Re: [Fedora-livecd-list] Revised: [PATCH] turboLiveInst - improves livecd/usb installer speed by 15-20+%
On Wed, 2007-09-05 at 09:58 -0400, Jeremy Katz wrote: > I think that some of the above will go a long way towards making things > look nicer which is going to make me more amenable to it. I still don't > necessarily _like_ it because I still think that it makes anaconda > depend a bit too much on a lot of the details; but I guess as long as it > can fall back cleanly in the absence of the bits, that just means a > larger testing matrix. The extra details that anaconda will know about is "if there is an osmin.img, use that to create a snapshot device on top of os.img". That does raise an interesting question, I think ... there is a "protocol" between livecd-tools and anaconda, which would suggest that the kickstart configs should require[1] a minimal version of anaconda and, also, that anaconda needs to continue supporting older versions of the protocol for a while. Maybe a good way to express it would be for the anaconda RPM to "Provides: livecd-protocol = 1" and have livecd-creator check whether any of the repos provide the appropriate version before creating the livecd? (In this case, though, we probably wouldn't bump the protocol number since the fallbacks ensure continued compatibility) Just a thought ... Cheers, Mark. [1] - Yeah, I know kickstart can't do that. -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
[Fedora-livecd-list] No /home/fedora/.bashrc with selinux=1
Hi.
I've noticed a little problem when booting with selinux
enabled: /home/fedora/.bashrc would not be copied/created. When booting
with enforcing=0 all would be fine so I assume this is a selinux
problem. But I've found no entry in /var/log/messages
or /var/log/audit/audit.log.
When I create a new user with adduser the bashrc is there.
Any suggestion how to debug this? I've attached audit.log and messages
if I've overlooked something (booted with selinux=1).
Sebastian
type=DAEMON_START msg=audit(1189090435.629:164): auditd start, ver=1.6, format=raw, auid=4294967295 pid=2390 res=success, auditd pid=2390
type=CONFIG_CHANGE msg=audit(1189090435.737:6): audit_enabled=1 old=0 by auid=4294967295 subj=system_u:system_r:auditd_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1189090435.737:7): audit_enabled=1 old=0 by auid=4294967295 res=1
type=CONFIG_CHANGE msg=audit(1189090435.792:8): audit_backlog_limit=320 old=64 by auid=4294967295 subj=system_u:system_r:auditctl_t:s0 res=1
type=CONFIG_CHANGE msg=audit(1189090435.793:9): audit_backlog_limit=320 old=64 by auid=4294967295 res=1
type=ANOM_ABEND msg=audit(1189090446.958:10): auid=4294967295 uid=499 gid=497 subj=system_u:system_r:avahi_t:s0 pid=2739 comm="avahi-daemon" sig=11
type=USER_AUTH msg=audit(1189090479.378:11): user pid=2966 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct=fedora exe="/usr/bin/kdm" (hostname=?, addr=?, terminal=:0 res=success)'
type=USER_ACCT msg=audit(1189090479.414:12): user pid=2966 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct=fedora exe="/usr/bin/kdm" (hostname=?, addr=?, terminal=:0 res=success)'
type=AVC msg=audit(1189090480.030:13): avc: denied { ptrace } for pid=2978 comm="pidof" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1189090480.030:13): arch=4003 syscall=85 success=no exit=-13 a0=bfa833c8 a1=88fe5e8 a2=1000 a3=88fe428 items=0 ppid=2974 pid=2978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pidof" exe="/sbin/killall5" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1189090480.034:14): avc: denied { ptrace } for pid=2978 comm="pidof" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1189090480.034:14): arch=4003 syscall=85 success=no exit=-13 a0=bfa833c8 a1=88ff5f0 a2=1000 a3=88fe458 items=0 ppid=2974 pid=2978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pidof" exe="/sbin/killall5" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1189090480.037:15): avc: denied { ptrace } for pid=2978 comm="pidof" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=process
type=SYSCALL msg=audit(1189090480.037:15): arch=4003 syscall=85 success=no exit=-13 a0=bfa833c8 a1=89005f8 a2=1000 a3=88fe4a8 items=0 ppid=2974 pid=2978 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="pidof" exe="/sbin/killall5" subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 key=(null)
type=CRED_ACQ msg=audit(1189090480.098:16): user pid=2966 uid=0 auid=4294967295 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct=fedora exe="/usr/bin/kdm" (hostname=?, addr=?, terminal=:0 res=success)'
type=LOGIN msg=audit(1189090480.123:17): login pid=2966 uid=0 old auid=4294967295 new auid=500
type=USER_ROLE_CHANGE msg=audit(1189090480.313:18): user pid=2966 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='pam: default-context=system_u:system_r:unconfined_t:s0 selected-context=system_u:system_r:unconfined_t:s0: exe="/usr/bin/kdm" (hostname=?, addr=?, terminal=? res=success)'
type=USER_START msg=audit(1189090480.365:19): user pid=2966 uid=0 auid=500 subj=system_u:system_r:xdm_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct=fedora exe="/usr/bin/kdm" (hostname=?, addr=?, terminal=:0 res=success)'
type=USER_AUTH msg=audit(1189090602.753:20): user pid=3412 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:authentication acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
type=USER_ACCT msg=audit(1189090602.758:21): user pid=3412 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:accounting acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
type=USER_START msg=audit(1189090602.867:22): user pid=3412 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:session_open acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
type=CRED_ACQ msg=audit(1189090602.869:23): user pid=3412 uid=500 auid=500 subj=system_u:system_r:unconfined_t:s0 msg='op=PAM:setcred acct=root exe="/bin/su" (hostname=?, addr=?, terminal=pts/1 res=success)'
type=USER_CHAUTHTOK msg=
Re: [Fedora-livecd-list] enabling swaps automatically a good idea?
