[osol-discuss] Stephen Smalley to speak at SVOSUG on Thur. 09/25/08
When: Thursday, Sept. 25, 2008 Where: Sun's Santa Clara Campus Mansion (SCA07 just across the road from the Auditorium) What: Security technologies to confine flawed and malicious software Time: 7:30pm-10:00pm You are invited to hear Stephen Smalley, of the US National Security Agency (NSA), speak on security technologies to confine flawed and malicious software. Stephen was instrumental in bringing the Flux Advanced Security Kernel (Flask) and Type Enforcement (TE) technologies to Linux through the SELinux project. Flask is a flexible form of mandatory access control (MAC) that has been gaining popularity since its introduction in SELinux, SEBSD, and SEDarwin. Stephen is now involved as a project lead on the OpenSolaris.org Flexible Mandatory Access Control (FMAC) project that is integrating FLASK and TE into OpenSolaris. Stephen Smalley Bio: Stephen Smalley is a Technical Director in the Defense Computing Research Office of the National Information Assurance Research Laboratory of the NSA. Mr. Smalley received a 2005 Director of National Intelligence (DNI) Fellows award for his technical achievements within the Intelligence Community. Prior to his work on OpenSolaris and SELinux, Mr. Smalley performed research and development in the area of operating system security through the development and analysis on a series of secure research operating systems. Mr. Smalley received his B.S. degree in Computer Science and Mathematics from the Rose-Hulman Institute of Technology. For additional info please see the following URLs: OpenSolaris.org Flexible Mandatory Access Control Project Page: http://opensolaris.org/os/project/fmac/ NSA SELinux Reference: http://www.nsa.gov/selinux/ Map to the Mansion: http://maps.yahoo.com/#mvt=m&lat=37.393386&lon=-121.955218&zoom=16&q1=4070%20George%20Sellon%20Circle%2095054 We may also have some pizza and sodas. ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] How to debug a weird nis+ issue?
Hi Peter It is as followings passwd: compat files nis shadow: compat files nis group: files nis > On Thu, Sep 18, 2008 at 9:36 AM, Yue Chen <[EMAIL PROTECTED]> wrote: >> Hi everyone >> >> I have a host installed with NIS+ client. There is a user named jsn in >> NIS server. His login shell is /bin/true. So he can not log on my >> host by default. Now I wanna grant his access so I added following >> line into /etc/passwd. >> >> +jsn::/bin/tcsh >> >> However, sometimes he is still unable to log on my host. To debug, I >> wrote a test binary using getpwnam to grab the user info and then >> check pw->pw_shell. To my surprise, the value for pw_shell is rather >> unstable. Sometimes it is /bin/tcsh (login is ok), sometimes it is >> /bin/true (login fails). >> >> How can I dig deeper on this weird issue? This issue almost drives me crazy. > > What does the passwd entry in your /etc/nsswitch.conf file look like? > > (Are you using compat?) > > -- > -Peter Tribble > http://www.petertribble.co.uk/ - http://ptribble.blogspot.com/ > ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Joerg, I do not know if VT8237R is ahci-compliant - it was not yet verified to work with the Solaris ahci driver (VT8251 was verified). Is BIOS mentioning somewhere AHCI mode? Using Knopix, find the pci vendor id/device id of this controller. You can try to add /etc/driver_aliases file either ahci "pci1106,0591" (providing that this is correct vid/did value) or, a bit dangerous, ahci "pciclass, 010400" IF this chip is ahci-compliant, it may work, considering that ahci driver does not explicitly check vendor id. The caveat is, that you may have to further exeperiment with RAID settings to let system BIOS see unconfigured devices. There will be no RAID operation in Solaris, but if the BIOS can see individual disks that are not configured into RAID volumes and such disks may be considered as boot device, AND Solaris ahci driver really works with this chipset, then you my be able to used attached disks. This, however, is by no means a general solution to deal with software RAID controllers. -Pawel P.S. Let me know, if this works. Joerg Schilling wrote: Milan Jurik <[EMAIL PROTECTED]> wrote: There are three possibilities on some SATA controllers: a) operate in "Legacy mode" - for compatibility reasons - not available in SATA controller from VT8237R b) operate in SATA mode - this one could work with ahci driver in your case, maybe This is what I am in hope for. c) operate in "RAID" mode - this one is advertised by your controller now Well it has 2x SATA but there is only one disk now. During system boot, there is possibility to enter configuration of this SATA controller, just press when POST is asking for it. Look if you can change config of it to "non-RAID" somehow This is what I did on Friday and I have been unable to change anything as the cursor keys did not work. Maybe because there is only one disk. There is however no printed mode that looks like it is intended to disable RAIS mode. There is something I cannot select