Which could be advantages for home users using that filesystem?
I dont think it's for end/home user...
It's more for Enterprise with more Filesystem server. This is for a failover / High availability server / clustering filesystem
Le jeudi 24 février 2005 à 15:11 +0100, Giulio Sorrentino a écrit :
Which could be advantages for home users using that filesystem?
On Thu, 24 Feb 2005 15:11:03 +0100, Giulio Sorrentino numerone.fedora@wooow.it wrote:
Which could be advantages for home users using that filesystem?
Though its a common perception Fedora isnt solely meant to be used by home users.
Rahul Sundaram wrote:
On Thu, 24 Feb 2005 15:11:03 +0100, Giulio Sorrentino numerone.fedora@wooow.it wrote:
Which could be advantages for home users using that filesystem?
Though its a common perception Fedora isnt solely meant to be used by home users.
Really I feel that fedora has been built for business desktops more than home desktops, but I am an home user and I am simply asking what advantages could I take from it.
Hi,
I am new to Fedora and this mail list. I just installed FC3 in my PC, and upgraded it online. When I tried to configure Squid, I found that I can only set the cache_dir to /var/spool/squid, otherwise, Squid won't work.
For example, if I set it to point to /tmp, when I run 'squid -z', nothing will happen; when I run 'squid', I will get some error messages as below:
FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
I am not sure if it is a problem of Squid, since I cannot find this issue in the bug list of Squid 2.5.STABLE7 at their site... I wonder if anyone here has had the same problem, and how to fix it.
Thanks, Chris
__________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
Chris wrote:
I am new to Fedora and this mail list. I just installed FC3 in my PC, and upgraded it online. When I tried to configure Squid, I found that I can only set the cache_dir to /var/spool/squid, otherwise, Squid won't work.
For example, if I set it to point to /tmp, when I run 'squid -z', nothing will happen; when I run 'squid', I will get some error messages as below:
FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
I am not sure if it is a problem of Squid, since I cannot find this issue in the bug list of Squid 2.5.STABLE7 at their site... I wonder if anyone here has had the same problem, and how to fix it.
Have a look in /var/log/messages
I suspect this will be an SElinux issue.
Paul.
Paul,
Thanks, and it's exactly because of that. I didn't realize that I installed SELinux...
I got following error messages when I do 'squid -z':
Feb 25 00:30:26 eden kernel: audit(1109259026.091:0): avc: denied { search } for pid=4836 exe=/usr/sbin/squid name=tmp dev=hda12 ino=480001 scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t tclass=dir Feb 25 00:30:26 eden squid: Failed to make swap directory /tmp/squid: (13) Permission denied
I just don't get it since the dir is writable for squid:
drwxr-xr-x 2 squid squid 4096 Feb 25 00:06 squid/
Is this a known issue of SELinux? Is there any way to work around it?
thanks, Chris
--- Paul Howarth paul@city-fan.org wrote:
Chris wrote:
I am new to Fedora and this mail list. I just installed FC3 in my PC, and upgraded it online. When I tried to configure Squid, I found that I can only set the cache_dir to /var/spool/squid, otherwise, Squid won't work.
For example, if I set it to point to /tmp, when I run 'squid -z', nothing will
happen;
when I run 'squid', I will get some error messages as below:
FATAL: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time. Squid Cache (Version 2.5.STABLE7): Terminated abnormally.
I am not sure if it is a problem of Squid, since I cannot find this issue in the bug
list
of Squid 2.5.STABLE7 at their site... I wonder if anyone here has had the same
problem,
and how to fix it.
Have a look in /var/log/messages
I suspect this will be an SElinux issue.
Paul.
__________________________________ Do you Yahoo!? Yahoo! Mail - You care about security. So do we. http://promotions.yahoo.com/new_mail
Chris wrote:
Thanks, and it's exactly because of that. I didn't realize that I installed SELinux...
