Re: Re: /etc/default in Fedora
On 03/19/2012 03:28 PM, Daniel J Walsh wrote: On 03/19/2012 10:36 AM, Michael Cronenworth wrote: Daniel J Walsh wrote: We could put the info into systemd-journal. Back when sendmail and logwatch were part of the default install, it would have been nice to have SELinux activity reported in it. I still use logwatch so it would still be useful for me to see log data there. Unless, of course, logwatch is obsolete and there's some new, flashy systemd mail log that I'm supposed to be using that I wasn't told of. Well setroubleshoot-server does write to syslog when it interprets and AVC. On 03/19/2012 03:37 PM, Michał Piotrowski wrote: W dniu 19 marca 2012 15:27 użytkownik Daniel J Walsh napisał: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 10:16 AM, Michał Piotrowski wrote: setroubleshoot-server is the server componant. (dbus service) setroubleshoot is the client componant. We could put the info into systemd-journal. It would be great if there was a possibility to send logs to other machines. Lennart, what do you think about it? Centralized log system is nice feature. Why not use rsyslog? It certainly supports forwarding messages over network with something as simple as: /etc/rsyslog.d/remote.conf: :msg,contains,"avc:" @@central-box You can consume the audit logs with the imfile input module and send out messages as emails with ommail output module. This is an existing infrastructure that you can probably leverage to solve your use case. Tomas -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 03/20/2012 08:02 AM, Michael Cronenworth wrote: > On 03/19/2012 10:28 AM, Daniel J Walsh wrote: >> Well setroubleshoot-server does write to syslog when it interprets and >> AVC. > > Yes, but those messages are not picked up by logwatch so unless I > manually scan the syslog (which I have to do for this reason) I would > miss them. I guess this should be filed as a RFE with logwatch Rahul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 03/19/2012 10:28 AM, Daniel J Walsh wrote: Well setroubleshoot-server does write to syslog when it interprets and AVC. Yes, but those messages are not picked up by logwatch so unless I manually scan the syslog (which I have to do for this reason) I would miss them. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 10:36 AM, Michael Cronenworth wrote: > Daniel J Walsh wrote: >> We could put the info into systemd-journal. > > Back when sendmail and logwatch were part of the default install, > it would have been nice to have SELinux activity reported in it. I > still use logwatch so it would still be useful for me to see log > data there. > > Unless, of course, logwatch is obsolete and there's some new, > flashy systemd mail log that I'm supposed to be using that I wasn't > told of. Well setroubleshoot-server does write to syslog when it interprets and AVC. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9nUJkACgkQrlYvE4MpobNuvQCfUgcRbYLRLKA+v1iRN3QQ92XC 6g4AoOB8HOoC7xD+LSgjseeyy7vkZDjr =50eQ -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/19 Michael Cronenworth : > Michał Piotrowski wrote: >> >> Logwatch is great thing and I use it every day. But the problem is if >> you have multiple machines - you need to review a number of emails >> every day. So it seems to me that centralized log system would be >> great feature for large networks. > > > What's the difference between separate emails and one gigantic email? Or > perhaps I have misunderstood what you mean by centralized log system. I mean that was a possibility to have logs from all machines in network on one machine. I did not mean to keep it all in one log. > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
Michał Piotrowski wrote: Logwatch is great thing and I use it every day. But the problem is if you have multiple machines - you need to review a number of emails every day. So it seems to me that centralized log system would be great feature for large networks. What's the difference between separate emails and one gigantic email? Or perhaps I have misunderstood what you mean by centralized log system. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/19 Michael Cronenworth : > Daniel J Walsh wrote: >> >> We could put the info into systemd-journal. > > > Back when sendmail and logwatch were part of the default install, it would > have been nice to have SELinux activity reported in it. I still use logwatch > so it would still be useful for me to see log data there. Logwatch is great thing and I use it every day. But the problem is if you have multiple machines - you need to review a number of emails every day. So it seems to me that centralized log system would be great feature for large networks. > > Unless, of course, logwatch is obsolete and there's some new, flashy systemd > mail log that I'm supposed to be using that I wasn't told of. > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