to enable RAID mode. But looking at documentation of your mainboard, I don't believe it will work with Solaris drivers today. So what could I do? Jörg ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Milan Jurik <[EMAIL PROTECTED]> wrote: > There are three possibilities on some SATA controllers: > > a) operate in "Legacy mode" - for compatibility reasons - not available > in SATA controller from VT8237R > > b) operate in SATA mode - this one could work with ahci driver in your > case, maybe This is what I am in hope for. > c) operate in "RAID" mode - this one is advertised by your controller > now Well it has 2x SATA but there is only one disk now. > During system boot, there is possibility to enter configuration of this > SATA controller, just press when POST is asking for it. Look if > you can change config of it to "non-RAID" somehow This is what I did on Friday and I have been unable to change anything as the cursor keys did not work. Maybe because there is only one disk. There is however no printed mode that looks like it is intended to disable RAIS mode. There is something I cannot select to enable RAID mode. > But looking at documentation of your mainboard, I don't believe it will > work with Solaris drivers today. So what could I do? Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Joerg, Joerg Schilling pÃÅ¡e v po 22. 09. 2008 v 19:14 +0200: > Milan Jurik <[EMAIL PROTECTED]> wrote: > > > > It is a MSI K8T Master2-FAR7 > > > > > > > No way to switch that additional SATA controller to "pATA legacy mode". > > AHCI support of this controller isn't very good also. Could you look at > > What do you understand here by "this controller isn't very good also"? > I wrote "AHCI support of this controller", not this controlller. It's old, poorly designed SATA controller, with known limits (e.g. bad compatibility with SATAII) > I did not see problems when booting a Knoppix DVD. > VIA wrote Linux driver for it some time ago. > > > "BIOS" of this controller (see appendix A of the manual) and check if > > you didn't enable RAID on it? I have similar system at home so I could > > check later this week if there is possibility to access it from Solaris. > > Neither the BIOS menus nor the manual did show a hint on how to switch to > PATA legacy mode. > There are three possibilities on some SATA controllers: a) operate in "Legacy mode" - for compatibility reasons - not available in SATA controller from VT8237R b) operate in SATA mode - this one could work with ahci driver in your case, maybe c) operate in "RAID" mode - this one is advertised by your controller now During system boot, there is possibility to enter configuration of this SATA controller, just press when POST is asking for it. Look if you can change config of it to "non-RAID" somehow But looking at documentation of your mainboard, I don't believe it will work with Solaris drivers today. Best regards, Milan ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
[osol-discuss] Jive Update
I know a number of Jive updates have been posted in various forums, but he is the latest update. Bill put a workaround in place last week that was syncing the forums every few hours 'manually', which seems to be working. In addition, Bill and Martin have made some changes to the underlying gateway code and will be testing them today and tomorrow, and we believe these changes will fix the syncing issues going forward. Derek ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Milan Jurik <[EMAIL PROTECTED]> wrote: > > It is a MSI K8T Master2-FAR7 > > > > No way to switch that additional SATA controller to "pATA legacy mode". > AHCI support of this controller isn't very good also. Could you look at What do you understand here by "this controller isn't very good also"? I did not see problems when booting a Knoppix DVD. > "BIOS" of this controller (see appendix A of the manual) and check if > you didn't enable RAID on it? I have similar system at home so I could > check later this week if there is possibility to access it from Solaris. Neither the BIOS menus nor the manual did show a hint on how to switch to PATA legacy mode. Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Hi Joerg, V po, 22. 09. 2008 v 18:15, Joerg Schilling píše: > Milan Jurik <[EMAIL PROTECTED]> wrote: > > > > Would it help to add a line: > > > > > > ahci "pciclass,010400" > > > > > > to /etc/driver_aliases? > > > No, it wouldn't, the only way is to switch in BIOS > > > > > > > > or something else? > > > > > > > Is it that SATA as additional "sata" interface (aka additional > > "software" RAID controller)? Do you know name and type of your > > mainboard. > > It is a MSI K8T Master2-FAR7 > No way to switch that additional SATA controller to "pATA legacy mode". AHCI support of this controller isn't very good also. Could you look at "BIOS" of this controller (see appendix A of the manual) and check if you didn't enable RAID on it? I have similar system at home so I could check later this week if there is possibility to access it from Solaris. Best regards, Milan ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] autofs smbfs user writable