I got following error messages when I do 'squid -z':
Feb 25 00:30:26 eden kernel: audit(1109259026.091:0): avc: denied { search } for pid=4836 exe=/usr/sbin/squid name=tmp dev=hda12 ino=480001 scontext=root:system_r:squid_t tcontext=system_u:object_r:tmp_t tclass=dir Feb 25 00:30:26 eden squid: Failed to make swap directory /tmp/squid: (13) Permission denied
I just don't get it since the dir is writable for squid:
drwxr-xr-x 2 squid squid 4096 Feb 25 00:06 squid/
Is this a known issue of SELinux? Is there any way to work around it?
This is a feature, not a bug ;-)
SELinux imposes additional restrictions on what the squid server can do, so that if it is compromised, it is difficult for the attacker to do anything useful with it, like write a rootkit to /tmp. This is all on top of the existing unix permissions.
Try approaching the problem a different way. What is the underlying reason why you want the squid cache to be in /tmp instead of /var/spool/squid?
Paul.
Thanks for the explanation. It seems that I should have not check that check box when installing FC3...
The reason is that I want to make Apache faster by using Squid together with shm... I setup a TWiki using Apache with mod_perl, but I still feel that the speed is not so ideal. So I want to mount shm to tmp, so that not only the perl scripts (TWiki) can run faster, PHP scripts (which may use /tmp) can also run faster... I tried to mount shm to /var/spool/squid, but it won't work either, it gives following error instead:
Feb 25 00:52:32 eden squid: Failed to make swap directory /var/spool/squid: (17) File exists
but in fact, no file is in the mounted dir or the real dir...
Chris
--- Paul Howarth paul@city-fan.org wrote:
This is a feature, not a bug ;-)
SELinux imposes additional restrictions on what the squid server can do, so that if it is compromised, it is difficult for the attacker to do anything useful with it, like write a rootkit to /tmp. This is all on top of the existing unix permissions.
Try approaching the problem a different way. What is the underlying reason why you want the squid cache to be in /tmp instead of /var/spool/squid?
Paul.
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail
Chris wrote:
Thanks for the explanation. It seems that I should have not check that check box when installing FC3...
The reason is that I want to make Apache faster by using Squid together with shm... I setup a TWiki using Apache with mod_perl, but I still feel that the speed is not so ideal. So I want to mount shm to tmp, so that not only the perl scripts (TWiki) can run faster, PHP scripts (which may use /tmp) can also run faster... I tried to mount shm to /var/spool/squid, but it won't work either, it gives following error instead:
Feb 25 00:52:32 eden squid: Failed to make swap directory /var/spool/squid: (17) File exists
but in fact, no file is in the mounted dir or the real dir...
Not the error message I'd have expected, but could you try running:
# restorecon -R /var/spool/squid
after mounting /var/spool/squid and see if that helps?
Paul.
I tried that, it failed with following msg:
restorecon set context /var/spool/squid->system_u:object_r:squid_cache_t failed:'Permission denied'
BTW, I also tried that command on /tmp/squid without mount shm to it (just to test the result of it...), and the command succeeded, but when I point the cache dir to /tmp/squid, I still get the same error...
Thanks, Chris
--- Paul Howarth paul@city-fan.org wrote:
Chris wrote:
Thanks for the explanation. It seems that I should have not check that check box when installing FC3...
The reason is that I want to make Apache faster by using Squid together with shm... I setup a TWiki using Apache with mod_perl, but I still feel that the speed is not so ideal. So I want to mount shm to tmp, so that not only the perl scripts (TWiki) can
run
faster, PHP scripts (which may use /tmp) can also run faster... I tried to mount shm
to
/var/spool/squid, but it won't work either, it gives following error instead:
Feb 25 00:52:32 eden squid: Failed to make swap directory /var/spool/squid: (17) File exists
but in fact, no file is in the mounted dir or the real dir...
Not the error message I'd have expected, but could you try running:
# restorecon -R /var/spool/squid
after mounting /var/spool/squid and see if that helps?
Paul.