W dniu 19 marca 2012 15:27 użytkownik Daniel J Walsh napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 03/19/2012 10:16 AM, Michał Piotrowski wrote: >> W dniu 19 marca 2012 15:13 użytkownik Michał Piotrowski >> napisał: >>> 2012/3/19 Daniel J Walsh : >> On 03/17/2012 11:25 PM, Dave Quigley wrote: >> On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 >> 05:38 AM, Matej Cepl wrote: > On 17.3.2012 10:18, Daniel J Walsh wrote: >> Here is the current httpd man page. >> >> http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > >> > >> >> >> > OK, in the end it IS a wiki ... > http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 > > > > > > >> > > Suggestions for further edits are welcome. > > Matěj > >> I would also suggest they use setroubleshoot. >> >> Suggesting setroubleshoot is fine but you need to also tell >> them how to set it up when they are running without X. One >> guy told me that setroubleshoot is fine and all but all his >> machines are headless so he doesn't have X and the nice >> little applet to notify him. I had to correct him and send >> him a reference to your page on how to set up >> setroubleshoot on headless machines so that the messages >> are sent to another box or to an email account. >> >> Dave >> >> >> Which brings up an interesting idea, I have been having, is there >> a better way of getting the setroubleshoot data from one machine >> to another. Originally setroubleshoot was designed to be able to >> push analysys upstream but we never turned it on. Now that we >> have simplified the XML output, we could look at allowing it to >> some how centralize its analysys, using a protocol more robust then >> email If anyone has a good idea of how or where we should do this, >> I am all ears. Is it possible to split setroubleshoot into two components: - gui - daemon that creates logs ? >> >>> I really did not use setroubleshoot for a few years - because I >>> don't use X, so please forgive my ignorance if it's already >>> splited :) >> > setroubleshoot-server is the server componant. (dbus service) > setroubleshoot is the client componant. > > We could put the info into systemd-journal. It would be great if there was a possibility to send logs to other machines. Lennart, what do you think about it? Centralized log system is nice feature. Logs can be stored in systemd-journal format. systemd-journal should have ability to forward logs on other machines. >> -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel >>> >>> >>> >>> -- Best regards, Michal >>> >>> http://eventhorizon.pl/ >> >> >> > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9nQmIACgkQrlYvE4MpobPMkACeImKNxcR3/AUqrJlwcnJ+sUsM > tacAniIGW9vXHWEDlaTqOPDw1xsDArhO > =Q+fI > -END PGP SIGNATURE- -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
Daniel J Walsh wrote: We could put the info into systemd-journal. Back when sendmail and logwatch were part of the default install, it would have been nice to have SELinux activity reported in it. I still use logwatch so it would still be useful for me to see log data there. Unless, of course, logwatch is obsolete and there's some new, flashy systemd mail log that I'm supposed to be using that I wasn't told of. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/19/2012 10:16 AM, Michał Piotrowski wrote: > W dniu 19 marca 2012 15:13 użytkownik Michał Piotrowski > napisał: >> 2012/3/19 Daniel J Walsh : > On 03/17/2012 11:25 PM, Dave Quigley wrote: > On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 > 05:38 AM, Matej Cepl wrote: On 17.3.2012 10:18, Daniel J Walsh wrote: > Here is the current httpd man page. > > http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > > > > OK, in the end it IS a wiki ... http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 > Suggestions for further edits are welcome. Matěj > I would also suggest they use setroubleshoot. > > Suggesting setroubleshoot is fine but you need to also tell > them how to set it up when they are running without X. One > guy told me that setroubleshoot is fine and all but all his > machines are headless so he doesn't have X and the nice > little applet to notify him. I had to correct him and send > him a reference to your page on how to set up > setroubleshoot on headless machines so that the messages > are sent to another box or to an email account. > > Dave > > > Which brings up an interesting idea, I have been having, is there > a better way of getting the setroubleshoot data from one machine > to another. Originally setroubleshoot was designed to be able to > push analysys upstream but we never turned it on. Now that we > have simplified the XML output, we could look at allowing it to > some how centralize its analysys, using a protocol more robust then > email If anyone has a good idea of how or where we should do this, > I am all ears. >>> >>> Is it possible to split setroubleshoot into two components: - >>> gui - daemon that creates logs ? > >> I really did not use setroubleshoot for a few years - because I >> don't use X, so please forgive my ignorance if it's already >> splited :) > setroubleshoot-server is the server componant. (dbus service) setroubleshoot is the client componant. We could put the info into systemd-journal. >>> >>> Logs can be stored in systemd-journal format. systemd-journal >>> should have ability to forward logs on other machines. >>> > >>> -- devel mailing list devel@lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/devel >> >> >> >> -- Best regards, Michal >> >> http://eventhorizon.pl/ > > > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9nQmIACgkQrlYvE4MpobPMkACeImKNxcR3/AUqrJlwcnJ+sUsM tacAniIGW9vXHWEDlaTqOPDw1xsDArhO =Q+fI -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
W dniu 19 marca 2012 15:13 użytkownik Michał Piotrowski napisał: > 2012/3/19 Daniel J Walsh : >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> On 03/17/2012 11:25 PM, Dave Quigley wrote: >>> On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 05:38 AM, >>> Matej Cepl wrote: >> On 17.3.2012 10:18, Daniel J Walsh wrote: >>> Here is the current httpd man page. >>> >>> http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html >> >>> >> >>> >> OK, in the end it IS a wiki ... >> http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 >> >> >> >> >> >> >> Suggestions for further edits are welcome. >> >> Matěj >> >>> I would also suggest they use setroubleshoot. >>> >>> Suggesting setroubleshoot is fine but you need to also tell them >>> how to set it up when they are running without X. One guy told me >>> that setroubleshoot is fine and all but all his