On Tue, Sep 16, 2008 at 08:55:37AM -0600, Rob Thurlow wrote: > > Since we don't parse CIFS ACLs yet, the ownership and perms > are all fictional. By default, the perms on the root directory > are the same as the perms on the underlying directory. We > support controls to override this - see mount_smbfs(1M) for the > 'dirperms' and 'fileperms' options. You'd use these in the > map the same way you're using uid and gid now. The writes > will be done by the user which authenticated the connection > at mount time, so different Unix users who create files will > see that they're owned by the same user on the CIFS server. Thanks Rob, it works great. I didnt umount the share properly when I tried this before. Looks like svcadm restart autofs doesnt umount the file system if it has been mounted already. Cheers, Andrew. ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Milan Jurik <[EMAIL PROTECTED]> wrote: > > Would it help to add a line: > > > > ahci "pciclass,010400" > > > > to /etc/driver_aliases? > > No, it wouldn't, the only way is to switch in BIOS > > > > > or something else? > > > > Is it that SATA as additional "sata" interface (aka additional > "software" RAID controller)? Do you know name and type of your > mainboard. It is a MSI K8T Master2-FAR7 Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] GNU libc on OpenSolaris
>The amd64 issue you raise is an interesting one. Something we should >care quite a bit about, actually. We already have computers with 4 GB of >RAM being a common thing. With 8 GB and more, 32-bit will be more and >more of a problem - and amd64 is the only really serious way forward. > >I don't know about OpenSolaris, does the 32-bit version handle >4GB of >RAM like Linux does, using PAE or similar technices? Nevertheless, those >kind of "solutions" will only be a kludge anyway and it only moves the >limit some year forward (I think someone said 32 GB is the limit with >PAE recently). There's not "32 bit" vs "64 bit" OpenSolaris; there is only one Solaris. By default, the system will run the "biggest" kernel which fits; 64 bit kernel is used for amd64 systems. But OpenSolaris comes with both the 32 bit userland and the 64 bit userland; you can use both binaries on the system. OpenSolaris does support PAE; but a 64 bit kernel gives all and more advantages, including for 32 bit binaries. Casper ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Hi Joerg, V po, 22. 09. 2008 v 17:58, Joerg Schilling píše: > Pawel Wojcik <[EMAIL PROTECTED]> wrote: > > > Solaris does not support (so far) SATA controllers that advertise > > themselves as RAID controllers. Your VIA controller shows pci > > class-code 00010400. Try to change BIOS setting to use either IDE or > > AHCI mode for this controller/ I am not sure that Solaris will work with > > it in AHCI mode, but should work in IDE mode (or legacy/compatible mode). > > We will soon allow such software RAID controllers to be used by Solaris, > > but not yet... > > I could not find a way to set up PATA compat in the BIOS. > > Would it help to add a line: > > ahci "pciclass,010400" > > to /etc/driver_aliases? No, it wouldn't, the only way is to switch in BIOS > > or something else? > Is it that SATA as additional "sata" interface (aka additional "software" RAID controller)? Do you know name and type of your mainboard. Best regards, Milan ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] GNU libc on OpenSolaris
The amd64 issue you raise is an interesting one. Something we should care quite a bit about, actually. We already have computers with 4 GB of RAM being a common thing. With 8 GB and more, 32-bit will be more and more of a problem - and amd64 is the only really serious way forward. I don't know about OpenSolaris, does the 32-bit version handle >4GB of RAM like Linux does, using PAE or similar technices? Nevertheless, those kind of "solutions" will only be a kludge anyway and it only moves the limit some year forward (I think someone said 32 GB is the limit with PAE recently). So, I do think GNU/Solaris (as well as OpenSolaris) should/need to take amd64 into serious consideration when we are thinking what to emphasize. Best regards, Per Michael Casadevall wrote: > I don't have a problem with two separate ports. Like for people who > want Solaris based system for stability and ZFS, and a solaris based > one. A nice and practical upshot of this is the possibility of a > kopensolaris-amd64 port which has been a bit of an issue with the > current ON based system. The only question is if we ever became an > offical Ubuntu port, which one would/should be accepted upstream. If > we're legitimentally going to set up a second port, then I'll install > dak (not mini-dak), and configure it for this adventure (mini-dak is > great for single ports, not so much on multiple ones in my > experience). > > As a second benefit, its likely the base system will not require the > same amount of work to get buildds working, so you can probably > leverage the existing Debian autobuilder system, and get hardy built > much faster than we can since we need to work on improving the ON > base. > Michael > ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] sunwdfb problem