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
Chris wrote:
I tried that, it failed with following msg:
restorecon set context /var/spool/squid->system_u:object_r:squid_cache_t failed:'Permission denied'
BTW, I also tried that command on /tmp/squid without mount shm to it (just to test the result of it...), and the command succeeded, but when I point the cache dir to /tmp/squid, I still get the same error...
That's because the policy for /tmp is not the same as for /var/spool/squid so restorecon will set different contexts for the two directories.
I think your best bet now is to follow Rahul's advice; update all selinux-related packages to the latest ones available, relabel the machine and if it still doesn't work, try the fedora-selinux list.
Paul.
On Thu, 24 Feb 2005 07:53:58 -0800 (PST), Chris csh_jp@yahoo.com wrote:
Thanks for the explanation. It seems that I should have not check that check box when installing FC3...
SELinux is enabled by default.
The reason is that I want to make Apache faster by using Squid together with shm... I setup a TWiki using Apache with mod_perl, but I still feel that the speed is not so ideal. So I want to mount shm to tmp, so that not only the perl scripts (TWiki) can run faster, PHP scripts (which may use /tmp) can also run faster... I tried to mount shm to /var/spool/squid, but it won't work either, it gives following error instead:
Feb 25 00:52:32 eden squid: Failed to make swap directory /var/spool/squid: (17) File exists
but in fact, no file is in the mounted dir or the real dir...
Chris
I would suggest these
yum update selinux-targetted-policy
./autorelabel
reboot the machine. if it doesnt fix the problem post the question with the relevant avc denies from the logs to the fedora-selinux list
I cannot get that?
root:/> yum update selinux-targetted-policy Setting up Update Process Setting up Repo: base repomd.xml 100% |=========================| 1.1 kB 00:00 Setting up Repo: updates-released repomd.xml 100% |=========================| 951 B 00:00 Setting up Repo: yjl-packages repomd.xml 100% |=========================| 1.1 kB 00:01 Reading repository metadata in from local files base : ################################################## 2622/2622 primary.xml.gz 100% |=========================| 273 kB 01:08 MD Read : ################################################## 659/659 updates-re: ################################################## 659/659 yjl-packag: ################################################## 57/57 Could not find update match for selinux-targetted-policy No Packages marked for Update/Obsoletion
--- Rahul Sundaram rahulsundaram@gmail.com wrote:
I would suggest these
yum update selinux-targetted-policy
./autorelabel
reboot the machine. if it doesnt fix the problem post the question with the relevant avc denies from the logs to the fedora-selinux list
-- Regards, Rahul Sundaram
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250
Chris wrote:
I cannot get that?
root:/> yum update selinux-targetted-policy Setting up Update Process Setting up Repo: base repomd.xml 100% |=========================| 1.1 kB 00:00 Setting up Repo: updates-released repomd.xml 100% |=========================| 951 B 00:00 Setting up Repo: yjl-packages repomd.xml 100% |=========================| 1.1 kB 00:01 Reading repository metadata in from local files base : ################################################## 2622/2622 primary.xml.gz 100% |=========================| 273 kB 01:08 MD Read : ################################################## 659/659 updates-re: ################################################## 659/659 yjl-packag: ################################################## 57/57 Could not find update match for selinux-targetted-policy No Packages marked for Update/Obsoletion
The package is actually called selinux-policy-targeted
You may already heave the latest version anyway (1.17.30-2.80 I think).
Paul.
Paul, Rahul,
Thank you guys for the help and patience. I just did a brief research on the security thing, and found that it's really interesting :-) I found that using GUI (system settings | Security Level), I can configure it very easily (since I have never used this before, I don't know how to configure before touching the .autorelabel and reboot... Using this, I suppose that I just need to disable the protection of squid daemon and reboot it?
Need to go to sleep since I have to get up early tomorrow to work :-( Will continue trying it later...
thanks again,
Chris
--- Paul Howarth paul@city-fan.org wrote:
The package is actually called selinux-policy-targeted
You may already heave the latest version anyway (1.17.30-2.80 I think).
Paul.
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250
Resolved in this way.It has been very interesting!
Thank you guys for the help!
