config-selinux. My version is (c) 2006 (in Fedora 15!) and
> does not have a SELinux tab. It has tabs: Status, Boolean, File
> Labeling, User Mapping, SELinux User, Network Port, Policy Module,
> and Process Domain. The command described is under the "Boolean"
> tab, search for "home directories", and you'll find it.
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iD8DBQFOuvF82ZIOBq0ODEERAvIFAJ9qBaNKCnmPlPnoPmoK7J/x+0j9vgCbBE+o
3FWar8/2+SphFKdP+NSTd2A=
=Lao6
-----END PGP SIGNATURE-----
12 years, 4 months
Mailing list settings
by Ben Cotton
Hi gang,
It's apparently time to revisit the topic of mailing list settings.
Currently, docs(a)lists.fedoraproject.org is set to hold messages from
non-subscribed addresses for moderation. There are several of us who
moderate the list every few days or so to let legitimate traffic
through. The idea behind this was to make it so people who aren't
regularly involved with Docs can still send us messages, without
requiring them to subscribe.
I'm a fan of this, but the downsides are that:
1) people who aren't subscribed might not get replies
2) not all lists do this
I suggested that we might try to get all lists to allow
@fedoraproject.org email addresses. This fixes 2, but not 1. The real
issue that we're trying to solve is making it easy to
cross-communicate between groups. Sparks and I don't have a magic
bullet. Any thoughts?
BC
--
Ben Cotton
12 years, 4 months
Re: Release Notes
by Petr Kovar
Hi Domingo,
What would be displayed in the English original then, if the translator
credits are to be extracted from PO files?
I know that the translator-credits string works well in GNOME, but they
use the xml2po utility to take care of the credit string, so that's a little
bit different toolchain.
CC'ing the docs list again.
Cheers,
Petr Kovar
On Wed, 2 Nov 2011 14:20:45 -0300
Domingo Becker <domingobecker(a)gmail.com> wrote:
> 2011/11/1 Eric H. Christensen <sparks(a)fedoraproject.org>:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA256
> >
> > On Tue, Nov 01, 2011 at 10:52:49PM +0900, Misha Shnurapet wrote:
> >> 01.11.2011, 21:53, "John J. McDonough" <wb8rcr(a)arrl.net>:
> >> >> Date: Mon, 31 Oct 2011 23:25:33 +0900
> >> >> From: Misha Shnurapet <shnurapet(a)fedoraproject.org>
> >> >
> >> > [clip]
> >> >
> >> >> 31.10.2011, 23:05, "Kévin Raymond" <shaiton(a)fedoraproject.org>:
> >> >>> I think that you should not include Revision History in your
> >> >>> statistics, this file is useful, but not really needed to be
> >> >>> translated (I translated it only in order to get 100% ^^), IMHO of
> >> >>> course.
> >> >> I think it'd be better to have a list of contributors rather than a revision history log.
> >> >
> >> > A list of contributors would be great, but we haven't figured out how to
> >> > do that. In the past we have tried but have never been able to get it
> >> > right, especially with the translators. Perhaps the new tx offers some
> >> > options we haven't examined. For writers, we can check the wiki
> >> > history, git commits and bugzilla, but there tend to be a lot of
> >> > translators that we don't know how to identify.
> >> >
> >> > As far as the revision history, that is necessary. However, I also
> >> > question the value of translating it.
> >>
> >> There are two possible ways to deal with the list of translators as I see it:
> >> 1. to collect the names from the .po file headers, which are filled, AFAIK, automatically by Transifex;
> > This is possible but would be forever changing.
>
> There's no need to do this, because a translator-credits string would be enough.
>
> >
> >> 2. to omit this list (just like it is done now), naming the authors only.
> > And this doesn't feel correct, to me, as we would be leaving out contributors of the translations.
> >
> > I would think that the best way would be to have translators add their name to the author list on their language's translations when translating. This, unfortunately, doesn't work well with Publican.
> >
>
> In fact, it works perfectly well with Publican.
>
> I tested it with Guillermo Gomez's permission in Software Management
> Guide and the process is documented in [1].
>
> In summary:
>
> 1. There should be a new Acknowledgements.xml with the contents
> similar to Agradecimientos.xml in [2]. It is in Spanish, but a
> doc-writer knows about xml, so it shouldn't be a problem.