Hi all, > My Solaris installation stops at 97% while installing SUNWdfb package. > Can anyone please let me know why this is happening. > I was installing Solaris Nevada build 84 with crossbow-bits. > > Regards, > Samir > ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
[osol-discuss] sunwdfb problem
Hi all, My Solaris installation stops at 97% while installing SUNWdfb package. Can anyone please let me know why this is happening. I was installing Solaris Nevada build 84 with crossbow-bits. Regards, Samir ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] VIA VT6420 SATA RAID Controller not working
Pawel Wojcik <[EMAIL PROTECTED]> wrote: > Solaris does not support (so far) SATA controllers that advertise > themselves as RAID controllers. Your VIA controller shows pci > class-code 00010400. Try to change BIOS setting to use either IDE or > AHCI mode for this controller/ I am not sure that Solaris will work with > it in AHCI mode, but should work in IDE mode (or legacy/compatible mode). > We will soon allow such software RAID controllers to be used by Solaris, > but not yet... I could not find a way to set up PATA compat in the BIOS. Would it help to add a line: ahci "pciclass,010400" to /etc/driver_aliases? or something else? I found that the SATA chip is called VT8237R (Southbridge) and the Nothbridge is a K8T800 Pro. PATA is also inside the VT8237R Southbridge. It seems to be hard these days to buy a PCI SATA controller that does not implement software RAID. The only way I currently see to use the disk drive is to connect it via a SATA <-> USB adaptor which limits I/O speed tp 28 MB/s which is 1/4 of the native speed of the disk. Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) [EMAIL PROTECTED] (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] web interface not showing up
Johan Kragsterman schrieb: > But when I wanted to start to play with the web admin interface of > zfs it didn´t show up @ https://localhost:6789 , as it should, > according to all posts I´ve been reading. I tried different things > like the ip adress instead of localhost, and the servername, with or > without https, and with or without /zfs on the end. AFAIK webconsole is not part of Opensolaris. You can easily check with netstat and svcs if services are running and listening on the proper ports. > > Also tried from a different machine. No website showed up, and I > checked services, but services said inetd was running from start. It > is also needed for the remote desktop, isn´t it? Why on earth do you think inetd has anything to do with that? cheers Paul ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] firefox problems with snv_98
Hi Bill, > Subject: > Re: [osol-discuss] firefox problems with snv_98 > From: > Bill Shannon <[EMAIL PROTECTED]> > Date: > Sun, 21 Sep 2008 23:35:59 -0700 > > To: > Ginn Chen <[EMAIL PROTECTED]> > CC: > opensolaris-discuss@opensolaris.org > > > Ginn Chen wrote: > >>> >> It would be nice if there was more information than "it's broken". >>> >> I can't tell if the problems I'm having are the same problems >>> >> reported above. >>> >> > > Firefox 3 in snv_97/snv_98 has several issues. >> > e.g. >> > Bookmarks are missing. >> > Bookmarks could not be saved. >> > Bookmarks could not be renamed. >> > Can't import/export bookmarks. >> > Firefox coredumps at startup. >> > Firefox couldn't work with libumem.so, >> > > I'm curious... What kind of testing was done before release that none of > these problems were discovered? I would think the first one would've > been discovered immediately had anyone actually used it before release. > There is a bug filed against the bookmark issue in bugster during the test cycle of snv_97, http://monaco.sfbay.sun.com/detail.jsf?cr=6736315. This is a regression bug between snv_96 and snv_97, because dev. engineer submit one new patch. From the evaluation, the coredump issue just happens on a special enviroment. QE is working on new GNOME version integration, the full test for all desktop applications are executed on another branch of desktop build, there are only Desktop sanity test on snv build. The new GNOME version will be integrated into snv build99. > And what turned out to be the root cause of these problems? > ___ > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org > ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
Re: [osol-discuss] firefox problems with snv_98
Bill Shannon wrote: > ... > But I do see a long stream of > > no printer added since last 60 secs > > which seems to come from > > http://hg.opensolaris.org/sc/src/presto/ospm/trunk/applet/ospm-hal-support.c > > Another bug? > This is the printer autodetction applet. Yes, another bug. Will fix this. -Ghee > ___ > > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org > ___ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