... I found that using GUI (system settings | Security Level), I can configure it very easily (since I have never used this before, I don't know how to configure before touching the .autorelabel and reboot... Using this, I suppose that I just need to disable the protection of squid daemon and reboot it?
__________________________________ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
Hi,
I found that I cannot make my perl script work: it uses LWP or simpleget.pl to retrieve a web page, then process on the data retrieved. This script can work fine in command line, but if I run it as a CGI script, no data can be retrieved.
I guess that there is some kind of restrictions on this in the security machanism, but I am not sure. Could anyone shed some light on this for me?
thanks,
Chris
____________________________________________________________________________________ Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited
On Sat, Nov 25, 2006 at 11:01:46AM -0800, Chris wrote:
Hi,
I found that I cannot make my perl script work: it uses LWP or simpleget.pl to retrieve a web page, then process on the data retrieved. This script can work fine in command line, but if I run it as a CGI script, no data can be retrieved.
I guess that there is some kind of restrictions on this in the security machanism, but I am not sure. Could anyone shed some light on this for me?
Have you checked your web server's logs? I suspect a lack of permission to write to the directory where you want to put the files. You didn't indicate your server. Apache runs as apache:apache, and tomcat as tomcat:tomcat.
Hi, Charles,
Thank you for the response. I am sorry that I didn't make it clear. Here is it:
I use Apache 2; there is no error in its log file.
The script doesn't need to write to files, it just retrieve some web page, say, http://www.yahoo.com/index.html, then extract some data from it and show it.
The following simple script illustrates this:
============ perl script ===============
#!/usr/bin/perl
use LWP::UserAgent;
my $ua = LWP::UserAgent->new; $ua->timeout(10); my $resp = $ua->get("http://www.yahoo.com/");
my $resultUsingLWP; if($resp->is_success) { $resultUsingLWP = $resp->content; } else { $resultUsingLWP = $resp->status_line; }
print "Content-type: text/html; charset=utf-8\n\n";
print "LWP result: {$resultUsingLWP}";
0 ========= end of perl script ========
This runs fine in command line, it prints the HTML code of Yahoo's homepage. But when I run it as a CGI script from browser, it returns following message:
LWP result: {500 Can't connect to www.yahoo.com:80 (Bad hostname 'www.yahoo.com')}
That's weird that the internet connection is fine (otherwise I wouldn't be able to reply this email). So it indicates that when a CGI script wants to do this, it will be blocked by some mechanism... I am not sure if it has anything to do with SELinux...
thanks a lot!
Chris
--- Charles Curley charlescurley@charlescurley.com wrote:
On Sat, Nov 25, 2006 at 11:01:46AM -0800, Chris wrote:
Hi,
I found that I cannot make my perl script work: it uses LWP or simpleget.pl to retrieve a web page, then process on the data retrieved. This script can work fine in command line, but if I run it as a CGI script, no data can be retrieved.
I guess that there is some kind of restrictions on this in the security machanism, but I am not sure. Could anyone shed some light on this for me?
Have you checked your web server's logs? I suspect a lack of permission to write to the directory where you want to put the files. You didn't indicate your server. Apache runs as apache:apache, and tomcat as tomcat:tomcat.
--
Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email
Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB
--
fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com
On Sat, Nov 25, 2006 at 09:16:30PM -0800, Chris wrote:
Hi, Charles,
This runs fine in command line, it prints the HTML code of Yahoo's homepage. But when I run it as a CGI script from browser, it returns following message:
LWP result: {500 Can't connect to www.yahoo.com:80 (Bad hostname 'www.yahoo.com')}
That's weird that the internet connection is fine (otherwise I wouldn't be able to reply this email). So it indicates that when a CGI script wants to do this, it will be blocked by some mechanism... I am not sure if it has anything to do with SELinux...
Hmm, a very different critter indeed. It sounds like a name resolution problem. Can you run the script with a suitable IP address? That's not a perfect long term solution (IP addresses change), but will at least isolate the problem.
To get an ip address, run
host www.yahoo.com
Long term, if name resolution is indeed the problem, you need to find out why you can resolve names as your own user but not as apache:apache.