>
> 2. This file should be linked in the Document_Name.xml file with a
> line like the following:
>
> <xi:include href="Acknowledgements.xml"
> xmlns:xi="http://www.w3.org/2001/XInclude" />
>
> 3. The translation that should be given for translator-credits string
> is like the one shown in [3], or in English:
> translator 1 <translator 1's email>, year <br>
> translator 2 <translator 2's email>, year <br>
> translator 3 <translator 3's email>, year
> And this work should be done by the translator, and it means a lot of
> work less for the document writer.
>
> 4. Publican will do the magic. All translator will be extracted from
> the translator-credits string in the po file, which is team's
> responsibility.
>
> [1] http://rpmdev.proyectofedora.org/issues/488
>
> [2] http://rpmdev.proyectofedora.org/issues/488#note-3
>
> [3] http://rpmdev.proyectofedora.org/issues/488#note-2
>
> You may test it with Release Notes. It's not too late.
> It worked fine as I tested it.
>
> kind regards
>
> Domingo Becker
> --
> trans mailing list
> trans(a)lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/trans
12 years, 4 months
Video recording equipment
by Eric Christensen
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Anyone coming to FUDCon Blacksburg that can bring some video (preferably digital) recording equipment? We'd like to record the Docs classes.
- -- Eric
- --------------------------------------------------
Eric H Christensen eric(a)christensenplace.us
"Sparks" sparks(a)fedoraproject.org
.... .. .-.. .-.. --- .-- --- .-. .-.. -..
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJOt++PAAoJEIB2q94CS7PRLRcQAOfWsEWbycE2vVzBuH05gyz2
48NUciz3IaNZvuH8QepCqUOxuWF2/yF3gy4cxfmwwTnmSjTCE9VuhvqwbD+b7fWl
S6892dYaIvmk/GGAJBDOQdxL/E94HUluqRr3Cb+FDGMPyQjqUYrniyOPzCWBfLll
FkvYTR0pTkbTNBQrjRyQPWVtOedjv4MOB3lA/HBFnYM0sruAs7Cut2rArT9XmXt5
fSXhNC0wslkOsgBn5m+roeGuZSTolkFhzy8APIZorXbAzf49n3grjJkIfQXBWj4b
9laOmcCSB9m2K13QDC3TJ3VkIC3sWEr6K/OPSjBv+BzVkC7o4Vv3Q/kS0hOlPEnr
byQYGTbHSdd6d+WJmdPuTWG+rIdOiPEeWEzxv1fU57tC2yIQEeTl0TKAoagNoGXx
Ao2xZZy662N1eCGAX0DZ1VzFyAkJd+fvDn9UwFkUmcC/wDB9gAgpbR09Bob995DN
2ZtvMTyuxLUBPRgpuRew/SvbJ5Lpchjvmq39sdWoid5x/coG1AVHaDaJc02WO57Z
YJOxA660NKSNsPfaxpyJ74KjDx4W8V/GdZGiLHYF+2Oz1nldLMIPjmk0qOr/tjES
s0JKF++02qaTVqVaufG6BaDDht9Np+SUEQYjcVKOSIli8/3r9ogR2pvTGkMDZjfe
e4l6Ofsi0Rg7x/MROmEM
=tUJk
-----END PGP SIGNATURE-----
12 years, 4 months
What still do you use? (MiB, MB…)
by Kévin Raymond
Hi there,
I am about to update websites in order to use the mebi, gibi… notation.
That's a binary unit used now (or at least we have to use them). If
nobody change, we would still confuse beginers trying to understand if
M is 1000 or 1024.
>From [1],
"These SI prefixes refer strictly to powers of 10. They should not
be used to indicate powers of 2 (for example, one kilobit represents
1000 bits and not 1024 bits). "
I am here to check the consistency with you guys.
I can read MiB in the newly created Release Notes, but MB in the User Guide.
Would you mind to *all* use the binary notation? Is there a writer
style guide? (The question is in fact, could we update it…)
More on wikipedia [2].
Cheers,
[1] http://www1.bipm.org/utils/common/pdf/si_brochure_8.pdf
[2] http://en.wikipedia.org/wiki/Binary_prefix
--
Kévin Raymond
User:shaiton
GPG-Key: A5BCB3A2
12 years, 4 months