machines are >>> headless so he doesn't have X and the nice little applet to notify >>> him. I had to correct him and send him a reference to your page on >>> how to set up setroubleshoot on headless machines so that the >>> messages are sent to another box or to an email account. >>> >>> Dave >> >> >> Which brings up an interesting idea, I have been having, is there a >> better way of getting the setroubleshoot data from one machine to >> another. Originally setroubleshoot was designed to be able to push >> analysys upstream but we never turned it on. Now that we have >> simplified the XML output, we could look at allowing it to some how >> centralize its analysys, using a protocol more robust then email If >> anyone has a good idea of how or where we should do this, I am all ears. > > Is it possible to split setroubleshoot into two components: > - gui > - daemon that creates logs > ? I really did not use setroubleshoot for a few years - because I don't use X, so please forgive my ignorance if it's already splited :) > > Logs can be stored in systemd-journal format. systemd-journal should > have ability to forward logs on other machines. > >> >> -BEGIN PGP SIGNATURE- >> Version: GnuPG v1.4.12 (GNU/Linux) >> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ >> >> iEYEARECAAYFAk9nPT4ACgkQrlYvE4MpobN57QCfQy3d/yHUVGKFBBCKS5C6JdTi >> BE0An3CUD3dAxiMVLCYfaYE+Zy0mzIUH >> =L61k >> -END PGP SIGNATURE- >> -- >> devel mailing list >> devel@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/devel > > > > -- > Best regards, > Michal > > http://eventhorizon.pl/ -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/19 Daniel J Walsh : > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 03/17/2012 11:25 PM, Dave Quigley wrote: >> On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 05:38 AM, >> Matej Cepl wrote: > On 17.3.2012 10:18, Daniel J Walsh wrote: >> Here is the current httpd man page. >> >> http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > >> > >> > OK, in the end it IS a wiki ... > http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 > > > > > > > Suggestions for further edits are welcome. > > Matěj > >> I would also suggest they use setroubleshoot. >> >> Suggesting setroubleshoot is fine but you need to also tell them >> how to set it up when they are running without X. One guy told me >> that setroubleshoot is fine and all but all his machines are >> headless so he doesn't have X and the nice little applet to notify >> him. I had to correct him and send him a reference to your page on >> how to set up setroubleshoot on headless machines so that the >> messages are sent to another box or to an email account. >> >> Dave > > > Which brings up an interesting idea, I have been having, is there a > better way of getting the setroubleshoot data from one machine to > another. Originally setroubleshoot was designed to be able to push > analysys upstream but we never turned it on. Now that we have > simplified the XML output, we could look at allowing it to some how > centralize its analysys, using a protocol more robust then email If > anyone has a good idea of how or where we should do this, I am all ears. Is it possible to split setroubleshoot into two components: - gui - daemon that creates logs ? Logs can be stored in systemd-journal format. systemd-journal should have ability to forward logs on other machines. > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9nPT4ACgkQrlYvE4MpobN57QCfQy3d/yHUVGKFBBCKS5C6JdTi > BE0An3CUD3dAxiMVLCYfaYE+Zy0mzIUH > =L61k > -END PGP SIGNATURE- > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 11:25 PM, Dave Quigley wrote: > On 3/17/2012 7:17 AM, Daniel J Walsh wrote: On 03/17/2012 05:38 AM, > Matej Cepl wrote: On 17.3.2012 10:18, Daniel J Walsh wrote: > Here is the current httpd man page. > > http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > > OK, in the end it IS a wiki ... http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 Suggestions for further edits are welcome. Matěj > I would also suggest they use setroubleshoot. > > Suggesting setroubleshoot is fine but you need to also tell them > how to set it up when they are running without X. One guy told me > that setroubleshoot is fine and all but all his machines are > headless so he doesn't have X and the nice little applet to notify > him. I had to correct him and send him a reference to your page on > how to set up setroubleshoot on headless machines so that the > messages are sent to another box or to an email account. > > Dave Which brings up an interesting idea, I have been having, is there a better way of getting the setroubleshoot data from one machine to another. Originally setroubleshoot was designed to be able to push analysys upstream but we never turned it on. Now that we have simplified the XML output, we could look at allowing it to some how centralize its analysys, using a protocol more robust then email If anyone has a good idea of how or where we should do this, I am all ears. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9nPT4ACgkQrlYvE4MpobN57QCfQy3d/yHUVGKFBBCKS5C6JdTi BE0An3CUD3dAxiMVLCYfaYE+Zy0mzIUH =L61k -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Tue, 13 Mar 2012 15:17:01 +0100, James Antill wrote: > http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/ch-httpd.html#S2-HTTPD-V2-DIFF-RPM > > ...but upstream explicitly requested that we change it. Where is that request? I see more upstream is pushing the "httpd" name instead of "apache": http://mail-archives.apache.org/mod_mbox/httpd-docs/201003.mbox/%3c4b92c085.2020...@rowe-clan.net%3E On Thu, 15 Mar 2012 09:38:16 +0100, Tomasz Torcz wrote: > Good question, we deviate from upstream default: > http://wiki.apache.org/httpd/DistrosDefaultLayout The upstream default ("apache2") should be fixed upstream first to "httpd", I guess it was created according to the incorrect naming in Debian. There is now upstream naming inconsistency. Jan -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