On Wed, 05 Sep 2007 23:39:05 -0500 Douglas McClendon <[EMAIL PROTECTED]> wrote: > I noticed the recent commit that enables usage of swap partitions > automatically. I'm not so sure this is a good idea. This seems like > it would break the case, of me having F7 installed, downloading and > burning the f8(t3)-livecd iso, doing a pm-hibernate, and then booting > f8(t3)-livecd, and then wanting to resume my F7 system after testing > f8(t3)-livecd. I was under the assumption that it was scanned for a suspend signature before being enabled. But I didn't look at the code to verify. -- Jesse Keating Fedora -- All my bits are free, are yours? signature.asc Description: PGP signature -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] Building a LiveCD
Jeremy Katz wrote: > On Wed, 2007-09-05 at 14:56 -0600, Gary Thomas wrote: >> I follow this list and have read the README and Wiki, but >> I still have questions. To start, is there any documentation >> other than the sources (the README and Wiki are pretty sparse). >> Most of my questions are detailed and not x86 mainline :-) > > The README is really the extent of the current docs... patches > cheerfully accepted :-) And there should be kickstart syntax docs > floating around, although I don't remember where off-hand... I'll try > to remember to ask clumens tomorrow > Once I learn enough to make such comments/changes, I'll see what I can do to help improve the docs. >> For example, I'd like to use my own local repositories (I >> work with custom systems that aren't 100% in the public trees). >> How do I modify the kickstart file to handle this? > > Repositories to use are defined by the 'repo' lines. You can use > something like > repo --name=foo --baseurl=http://some.web.site.com/path/to/my/repo > repo --name=bar --baseurl=file:///path/to/a/local/one > repo --name=baz --mirrorlist=http://some.site.com/path/to/mirrorlist > > Baseurl and mirrorlist are used exactly as they are with yum. This helped and I was able to build an image. Sadly, it failed with the oft-reported problem of not finding the CDROM root device (no CDROM driver in image?) I need to investigate this some. BTW - I'm testing this on a Mac Mini and also iBook. Once I get it working, I'll move on to my custom hardware. >> Also, I'm interested in building a LiveCD for PowerPC (that's >> my target base). I assume that I need to do this from a PPC >> host? Is there any other magic required? > > Correct. Also, the ppc support may have bugs and only boot on a small > subset of ppc platforms. It's had very little in the way of testing. I > pushed a few little fixes for it today. Thanks for the info. Forgive an outsider's question, but how can I access these changes (read only GIT pull would be fine)? -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] Building a LiveCD
On Thu, 2007-09-06 at 05:24 -0600, Gary Thomas wrote: > Jeremy Katz wrote: > > On Wed, 2007-09-05 at 14:56 -0600, Gary Thomas wrote: > >> For example, I'd like to use my own local repositories (I > >> work with custom systems that aren't 100% in the public trees). > >> How do I modify the kickstart file to handle this? > > > > Repositories to use are defined by the 'repo' lines. You can use > > something like > > repo --name=foo --baseurl=http://some.web.site.com/path/to/my/repo > > repo --name=bar --baseurl=file:///path/to/a/local/one > > repo --name=baz --mirrorlist=http://some.site.com/path/to/mirrorlist > > > > Baseurl and mirrorlist are used exactly as they are with yum. > > This helped and I was able to build an image. Sadly, it failed > with the oft-reported problem of not finding the CDROM root device > (no CDROM driver in image?) I need to investigate this some. Some macs are apparently still using old IDE; I added ide-cd to the list of modules being pulled in earlier to account for this > >> Also, I'm interested in building a LiveCD for PowerPC (that's > >> my target base). I assume that I need to do this from a PPC > >> host? Is there any other magic required? > > > > Correct. Also, the ppc support may have bugs and only boot on a small > > subset of ppc platforms. It's had very little in the way of testing. I > > pushed a few little fixes for it today. > > Thanks for the info. Forgive an outsider's question, but how can I > access these changes (read only GIT pull would be fine)? You can get an anonymous clone of current git via git clone git://git.fedoraproject.org/hosted/livecd Jeremy -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] enabling swaps automatically a good idea?
