Re: selinux
tim wrote: > I need to determine the state of selinux on an xo4 running 32014o4.zd. I nonexistent. it's not in the kernel. > notice that /etc/selinux/config does not exist. Can someone tell me what is > the best way to determine whether selinux is disabled and if not if it is > permissive? you can "gunzip -c /proc/config.gz | grep SECURITY" to see that no security options are enabled. i'm not sure what "and if not if it is permissive" means. paul =-- paul fox, p...@laptop.org ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
selinux
I need to determine the state of selinux on an xo4 running 32014o4.zd. I notice that /etc/selinux/config does not exist. Can someone tell me what is the best way to determine whether selinux is disabled and if not if it is permissive? ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel
Re: [Server-devel] Anaconda installs OOM with selinux-policy-targeted rpm from F9 updates
On Fri, Nov 07, 2008 at 01:13:38AM -0500, Martin Langhoff wrote: > One the last rounds of testing the new release of OLPCXS, I rebuilt it > with fresh packages from F9 update and started testing the installer. > Funny thing, the install did not complete -- instead, the machine > would switch off after spending a few minutes trying to install > selinux-policy-targeted. > > After a few attempts to diagnose the problem, I managed to see vmstat > go all the way down to almost 0 memory just before the machine turned > itself off. This particular machine has ~980MB RAM available to the > OS. Tested on another machine with a proper 1GB memory, vmstat hit > bottom at ~10MB free while installing selinux-policy-targeted but > quickly recovered. > > I know I've installed earlier F9 based spins on machines with 512 MB > of physical RAM so this seems like a fairly bad regression, specially > considering that I'll soon need to install this on a machine with > 256MB RAM. > > So I suspect we have 2 problems > > - Selinux-policy-targeted instalation seems to have balooned into a > memory hog between f9-release and f9-updates > > - Anaconda OOMs without a warning or useful message to the user > > Has anyone else seen this? Diagnostics to recommend? I can > successfully log anything to disk until moments before the OOM > shutdown. Did you configure any swap ? If no, then there's really not much that we can do if something uses more than available system RAM. If you did, it might be interesting to try (from tty2) echo 1 > /proc/sys/vm/would_have_oomkilled That will prevent the actually 'killing', but will still log all the same output that the oomkiller would have spewed. It might be interesting to see that output. If you're drastically low enough on memory to invoke an OOM kill though, setting that sysctl may just mean the system livelocks. Dave -- http://www.codemonkey.org.uk ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Anaconda installs OOM with selinux-policy-targeted rpm from F9 updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Langhoff wrote: > On Fri, Nov 7, 2008 at 9:49 AM, Daniel J Walsh <[EMAIL PROTECTED]> wrote: >> selinux-policy-targeted is a memory hog, but it should not have changed >> that drastically in updates. >> >> Is this repeatable? > > 100% repeatable on the 3 attempts on the lower-mem machine. On the same machin > > The package selinux-policy-targeted 3.3.1 103.fc9 -- I am running a > couple of additional installs to gather more information. > > On Fri, Nov 7, 2008 at 9:59 AM, Chris Lumens <[EMAIL PROTECTED]> wrote: >>> - Anaconda OOMs without a warning or useful message to the user >> I don't believe there's any way for anaconda to know this, and there's >> certainly no way for us to do anything about it. > > Well, the behaviour is really weird. Perhaps there is no OOM killer in > place during an anaconda install? If there was, it'd expect the rpm > process or anaconda to be shot down -- but the machine is halting > instead, it literally switches off. > > Whatever is bootstrapping anaconda (init script in the initrd?) should > be able to at least see the odd exit status and echo a "something went > wrong" msg...? Maybe that's the problem? > > cheers, > > > > m Well selinux-policy-targeted is not supported on olpc so you should probably exclude it from the install. I can not imagine what in updates caused it to grow. Upgrades add rules but usually not a large amount. Going from Fedora 9 to 10 could be a problem. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkUYkQACgkQrlYvE4MpobP7iwCeMpfEbsKEmvbp1oaAM5U9akG+ l8IAoIOlHoMsPXo6T36A/UWER0mtLMIS =3pHW -END PGP SIGNATURE- ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Anaconda installs OOM with selinux-policy-targeted rpm from F9 updates
> - Anaconda OOMs without a warning or useful message to the user I don't believe there's any way for anaconda to know this, and there's certainly no way for us to do anything about it. - Chris ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Anaconda installs OOM with selinux-policy-targeted rpm from F9 updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Langhoff wrote: > One the last rounds of testing the new release of OLPCXS, I rebuilt it > with fresh packages from F9 update and started testing the installer. > Funny thing, the install did not complete -- instead, the machine > would switch off after spending a few minutes trying to install > selinux-policy-targeted. > > After a few attempts to diagnose the problem, I managed to see vmstat > go all the way down to almost 0 memory just before the machine turned > itself off. This particular machine has ~980MB RAM available to the > OS. Tested on another machine with a proper 1GB memory, vmstat hit > bottom at ~10MB free while installing selinux-policy-targeted but > quickly recovered. > > I know I've installed earlier F9 based spins on machines with 512 MB > of physical RAM so this seems like a fairly bad regression, specially > considering that I'll soon need to install this on a machine with > 256MB RAM. > > So I suspect we have 2 problems > > - Selinux-policy-targeted instalation seems to have balooned into a > memory hog between f9-release and f9-updates > > - Anaconda OOMs without a warning or useful message to the user > > Has anyone else seen this? Diagnostics to recommend? I can > successfully log anything to disk until moments before the OOM > shutdown. > > Will post version numbers of the selinux rpm tomorrow when I get back > in front of the offending machine and installer image. Apologies for > the vagueness :-) > > cheers, > > > > m selinux-policy-targeted is a memory hog, but it should not have changed that drastically in updates. Is this repeatable? -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkkUVZQACgkQrlYvE4MpobNfJQCgkYO4qEHY74KbRuTHrM16FgNg F7MAn2IK03lRzhhBO4RfMSs57ysHfY/L =QegF -END PGP SIGNATURE- ___ Server-devel mailing list [EMAIL PROTECTED] http://lists.laptop.org/listinfo/server-devel
[Fwd: XACE-SELINUX branch ready for merge]
Maybe interesting for hardening our security system. Original Message Subject: XACE-SELINUX branch ready for merge Date: Thu, 29 Nov 2007 17:44:30 -0500 From: Eamon Walsh <[EMAIL PROTECTED]> To: Xorg List <[EMAIL PROTECTED]> The XACE-SELINUX branch contains a rework of the devPrivates system used to store private data, a new version of the XACE (X Access Control Extension) security hook framework, a protocol name registry, a reworked XC-SECURITY extension (disabled by default), and an under-development SELinux extension (also disabled by default). I've been running GNOME on it without any issues, all the major drivers compile against it and I've tested with vesa and intel (and continue to rebuild and test). I've put up the complete patchset with some basic annotations at http://people.freedesktop.org/~ewalsh/xace_selinux_merge_patch/ The total damage from the patch is 398 files changed, 7785 insertions(+), 7604 deletions(-). I think it's about ready to land on master; I have been working on the branch for 18 months and will continue working in master. Comments? -- Eamon Walsh <[EMAIL PROTECTED]> National Security Agency ___ xorg mailing list [EMAIL PROTECTED] http://lists.freedesktop.org/mailman/listinfo/xorg -- \___/ |___| Bernardo Innocenti - http://www.codewiz.org/ \___\ One Laptop Per Child - http://www.laptop.org/ ___ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel