Re: SOT: virtualization
On Fri, 2009-12-18 at 03:51 -0700, Technomage wrote: Craig White wrote: On Tue, 2009-12-15 at 18:46 -0700, Technomage wrote: Fedora: forces you to run SELINUX regardless of whether you need it or not this is simply wrong. On Fedora 12 (the latest version released a few weeks ago)... I was running fedora 11 and even with the settings as listed below, it was still attempting to run. also, its settings manager was rather a bit less intuitive than I would have liked (not very blind friendly). # head -n 5 /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. disabled actually means disabled...you can't get any more disabled than disabled and if it is actually disabled, it doesn't run, period, end of story. if however you had the slightest bit of understanding of SELinux, you would have known that on any system, you can append 'setenforce 0' to the kernel boot parameters to disable SELinux at startup. as a desktop user, I am not required to have an understanding of an enterprise class security tool. I personally think that its rather unnecessary to have running (let alone installed). For the application that I had tasked the machine, it was downright intrusive in allowing my to operate the machine. That sort of invites a discussion of grey areas. Red Hat clearly considers SELinux to be Enterprise Class Security which is why they include it. Fedora provides a test bed for new software, new SELinux policies, new administration tools and many of them have been included in the 4.6, 4.7, 4.8, 5.2, 5.3, 5.4 updates. You are not alone in wanting to disable it to allow stuff that you wrote yourself or built from tarballs because there isn't existing policy for that so you have to create it yourself. Security is built on layers and SELinux is just another layer and it really isn't that difficult to manage but you do have to invest time and energy to learn how to use it...which is why some people just shut it off. Back to the original assertion though... disabled means disabled. the effort of building a kernal would have not been worth the expended time. I am quite sure that 'forcing' a user to run SELinux on Fedora has never even been discussed by serious people. You can permanently disable it on 'first boot' which is where you configure things like networking, users, startup services, firewall and of course, security. unfortunately, the install routine for FC-11 didn't give me that option (and the install gui is not the most blind/VI friendly) maybe you should bugzilla your experiences to identify where the install/first run failed to meet your needs so that it can do better for the next user or your next experience. The theory being it isn't a bug if it's not in bugzilla. As for your assertion that Fedora has 'dependency' issues... I simply do not ever have dependency issues with Fedora but if your analysis of dependencies is similar to your analysis of them 'forcing' users to run SELinux, then I would accept that you have had your share of problems. Craig heheh. yeahmy analysis isn't anywhere near a professional one. its taken from the POV of an end user that simply wants a system that just works without a lot of hassle and deep level configuration. I can do a lot of this work, but some of the people I help out cannot (for various reasons) and it starts soaking a non-trivial amount of my time to deal with these issues. At least with debian 5, I can install a base level system, then install X and lastly the DM of my choice (kde, xfce, openstep, whatever) and not have to gut the system to do it. we are all end users. Fedora gives you a choice of dm's like any other distro without 'gutting' the system. There are a lot of people who believe it just works - I guess you are not one of them. Not a big deal but your conclusions that you are 'forced' to run SELinux or have to 'gut' a Fedora system in order to choose another Desktop Manager are wrong and anyone that thinks you know what you are talking about will get the wrong impression. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
Craig White wrote: On Tue, 2009-12-15 at 18:46 -0700, Technomage wrote: Fedora: forces you to run SELINUX regardless of whether you need it or not this is simply wrong. On Fedora 12 (the latest version released a few weeks ago)... I was running fedora 11 and even with the settings as listed below, it was still attempting to run. also, its settings manager was rather a bit less intuitive than I would have liked (not very blind friendly). # head -n 5 /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. if however you had the slightest bit of understanding of SELinux, you would have known that on any system, you can append 'setenforce 0' to the kernel boot parameters to disable SELinux at startup. as a desktop user, I am not required to have an understanding of an enterprise class security tool. I personally think that its rather unnecessary to have running (let alone installed). For the application that I had tasked the machine, it was downright intrusive in allowing my to operate the machine. Even still, you could build your own kernel and not enable SELinux. I had not gotten that far and considering the use to which I was going to put the box, the effort of building a kernal would have not been worth the expended time. I am quite sure that 'forcing' a user to run SELinux on Fedora has never even been discussed by serious people. You can permanently disable it on 'first boot' which is where you configure things like networking, users, startup services, firewall and of course, security. unfortunately, the install routine for FC-11 didn't give me that option (and the install gui is not the most blind/VI friendly) As for your assertion that Fedora has 'dependency' issues... I simply do not ever have dependency issues with Fedora but if your analysis of dependencies is similar to your analysis of them 'forcing' users to run SELinux, then I would accept that you have had your share of problems. Craig heheh. yeahmy analysis isn't anywhere near a professional one. its taken from the POV of an end user that simply wants a system that just works without a lot of hassle and deep level configuration. I can do a lot of this work, but some of the people I help out cannot (for various reasons) and it starts soaking a non-trivial amount of my time to deal with these issues. At least with debian 5, I can install a base level system, then install X and lastly the DM of my choice (kde, xfce, openstep, whatever) and not have to gut the system to do it. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
Where I work we run Xen, VMware, and Virtualbox, and in my experience all 3 are good at different things. If you intended to use a workstation as the host (by that I mean you want to use X and a desktop environment on the linux host) I think virtualbox is the way to go it's really easy to use/set up and integrates well with a running system. For a seperate VM server if your hardware supports I'd use VMware ESXi especially for windows guests where it seems to me vmware gets much better performance than xen, and if your hardware doesn't support it I would still vmware server 2.0 over xen for windows guests. By the way vmware server is installed on an existing linux distro (I generally use gentoo), will run on any hardware and is generally managed through a web interface, where ESXi installs directly on the hardware but only supported hardware and is generally managed by a windows only GUI tool. Trent Shipley wrote: (SOT: somewhat off topic) I want to set up a Windows lab computer. I want to work with XP, Vista, and Win7. On an MS list it was suggested that I use virtualization rather than multiboot. I'm thinking I'd run a Linux distro natively, run FOSS virtualization software on Linux, and run the three MS OSes as guests. What is a good Linux distro? Will I need a server distribution or can I run a desktop distribution? What are FOSS choices for the virtualization software? --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
SOT: virtualization
(SOT: somewhat off topic) I want to set up a Windows lab computer. I want to work with XP, Vista, and Win7. On an MS list it was suggested that I use virtualization rather than multiboot. I'm thinking I'd run a Linux distro natively, run FOSS virtualization software on Linux, and run the three MS OSes as guests. What is a good Linux distro? Will I need a server distribution or can I run a desktop distribution? What are FOSS choices for the virtualization software? --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
VMWARE: ESXi if you have hardware that will run it? http://www.vmware.com/products/esxi/ Vmware player is great also on whatever your dual core OS is? Existing images can be downloaded and tried http://www.vmware.com/products/player/ OpenVZ is nice also? http://wiki.openvz.org/ XEN is interesting for Windoze: http://mediakey.dk/~cc/howto-install-windows-xp-vista-on-xen/ On 12/15/09, Trent Shipley tship...@deru.com wrote: (SOT: somewhat off topic) I want to set up a Windows lab computer. I want to work with XP, Vista, and Win7. On an MS list it was suggested that I use virtualization rather than multiboot. I'm thinking I'd run a Linux distro natively, run FOSS virtualization software on Linux, and run the three MS OSes as guests. What is a good Linux distro? Will I need a server distribution or can I run a desktop distribution? What are FOSS choices for the virtualization software? --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Skype: (623)239-3392 ATT: (503)754-4452 www.it-clowns.com Only the dead have seen the end of war. -Plato --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