On Wed, 2007-09-05 at 23:39 -0500, Douglas McClendon wrote: > I noticed the recent commit that enables usage of swap partitions > automatically. I'm not so sure this is a good idea. This seems like it > would break the case, of me having F7 installed, downloading and burning > the f8(t3)-livecd iso, doing a pm-hibernate, and then booting > f8(t3)-livecd, and then wanting to resume my F7 system after testing > f8(t3)-livecd. A swsusp swap shouldn't have a normal swap signature and thus shouldn't be found as a potential swap to use. Which should make things pretty safe as a default Jeremy -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] No /home/fedora/.bashrc with selinux=1
On Thu, 2007-09-06 at 11:55 +0200, Sebastian Vahl wrote: > I've noticed a little problem when booting with selinux > enabled: /home/fedora/.bashrc would not be copied/created. When booting > with enforcing=0 all would be fine so I assume this is a selinux > problem. But I've found no entry in /var/log/messages > or /var/log/audit/audit.log. This may be due to a policy problem that Dan has a new policy building for... will hopefully know more soon-ish. Jeremy -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] No /home/fedora/.bashrc with selinux=1
On Thu, 2007-09-06 at 11:18 -0400, Jeremy Katz wrote: > On Thu, 2007-09-06 at 11:55 +0200, Sebastian Vahl wrote: > > I've noticed a little problem when booting with selinux > > enabled: /home/fedora/.bashrc would not be copied/created. When booting > > with enforcing=0 all would be fine so I assume this is a selinux > > problem. But I've found no entry in /var/log/messages > > or /var/log/audit/audit.log. > > This may be due to a policy problem that Dan has a new policy building > for... will hopefully know more soon-ish. Confirmed that new policy fixes this Jeremy -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
Re: [Fedora-livecd-list] Building a LiveCD
Jeremy Katz wrote: > On Thu, 2007-09-06 at 05:24 -0600, Gary Thomas wrote: >> Jeremy Katz wrote: >>> On Wed, 2007-09-05 at 14:56 -0600, Gary Thomas wrote: For example, I'd like to use my own local repositories (I work with custom systems that aren't 100% in the public trees). How do I modify the kickstart file to handle this? >>> Repositories to use are defined by the 'repo' lines. You can use >>> something like >>> repo --name=foo --baseurl=http://some.web.site.com/path/to/my/repo >>> repo --name=bar --baseurl=file:///path/to/a/local/one >>> repo --name=baz --mirrorlist=http://some.site.com/path/to/mirrorlist >>> >>> Baseurl and mirrorlist are used exactly as they are with yum. >> This helped and I was able to build an image. Sadly, it failed >> with the oft-reported problem of not finding the CDROM root device >> (no CDROM driver in image?) I need to investigate this some. > > Some macs are apparently still using old IDE; I added ide-cd to the list > of modules being pulled in earlier to account for this > Also, I'm interested in building a LiveCD for PowerPC (that's my target base). I assume that I need to do this from a PPC host? Is there any other magic required? >>> Correct. Also, the ppc support may have bugs and only boot on a small >>> subset of ppc platforms. It's had very little in the way of testing. I >>> pushed a few little fixes for it today. >> Thanks for the info. Forgive an outsider's question, but how can I >> access these changes (read only GIT pull would be fine)? > > You can get an anonymous clone of current git via > git clone git://git.fedoraproject.org/hosted/livecd Perfect - I updated to the GIT version and now it boots on my two test systems. Now, on to the interesting work of getting it to go on my non-standard platforms :-) Thanks -- Gary Thomas | Consulting for the MLB Associates |Embedded world -- Fedora-livecd-list mailing list Fedora-livecd-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-livecd-list