wasn't the topic about having debian's /etc/default/ instead of fedora's /etc/sysconfig/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 18.3.2012 04:25, Dave Quigley wrote: Suggesting setroubleshoot is fine but you need to also tell them how to set it up when they are running without X. One guy told me that setroubleshoot is fine and all but all his machines are headless so he doesn't have X and the nice little applet to notify him. I had to correct him and send him a reference to your page on how to set up setroubleshoot on headless machines so that the messages are sent to another box or to an email account. Go ahead, it is a wiki! Matěj -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 3/17/2012 7:17 AM, Daniel J Walsh wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 05:38 AM, Matej Cepl wrote: On 17.3.2012 10:18, Daniel J Walsh wrote: Here is the current httpd man page. http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html OK, in the end it IS a wiki ... http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 Suggestions for further edits are welcome. Matěj I would also suggest they use setroubleshoot. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9kctwACgkQrlYvE4MpobODGwCfaKgUBvbEBLALem3FnMo/yDJN lDYAn17aIAUIAvSmt8LD2tY4N33An+tF =uzJb -END PGP SIGNATURE- Suggesting setroubleshoot is fine but you need to also tell them how to set it up when they are running without X. One guy told me that setroubleshoot is fine and all but all his machines are headless so he doesn't have X and the nice little applet to notify him. I had to correct him and send him a reference to your page on how to set up setroubleshoot on headless machines so that the messages are sent to another box or to an email account. Dave -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 05:38 AM, Matej Cepl wrote: > On 17.3.2012 10:18, Daniel J Walsh wrote: >> Here is the current httpd man page. >> >> http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html > >> > OK, in the end it IS a wiki ... > http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 > > > > Suggestions for further edits are welcome. > > Matěj > I would also suggest they use setroubleshoot. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9kctwACgkQrlYvE4MpobODGwCfaKgUBvbEBLALem3FnMo/yDJN lDYAn17aIAUIAvSmt8LD2tY4N33An+tF =uzJb -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 17.3.2012 10:18, Daniel J Walsh wrote: Here is the current httpd man page. http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html OK, in the end it IS a wiki ... http://wiki.apache.org/httpd/DistrosDefaultLayout?action=diff&rev1=46&rev2=47 Suggestions for further edits are welcome. Matěj -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/17/2012 03:45 AM, Matej Cepl wrote: > On 16.3.2012 18:49, David Quigley wrote: >> Short of educating web server administrators about SELinux and >> the correct labels for web resources I'm not sure what else can >> be done. You don't want to use restorecond to make sure the >> directories are labeled properly because you could potentially >> use an improperly configured file upload capability to drop >> whatever pages you want onto the server and it would fixup the >> labels. Unfortunately education is the best option but not the >> easiest. > > I don't care that much about web admins (although, following the > saga of twit.tv being hacked again and again by scripts which could > be most likely prevented by SELinux is a sad sight), but this is > apache.org, for $DEITY sake! They should know more than your > average web admin. > > Matěj > Here is the current httpd man page. http://people.fedoraproject.org/~dwalsh/SELinux/httpd_selinux.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9kVswACgkQrlYvE4MpobMO9wCgwCR8+Xml+TVOYp7IKDXEgCW6 LmMAn3T9Ble+AVUBhFnkyrDqcLV7JYPs =Gjzi -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 16.3.2012 18:49, David Quigley wrote: Short of educating web server administrators about SELinux and the correct labels for web resources I'm not sure what else can be done. You don't want to use restorecond to make sure the directories are labeled properly because you could potentially use an improperly configured file upload capability to drop whatever pages you want onto the server and it would fixup the labels. Unfortunately education is the best option but not the easiest. I don't care that much about web admins (although, following the saga of twit.tv being hacked again and again by scripts which could be most likely prevented by SELinux is a sad sight), but this is apache.org, for $DEITY sake! They should know more than your average web admin. Matěj -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/16/2012 12:47 PM, Adam Williamson wrote: > On Fri, 2012-03-16 at 09:56 +0100, Matej Cepl wrote: >> On 15.3.2012 09:38, Tomasz Torcz wrote: Why and why just us? >>> >>> Good question, we deviate from upstream default: >>> http://wiki.apache.org/httpd/DistrosDefaultLayout >> >> Do we have somebody to make the stupid item 3 go away? >> >> # If you're having issues with authorization and your permissions >> are # correct make sure that you try testing with SELinux turned >> off. Run # 'setenforce 0' and use 'chcon' to fix permissions. Run >> 'ls -alZ' to # view the current permissions.' SELinux first >> appeared in Fedora Core # 3, RHEL 4, and CentOS 4. >> >> httpd in Fedora/RHEL/CentOS works with SELinux just fine. >> Anything else are bugs, which need to be filed. > > Well, it works just fine