Trent, of the major distro's, debian 5.0 has the least troubles right now and is therefore, probably the best for your needs currently. Others like Fedora or Opensuse have package dependency problems and are a little more difficult to develop on properly. Fedora: forces you to run SELINUX regardless of whether you need it or not Opensuse: tends to run cutting edge (bleeding edge) packages and will tend to break older installs. Their upgrade system is horribly broken currently, so its not a good idea to upgrade older opensuse systems. I recently had such problems with opensuse (settings not being maintained across reboots, services failing to start, etc) that I have completely written off this community project as anywhere near viable. Debian does have a basic developers package setup that makes it relatively easy to setup and maintain a basic developers environment. As for vmware, get the server 1.x versions (freely available). they tend to have better performance and a remote console that works. vmware 2.x did away with the remote console and is also optimized for use under windows (as the host OS). I find their web interface clunky and very slow to respond. there are also some features missing in 2.x that were present in 1.x. Trent Shipley wrote: (SOT: somewhat off topic) I want to set up a Windows lab computer. I want to work with XP, Vista, and Win7. On an MS list it was suggested that I use virtualization rather than multiboot. I'm thinking I'd run a Linux distro natively, run FOSS virtualization software on Linux, and run the three MS OSes as guests. What is a good Linux distro? Will I need a server distribution or can I run a desktop distribution? What are FOSS choices for the virtualization software? --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
Second that with OpenSuse! On 12/15/09, Technomage technomage.ha...@gmail.com wrote: Trent, of the major distro's, debian 5.0 has the least troubles right now and is therefore, probably the best for your needs currently. Others like Fedora or Opensuse have package dependency problems and are a little more difficult to develop on properly. Fedora: forces you to run SELINUX regardless of whether you need it or not Opensuse: tends to run cutting edge (bleeding edge) packages and will tend to break older installs. Their upgrade system is horribly broken currently, so its not a good idea to upgrade older opensuse systems. I recently had such problems with opensuse (settings not being maintained across reboots, services failing to start, etc) that I have completely written off this community project as anywhere near viable. Debian does have a basic developers package setup that makes it relatively easy to setup and maintain a basic developers environment. As for vmware, get the server 1.x versions (freely available). they tend to have better performance and a remote console that works. vmware 2.x did away with the remote console and is also optimized for use under windows (as the host OS). I find their web interface clunky and very slow to respond. there are also some features missing in 2.x that were present in 1.x. Trent Shipley wrote: (SOT: somewhat off topic) I want to set up a Windows lab computer. I want to work with XP, Vista, and Win7. On an MS list it was suggested that I use virtualization rather than multiboot. I'm thinking I'd run a Linux distro natively, run FOSS virtualization software on Linux, and run the three MS OSes as guests. What is a good Linux distro? Will I need a server distribution or can I run a desktop distribution? What are FOSS choices for the virtualization software? --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Skype: (623)239-3392 ATT: (503)754-4452 www.it-clowns.com Only the dead have seen the end of war. -Plato --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: SOT: virtualization
On Tue, 2009-12-15 at 18:46 -0700, Technomage wrote: Fedora: forces you to run SELINUX regardless of whether you need it or not this is simply wrong. On Fedora 12 (the latest version released a few weeks ago)... # head -n 5 /etc/selinux/config # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. if however you had the slightest bit of understanding of SELinux, you would have known that on any system, you can append 'setenforce 0' to the kernel boot parameters to disable SELinux at startup. Even still, you could build your own kernel and not enable SELinux. I am quite sure that 'forcing' a user to run SELinux on Fedora has never even been discussed by serious people. You can permanently disable it on 'first boot' which is where you configure things like networking, users, startup services, firewall and of course, security. As for your assertion that Fedora has 'dependency' issues... I simply do not ever have dependency issues with Fedora but if your analysis of dependencies is similar to your analysis of them 'forcing' users to run SELinux, then I would accept that you have had your share of problems. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
