On Thu, 24 Feb 2005 15:11:03 +0100, Giulio Sorrentino <numerone.fedora(a)wooow.it&gt; wrote: Though its a common perception Fedora isnt solely meant to be used by home users. -- Regards, Rahul Sundaram

Hi none really -- Regards, Rahul Sundaram

Chris wrote: Have a look in /var/log/messages I suspect this will be an SElinux issue. Paul.

Chris wrote: This is a feature, not a bug ;-) SELinux imposes additional restrictions on what the squid server can do, so that if it is compromised, it is difficult for the attacker to do anything useful with it, like write a rootkit to /tmp. This is all on top of the existing unix permissions. Try approaching the problem a different way. What is the underlying reason why you want the squid cache to be in /tmp instead of /var/spool/squid? Paul.

Chris wrote: Not the error message I'd have expected, but could you try running: # restorecon -R /var/spool/squid after mounting /var/spool/squid and see if that helps? Paul.

Chris wrote: That's because the policy for /tmp is not the same as for /var/spool/squid so restorecon will set different contexts for the two directories. I think your best bet now is to follow Rahul's advice; update all selinux-related packages to the latest ones available, relabel the machine and if it still doesn't work, try the fedora-selinux list. Paul.

I cannot get that? root:/> yum update selinux-targetted-policy Setting up Update Process Setting up Repo: base repomd.xml 100% |=========================| 1.1 kB 00:00 Setting up Repo: updates-released repomd.xml 100% |=========================| 951 B 00:00 Setting up Repo: yjl-packages repomd.xml 100% |=========================| 1.1 kB 00:01 Reading repository metadata in from local files base : ################################################## 2622/2622 primary.xml.gz 100% |=========================| 273 kB 01:08 MD Read : ################################################## 659/659 updates-re: ################################################## 659/659 yjl-packag: ################################################## 57/57 Could not find update match for selinux-targetted-policy No Packages marked for Update/Obsoletion --- Rahul Sundaram <rahulsundaram(a)gmail.com&gt; wrote: __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250

Paul, Rahul, Thank you guys for the help and patience. I just did a brief research on the security thing, and found that it's really interesting :-) I found that using GUI (system settings | Security Level), I can configure it very easily (since I have never used this before, I don't know how to configure before touching the .autorelabel and reboot... Using this, I suppose that I just need to disable the protection of squid daemon and reboot it? Need to go to sleep since I have to get up early tomorrow to work :-( Will continue trying it later... thanks again, Chris --- Paul Howarth <paul(a)city-fan.org&gt; wrote: __________________________________ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250

Hi, I found that I cannot make my perl script work: it uses LWP or simpleget.pl to retrieve a web page, then process on the data retrieved. This script can work fine in command line, but if I run it as a CGI script, no data can be retrieved. I guess that there is some kind of restrictions on this in the security machanism, but I am not sure. Could anyone shed some light on this for me? thanks, Chris ____________________________________________________________________________________ Yahoo! Music Unlimited Access over 1 million songs. http://music.yahoo.com/unlimited

Hi, Charles, Thank you for the response. I am sorry that I didn't make it clear. Here is it: I use Apache 2; there is no error in its log file. The script doesn't need to write to files, it just retrieve some web page, say, http://www.yahoo.com/index.html, then extract some data from it and show it. The following simple script illustrates this: ============ perl script =============== #!/usr/bin/perl use LWP::UserAgent; my $ua = LWP::UserAgent->new; $ua->timeout(10); my $resp = $ua->get("http://www.yahoo.com/"); my $resultUsingLWP; if($resp->is_success) { $resultUsingLWP = $resp->content; } else { $resultUsingLWP = $resp->status_line; } print "Content-type: text/html; charset=utf-8\n\n"; print "LWP result: {$resultUsingLWP}"; 0 ========= end of perl script ======== This runs fine in command line, it prints the HTML code of Yahoo's homepage. But when I run it as a CGI script from browser, it returns following message: LWP result: {500 Can't connect to www.yahoo.com:80 (Bad hostname 'www.yahoo.com')} That's weird that the internet connection is fine (otherwise I wouldn't be able to reply this email). So it indicates that when a CGI script wants to do this, it will be blocked by some mechanism... I am not sure if it has anything to do with SELinux... thanks a lot! Chris --- Charles Curley <charlescurley(a)charlescurley.com&gt; wrote: ____________________________________________________________________________________ Do you Yahoo!? Everyone is raving about the all-new Yahoo! Mail beta. http://new.mail.yahoo.com

Chris wrote: [SELinux] By shm, I assume you mean "Virtual memory file system support (former shm fs)", which is now called tmpfs. I haven't tried this, but you might care to try mounting a tmpfs filesystem over /var/spool/squid, restorecon it (to set the SELinux labels), squid -z (to create the swap directories), and then start squid. If you get that working, you can script it for the next boot-up. Of course, you'll lose all your cache over a reboot... James. -- James Wilkinson | "It has taken 24 years to get the Reichstag wrapped. Exeter Devon UK | Chancellor Kohl said it would only be wrapped over E-mail address: james | his dead body, so sensing an opportunity the @westexe.demon.co.uk | Bundestag outvoted him." -- The Guardian

On Thu, 24 Feb 2005 07:02:54 -0800 (PST), Chris <csh_jp(a)yahoo.com&gt; wrote: largely replacable by openoffice.org esp in 2.0. I would recommend everyone using Windows to try the windows version of Openoffice.org 2.0 when its released.Outlook can be replaced by Mozilla Thunderbird or Evolution when it completes its windows port -- Regards, Rahul Sundaram

On Thu, 24 Feb 2005 07:41:25 -0800 (PST), Chris <csh_jp(a)yahoo.com&gt; wrote: It is compatible. It would be better if you just try it out when 2.0 is released or one of the betas in a test machine. -- Regards, Rahul Sundaram