so long as you understand the various > httpd contexts and that you'll have to set the context on any file > that things running on your server genuinely need to be able to > write. So we should probably ask them to link to > http://linux.die.net/man/8/httpd_selinux or something similar. We just released much -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jeXMACgkQrlYvE4MpobNnhgCcCCRuwUuuBAb3UWff1ue3BuL/ auAAn1gzFt88Wa7rins76Ay9Z+OP/618 =pK4U -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 03/16/2012 04:56, Matej Cepl wrote: On 15.3.2012 09:38, Tomasz Torcz wrote: Why and why just us? Good question, we deviate from upstream default: http://wiki.apache.org/httpd/DistrosDefaultLayout Do we have somebody to make the stupid item 3 go away? # If you're having issues with authorization and your permissions are # correct make sure that you try testing with SELinux turned off. Run # 'setenforce 0' and use 'chcon' to fix permissions. Run 'ls -alZ' to # view the current permissions.' SELinux first appeared in Fedora Core # 3, RHEL 4, and CentOS 4. httpd in Fedora/RHEL/CentOS works with SELinux just fine. Anything else are bugs, which need to be filed. Matěj Short of educating web server administrators about SELinux and the correct labels for web resources I'm not sure what else can be done. You don't want to use restorecond to make sure the directories are labeled properly because you could potentially use an improperly configured file upload capability to drop whatever pages you want onto the server and it would fixup the labels. Unfortunately education is the best option but not the easiest. Dave -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Fri, 2012-03-16 at 09:56 +0100, Matej Cepl wrote: > On 15.3.2012 09:38, Tomasz Torcz wrote: > >> Why and why just us? > > > > Good question, we deviate from upstream default: > > http://wiki.apache.org/httpd/DistrosDefaultLayout > > Do we have somebody to make the stupid item 3 go away? > > # If you're having issues with authorization and your permissions are > # correct make sure that you try testing with SELinux turned off. Run > # 'setenforce 0' and use 'chcon' to fix permissions. Run 'ls -alZ' to > # view the current permissions.' SELinux first appeared in Fedora Core > # 3, RHEL 4, and CentOS 4. > > httpd in Fedora/RHEL/CentOS works with SELinux just fine. Anything else > are bugs, which need to be filed. Well, it works just fine so long as you understand the various httpd contexts and that you'll have to set the context on any file that things running on your server genuinely need to be able to write. So we should probably ask them to link to http://linux.die.net/man/8/httpd_selinux or something similar. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 15.3.2012 09:38, Tomasz Torcz wrote: Why and why just us? Good question, we deviate from upstream default: http://wiki.apache.org/httpd/DistrosDefaultLayout Do we have somebody to make the stupid item 3 go away? # If you're having issues with authorization and your permissions are # correct make sure that you try testing with SELinux turned off. Run # 'setenforce 0' and use 'chcon' to fix permissions. Run 'ls -alZ' to # view the current permissions.' SELinux first appeared in Fedora Core # 3, RHEL 4, and CentOS 4. httpd in Fedora/RHEL/CentOS works with SELinux just fine. Anything else are bugs, which need to be filed. Matěj -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Thu, Mar 15, 2012 at 07:44:53AM +, "Jóhann B. Guðmundsson" wrote: > On 03/13/2012 02:17 PM, James Antill wrote: > >On Sat, 2012-03-10 at 18:20 +, Richard W.M. Jones wrote: > >>'Course we could go further and rename /etc/httpd -> /etc/apache (and > >>rename the package, both matching Debian), which should have been done > >>a long time ago. > > It used to be like that: > > > >http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/ch-httpd.html#S2-HTTPD-V2-DIFF-RPM > > > >...but upstream explicitly requested that we change it. > > > > Why and why just us? Good question, we deviate from upstream default: http://wiki.apache.org/httpd/DistrosDefaultLayout -- Tomasz Torcz "God, root, what's the difference?" xmpp: zdzich...@chrome.pl "God is more forgiving." -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 03/13/2012 02:17 PM, James Antill wrote: On Sat, 2012-03-10 at 18:20 +, Richard W.M. Jones wrote: 'Course we could go further and rename /etc/httpd -> /etc/apache (and rename the package, both matching Debian), which should have been done a long time ago. It used to be like that: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/ch-httpd.html#S2-HTTPD-V2-DIFF-RPM ...but upstream explicitly requested that we change it. Why and why just us? JBG -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Sat, 2012-03-10 at 18:20 +, Richard W.M. Jones wrote: > 'Course we could go further and rename /etc/httpd -> /etc/apache (and > rename the package, both matching Debian), which should have been done > a long time ago. It used to be like that: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/3/html/Reference_Guide/ch-httpd.html#S2-HTTPD-V2-DIFF-RPM ...but upstream explicitly requested that we change it. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Thu, Mar 08, 2012 at 05:20:35PM +0100, Kay Sievers wrote: > So, please all just use a subdir directly in /etc with the name of the > package/subsystem, and put your files in there, This really ought to be a Fedora guideline. It is a recommendation in Debian, and has been since as long as I can remember, and results in Debian being much more consistent about where config files can be found. 'Course we could go further and rename /etc/httpd -> /etc/apache (and rename the package, both matching Debian), which should have been done a long time ago. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) http://cocan.org/getting_started_with_ocaml_on_red_hat_and_fedora -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Tue, Mar 6, 2012 at 17:21, Daniel J Walsh wrote: >> Why /etc/default dir is used instead of /etc/sysconfig? To be >> honest - it's not really user friendly from long time RH Linux user >> POV. >> > Just disable SELinux in /etc/selinux/config. Which is exactly the use model of /etc we recommend everybody to follow. /etc is *system config* and might be *default*, using another subdirectory with that name is superfluous. /etc/defaults/ makes no real sense to start with. It's either a 'default', then it belongs into the service compiled-in, or it is local *system config* data, and then it's not a *default* anymore. People who introduced that the first time seem just confused by default. :) /etc/sysconfig/ is a fedora'ism that we try to avoid as much as possible. It only manifests the Linux balkanization, which hurts everybody in the end. We shoud phase that out, it should only be reserved for legacy hacks nobody wants to fix, and not be used for anything new. So, please all just use a subdir directly in /etc with the name of the package/subsystem, and put your files in there, that's what /etc is for, it is already *default* and *system config*. And please name and layout everything in a way that upstream can ship it identical for every distro, we really need to end the useless differences between the distros. Thanks, Kay -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Tue, 2012-03-06 at 11:27 -0500, Paul Wouters wrote: > On Tue, 6 Mar 2012, Daniel J Walsh wrote: > > >> Why /etc/default dir is used instead of /etc/sysconfig? To be > >> honest - it's not really user friendly from long time RH Linux user > >> POV. > >> > > Just disable SELinux in /etc/selinux/config. > > Or the more obvious place for people with /etc/sysconfig hardcoded in > their brain, /etc/sysconfig/selinux :) > > Though to be honest, F17 is the first version where I have been working > with selinux enabled for more then two days. In fact, I have left it > enabled since I installed F17 weeks ago. > > I think the only somewhat "valid" reason to disabled selinux is if people > are using special directories they made up, eg /vol or /opt or anything. > (or when copying/dealing with /var/lib/libvirtd/images content in other > locations :) Using /vol /opt and other special directories semanage fcontext is your best friend. It is easily manageable to have your own directories for content with SElinux. Problems start to appear when you need to share some content files between daemons/services that are not shareable with the stock SELinux policy as that means you need to start to add policy modules to allow the access. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
W dniu 6 marca 2012 17:49 użytkownik Daniel J Walsh napisał: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > On 03/06/2012 11:38 AM, Michał Piotrowski wrote: >> 2012/3/6 Pádraig Brady : >>> On 03/06/2012 04:21 PM, Daniel J Walsh wrote: On 03/05/2012 03:20 PM, Michał Piotrowski wrote: > Hi, > I wanted to add "selinux=0" to the kernel command line on > F17. I checked /etc/sysconfig/, /etc/grub.d/, next I started > to read /etc/grub.d/10_linux (this new grub2 is so user > friendly..) and I found ${GRUB_CMDLINE_LINUX}. So I grepped > /etc for GRUB_CMDLINE_LINUX. I found file: /etc/default/grub > Why /etc/default dir is used instead of /etc/sysconfig? To > be honest - it's not really user friendly from long time RH > Linux user POV. Just disable SELinux in /etc/selinux/config. >>> >>> There are subtle differences with doing that apparently. >>> http://lists.gnu.org/archive/html/coreutils/2012-02/msg00176.html >> >>> >> Once I had a problem to disable SELinux through >> /etc/sysconfig/selinux - there was a problem with the policy, >> systemd releated or something like that. So I use big hammer - >> selinux=0. >> >>> >>> cheers, Pádraig. -- devel mailing list >>> devel@lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/devel >> >> >> > > > I hope this does not get taken out of context. > > SLASHDOT/Dan Walsh says disable SELinux. :^) > > You should try to run with SELinux on or in permissive mode. Now I have a laptop with CPU that is virtualization capable, so if I find a little more free time I'll try to prepare configuration on VM. > > But if you feel you have to disable SELinux, use the config file. If > there are bugs we need to know about them and fix them. > > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.12 (GNU/Linux) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ > > iEYEARECAAYFAk9WQAQACgkQrlYvE4MpobMoTQCgvbQk8eKnJNcqAkDUrO2WDVJa > hrIAnR1+2KVLMkD56P5ADtU1dcXWx+Cq > =3VyF > -END PGP SIGNATURE- -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 3/6/2012 11:27 AM, Paul Wouters wrote: On Tue, 6 Mar 2012, Daniel J Walsh wrote: Why /etc/default dir is used instead of /etc/sysconfig? To be honest - it's not really user friendly from long time RH Linux user POV. Just disable SELinux in /etc/selinux/config. Or the more obvious place for people with /etc/sysconfig hardcoded in their brain, /etc/sysconfig/selinux :) Though to be honest, F17 is the first version where I have been working with selinux enabled for more then two days. In fact, I have left it enabled since I installed F17 weeks ago. I think the only somewhat "valid" reason to disabled selinux is if people are using special directories they made up, eg /vol or /opt or anything. (or when copying/dealing with /var/lib/libvirtd/images content in other locations :) Paul Alternatively you could look at Dan Walsh's 4 things SELinux is trying to tell you talk and in about 