Chris wrote:
Thanks for the explanation. It seems that I should have not check that check box when installing FC3...
[SELinux]
The reason is that I want to make Apache faster by using Squid together with shm...
By shm, I assume you mean "Virtual memory file system support (former shm fs)", which is now called tmpfs.
I haven't tried this, but you might care to try mounting a tmpfs filesystem over /var/spool/squid, restorecon it (to set the SELinux labels), squid -z (to create the swap directories), and then start squid.
If you get that working, you can script it for the next boot-up.
Of course, you'll lose all your cache over a reboot...
James.
Yeah, for business desktops, maybe M$ Windows is better, since you have all the M$ Word/Excel/Outlook... And the other business men may also use these stuffs...
Linux's advantages:
* Free, for the OS, most apps, the upgrade of OS in the future, and all the great development tools (g++, perl, java, etc) * if you like Unix, you don't need to install something like Cygwin :-) * desktop can be fast if fine-tuned * kernal customizable for your PC, to get the best performance * stable (maybe not so meaningful for home users?) * can set up a web server, and do what you want. isn't it also cool for home users?
--- Rahul Sundaram rahulsundaram@gmail.com wrote:
Hi
Really I feel that fedora has been built for business desktops more than home desktops, but I am an home user and I am simply asking what advantages could I take from it.
none really
-- Regards, Rahul Sundaram
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250
On Thu, 24 Feb 2005 07:02:54 -0800 (PST), Chris csh_jp@yahoo.com wrote:
Yeah, for business desktops, maybe M$ Windows is better, since you have all the M$ Word/Excel/Outlook... And the other business men may also use these stuffs...
largely replacable by openoffice.org esp in 2.0. I would recommend everyone using Windows to try the windows version of Openoffice.org 2.0 when its released.Outlook can be replaced by Mozilla Thunderbird or Evolution when it completes its windows port
I haven't tried Open Office before... Will it be compatible with, say, Office 2003? I don't mean that that is so good, but when you do business, many people may send you a document in that format...
--- Rahul Sundaram rahulsundaram@gmail.com wrote:
On Thu, 24 Feb 2005 07:02:54 -0800 (PST), Chris csh_jp@yahoo.com wrote:
Yeah, for business desktops, maybe M$ Windows is better, since you have all the M$ Word/Excel/Outlook... And the other business men may also use these stuffs...
largely replacable by openoffice.org esp in 2.0. I would recommend everyone using Windows to try the windows version of Openoffice.org 2.0 when its released.Outlook can be replaced by Mozilla Thunderbird or Evolution when it completes its windows port
-- Regards, Rahul Sundaram
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
__________________________________ Do you Yahoo!? Yahoo! Sports - Sign up for Fantasy Baseball. http://baseball.fantasysports.yahoo.com/
On Thu, 24 Feb 2005 07:41:25 -0800 (PST), Chris csh_jp@yahoo.com wrote:
I haven't tried Open Office before... Will it be compatible with, say, Office 2003? I don't mean that that is so good, but when you do business, many people may send you a document in that format...
It is compatible. It would be better if you just try it out when 2.0 is released or one of the betas in a test machine.
On Thu, 2005-02-24 at 07:41 -0800, Chris wrote:
I haven't tried Open Office before... Will it be compatible with, say, Office 2003? I don't mean that that is so good, but when you do business, many people may send you a
Yes, for the most part.
Can't hurt to try. [at least not too much ;]
yum install openoffice
I've been using OO.org exclusively over MS Office for well over a year and 1/2 and not a soul I deal with knows I don't use MS Office. In fact, I have better luck opening old or mac version of office docs using open office than I do using MS Office XP. I've even converted a few people by 'fixing' their old mac office docs and exporting as a pdf is a god send.
YMMV of course,
-
Charles Curley -
Chris -
Craig Thomas -
Daniel Chénard -
Giulio Sorrentino -
James Wilkinson -
Paul Howarth -
Rahul Sundaram