30 minutes figure out how to make those special directories work and not disable the security on your system. Dave -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/06/2012 11:38 AM, Michał Piotrowski wrote: > 2012/3/6 Pádraig Brady : >> On 03/06/2012 04:21 PM, Daniel J Walsh wrote: >>> On 03/05/2012 03:20 PM, Michał Piotrowski wrote: Hi, >>> I wanted to add "selinux=0" to the kernel command line on F17. I checked /etc/sysconfig/, /etc/grub.d/, next I started to read /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for GRUB_CMDLINE_LINUX. I found file: /etc/default/grub >>> Why /etc/default dir is used instead of /etc/sysconfig? To be honest - it's not really user friendly from long time RH Linux user POV. >>> >>> Just disable SELinux in /etc/selinux/config. >> >> There are subtle differences with doing that apparently. >> http://lists.gnu.org/archive/html/coreutils/2012-02/msg00176.html > >> > Once I had a problem to disable SELinux through > /etc/sysconfig/selinux - there was a problem with the policy, > systemd releated or something like that. So I use big hammer - > selinux=0. > >> >> cheers, Pádraig. -- devel mailing list >> devel@lists.fedoraproject.org >> https://admin.fedoraproject.org/mailman/listinfo/devel > > > I hope this does not get taken out of context. SLASHDOT/Dan Walsh says disable SELinux. :^) You should try to run with SELinux on or in permissive mode. But if you feel you have to disable SELinux, use the config file. If there are bugs we need to know about them and fix them. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9WQAQACgkQrlYvE4MpobMoTQCgvbQk8eKnJNcqAkDUrO2WDVJa hrIAnR1+2KVLMkD56P5ADtU1dcXWx+Cq =3VyF -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/6 Pádraig Brady : > On 03/06/2012 04:21 PM, Daniel J Walsh wrote: >> On 03/05/2012 03:20 PM, Michał Piotrowski wrote: >>> Hi, >> >>> I wanted to add "selinux=0" to the kernel command line on F17. I >>> checked /etc/sysconfig/, /etc/grub.d/, next I started to read >>> /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I >>> found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for >>> GRUB_CMDLINE_LINUX. I found file: /etc/default/grub >> >>> Why /etc/default dir is used instead of /etc/sysconfig? To be >>> honest - it's not really user friendly from long time RH Linux user >>> POV. >> >> Just disable SELinux in /etc/selinux/config. > > There are subtle differences with doing that apparently. > http://lists.gnu.org/archive/html/coreutils/2012-02/msg00176.html Once I had a problem to disable SELinux through /etc/sysconfig/selinux - there was a problem with the policy, systemd releated or something like that. So I use big hammer - selinux=0. > > cheers, > Pádraig. > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/6 Paul Wouters : > On Tue, 6 Mar 2012, Daniel J Walsh wrote: > >>> Why /etc/default dir is used instead of /etc/sysconfig? To be >>> honest - it's not really user friendly from long time RH Linux user >>> POV. >>> >> Just disable SELinux in /etc/selinux/config. > > > Or the more obvious place for people with /etc/sysconfig hardcoded in > their brain, /etc/sysconfig/selinux :) > > Though to be honest, F17 is the first version where I have been working > with selinux enabled for more then two days. In fact, I have left it > enabled since I installed F17 weeks ago. > > I think the only somewhat "valid" reason to disabled selinux is if people > are using special directories they made up, eg /vol or /opt or anything. > (or when copying/dealing with /var/lib/libvirtd/images content in other > locations :) I do a lot of "stupid things" on my development systems. Some things I keep in /home/data, I've got many /home/samba* dirs and project dirs in /home/michal/projekty that need to be shared on samba and need to be accesible by httpd servers. I never had time to deal with SELinux on development system :) > > Paul > > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On 03/06/2012 04:21 PM, Daniel J Walsh wrote: > On 03/05/2012 03:20 PM, Michał Piotrowski wrote: >> Hi, > >> I wanted to add "selinux=0" to the kernel command line on F17. I >> checked /etc/sysconfig/, /etc/grub.d/, next I started to read >> /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I >> found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for >> GRUB_CMDLINE_LINUX. I found file: /etc/default/grub > >> Why /etc/default dir is used instead of /etc/sysconfig? To be >> honest - it's not really user friendly from long time RH Linux user >> POV. > > Just disable SELinux in /etc/selinux/config. There are subtle differences with doing that apparently. http://lists.gnu.org/archive/html/coreutils/2012-02/msg00176.html cheers, Pádraig. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Tue, 6 Mar 2012, Daniel J Walsh wrote: Why /etc/default dir is used instead of /etc/sysconfig? To be honest - it's not really user friendly from long time RH Linux user POV. Just disable SELinux in /etc/selinux/config. Or the more obvious place for people with /etc/sysconfig hardcoded in their brain, /etc/sysconfig/selinux :) Though to be honest, F17 is the first version where I have been working with selinux enabled for more then two days. In fact, I have left it enabled since I installed F17 weeks ago. I think the only somewhat "valid" reason to disabled selinux is if people are using special directories they made up, eg /vol or /opt or anything. (or when copying/dealing with /var/lib/libvirtd/images content in other locations :) Paul -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 03/05/2012 03:20 PM, Michał Piotrowski wrote: > Hi, > > I wanted to add "selinux=0" to the kernel command line on F17. I > checked /etc/sysconfig/, /etc/grub.d/, next I started to read > /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I > found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for > GRUB_CMDLINE_LINUX. I found file: /etc/default/grub > > Why /etc/default dir is used instead of /etc/sysconfig? To be > honest - it's not really user friendly from long time RH Linux user > POV. > Just disable SELinux in /etc/selinux/config. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9WOXAACgkQrlYvE4MpobOO9gCfW7AcfumcGL4tpinoMKHw3kKr 6WYAniE6FG4UuumbrJYLZ7KOV8/4a0H5 =6/u0 -END PGP SIGNATURE- -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Mar 5, 2012, at 3:24 PM, Adam Williamson wrote: > > But then, we already 'invalidate upstream documentation for Fedora > users' by renaming all the command-line tools from 'grub-foo' to > 'grub2-foo'. Indeed, I lost about 47 brain cells on this issue alone. (By no means is it the winner for GRUB induced brain damage.) Chris Murphy -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Mon, 2012-03-05 at 21:37 +0100, Lars Seipel wrote: > On Monday 05 March 2012 21:20:12 Michał Piotrowski wrote: > > Why /etc/default dir is used instead of /etc/sysconfig? To be honest - > > it's not really user friendly from long time RH Linux user POV. > > It's what upstream uses. See > http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration > > Changing it would invalidate upstream documentation for Fedora users. But then, we already 'invalidate upstream documentation for Fedora users' by renaming all the command-line tools from 'grub-foo' to 'grub2-foo'. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
W dniu 5 marca 2012 21:40 użytkownik Michał Piotrowski napisał: > 2012/3/5 Lars Seipel : >> On Monday 05 March 2012 21:20:12 Michał Piotrowski wrote: >>> Why /etc/default dir is used instead of /etc/sysconfig? To be honest - >>> it's not really user friendly from long time RH Linux user POV. >> >> It's what upstream uses. See >> http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration >> >> Changing it would invalidate upstream documentation for Fedora users. > > Simple link to /etc/sysconfig/ will solve the problem. I created the bug report for this https://bugzilla.redhat.com/show_bug.cgi?id=800152 -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/5 Lars Seipel : > On Monday 05 March 2012 21:20:12 Michał Piotrowski wrote: >> Why /etc/default dir is used instead of /etc/sysconfig? To be honest - >> it's not really user friendly from long time RH Linux user POV. > > It's what upstream uses. See > http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration > > Changing it would invalidate upstream documentation for Fedora users. Simple link to /etc/sysconfig/ will solve the problem. > > Lars > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/5 Bill Nottingham : > Michał Piotrowski (mkkp...@gmail.com) said: >> I wanted to add "selinux=0" to the kernel command line on F17. I >> checked /etc/sysconfig/, /etc/grub.d/, next I started to read >> /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I >> found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for GRUB_CMDLINE_LINUX. >> I found file: >> /etc/default/grub >> >> Why /etc/default dir is used instead of /etc/sysconfig? To be honest - >> it's not really user friendly from long time RH Linux user POV. > > shadow-utils and glibc have been using /etc/default since 2004, at least. > I suppose it depends on the package... Agrees. But somehow I never have a need to configure glibc :) Grub configuration is more frequent task. > > Bill > -- > devel mailing list > devel@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/devel -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
On Monday 05 March 2012 21:20:12 Michał Piotrowski wrote: > Why /etc/default dir is used instead of /etc/sysconfig? To be honest - > it's not really user friendly from long time RH Linux user POV. It's what upstream uses. See http://www.gnu.org/software/grub/manual/grub.html#Simple-configuration Changing it would invalidate upstream documentation for Fedora users. Lars -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
Michał Piotrowski (mkkp...@gmail.com) said: > I wanted to add "selinux=0" to the kernel command line on F17. I > checked /etc/sysconfig/, /etc/grub.d/, next I started to read > /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I > found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for GRUB_CMDLINE_LINUX. > I found file: > /etc/default/grub > > Why /etc/default dir is used instead of /etc/sysconfig? To be honest - > it's not really user friendly from long time RH Linux user POV. shadow-utils and glibc have been using /etc/default since 2004, at least. I suppose it depends on the package... Bill -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
Re: /etc/default in Fedora
2012/3/5 Michał Piotrowski : > So I grepped /etc for GRUB_CMDLINE_LINUX. > I found file: > /etc/default/grub > > Why /etc/default dir is used instead of /etc/sysconfig? To be honest - > it's not really user friendly from long time RH Linux user POV. I run Grub2 from upstream and the file is /usr/local/etc/default/grub (I did not change the default). Maybe this explains what you found. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
/etc/default in Fedora
Hi, I wanted to add "selinux=0" to the kernel command line on F17. I checked /etc/sysconfig/, /etc/grub.d/, next I started to read /etc/grub.d/10_linux (this new grub2 is so user friendly..) and I found ${GRUB_CMDLINE_LINUX}. So I grepped /etc for GRUB_CMDLINE_LINUX. I found file: /etc/default/grub Why /etc/default dir is used instead of /etc/sysconfig? To be honest - it's not really user friendly from long time RH Linux user POV. -- Best regards, Michal http://eventhorizon.pl/ -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel