Re: fedup and selinux
I have learned MORE about SELinux just being on this mailing list than from ANY other source out there!thanks to all for your responses to this(this will only help me in my pursuit of RHCE certification!..) EGO II On 12/24/2013 04:24 PM, Rahul Sundaram wrote: Hi On Tue, Dec 24, 2013 at 1:52 PM, Rick Stevens wrote: I don't have examples at hand, but I have seen FTP-related stuff, some upgrades and some other network-related things fail when SELinux is in permissive mode and work just fine when it's disabled. The default SELinux policy in Fedora is fairly relaxed anyway since it has to work out of the box for most users but once it it goes into permissive mode, any enforcement must be treated as a bug and reported. The goal of permissive model is to purely log policy issues. Permissive domains in SELinux mean an entirely different thing however and shouldn''t be confused with permissive mode. Rahul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: System mail (Fedora 20)
On Wed, 25 Dec 2013 06:30:22 +0100 lee wrote: > A system cannot correctly function without a way for such processes > to send email. Yes, they can. Cron can work whether you know about it or not eg. "journalctl | grep cron | less # man journalctl if worried you can always flag on "warning, fail, etc.." If you have just installed Fedora from F20+ yum install mta (of choice, if required) > > Has all the software that (potentially) sends email been modified to > accommodate a crippled system? How is it crippled, it's still logged? > > What happens when you have an MTA installed? Will you still not > receive such email? That depends if you have it setup to receive or not. > > What happens when you upgrade? So far, exim still seems to work > after upgrading. > That's because (MTA) hasn't been obsoleted -- Regards, Frank www.frankly3d.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: System mail (Fedora 20)
Suvayu Ali writes: > Hi, > > I have a question. > > On Tue, Dec 17, 2013 at 10:02:30AM -0500, Robyn Bergeron wrote: >> >> == No Default Sendmail, Syslog == >> >> In the interests of paring down services that are generally not used >> on desktop systems, Fedora 20 removes and replaces some services that >> many users find unnecessary from the Live Desktop DVD. They will >> remain available as installable packages for users who might need >> them. >> >> The systemd journal now takes the place as the default logging >> solution for minimal and other selected installation methods, such as >> the Live Desktop DVD, having been tested and able to manage persistent >> logging in place of syslog. >> >> Also, Sendmail will no longer be installed by default, as most Fedora >> installs have no need of a Mail Transfer Agent (MTA). > > Does this mean there won't be any system mail (e.g. mail from root, cron > jobs, etc)? I have never really used sendmail, but I always thought > system mail was handled by the default MTA; hence my question. A system cannot correctly function without a way for such processes to send email. Has all the software that (potentially) sends email been modified to accommodate a crippled system? What happens when you have an MTA installed? Will you still not receive such email? What happens when you upgrade? So far, exim still seems to work after upgrading. -- Fedora release 20 (Heisenbug) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Use firewall-cmd to filter by MAC address?
On Saturday, December 21, 2013 01:31:30 AM Michael Hannon wrote: > Greetings. In a previous version of Fedora I had iptables rules of the > form: > > -A INPUT -p tcp --destination-port 25 -m mac --mac-source \ > AA:BB:CC:DD:EE:FF -j ACCEPT > > in order to accept email only from selected local systems. > > I've just installed Fedora 20, and I'm trying to implement the same kind of > thing using: > > firewall-cmd > > but I've been unable to figure out how to do this. Any thoughts? > > Thanks, > > -- Mike I believe the firewalld devs are working on this, but for now, you can manually enter something like the following in /etc/firewalld/direct.xml. Of course, you'll need to unwrap the lines and choose the right chain for your system (it might not be IN_internal_allow). I use something like this for my HDHomeRun tuners. -t filter -A IN_internal_allow -m mac --mac-source \ AA:BB:CC:DD:EE:FF -j ACCEPT -t filter -A IN_internal_allow -m mac --mac-source \ AA:BB:CC:DD:EE:FF -j ACCEPT Merry Christmas! -A -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E signature.asc Description: This is a digitally signed message part. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20 in VirtualBox VM
On 12/24/13 23:59, Greg Woods wrote: > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe > syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good > nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 > monitor ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 > movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm > ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept > vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid > bogomips: 6995.85 > clflush size: 64 > cache_alignment : 64 > address sizes : 39 bits physical, 48 bits virtual > power management: > >> > And maybe >> > >> > lshw -C processor | grep width >> > lscpu | grep "CPU op-mode" > [root@mongoliad mythtv]# lshw -C processor | grep width >width: 64 bits > [root@mongoliad mythtv]# lscpu | grep "CPU op-mode" > CPU op-mode(s):32-bit, 64-bit Time to file a "bugzilla" with Oracle. :-) -- Getting tired of non-Fedora discussions and self-serving posts -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On 12/24/13 23:07, Leonid Flaks wrote: > Did you look into /etc/nfsmount.conf file? It has lots of useful hints in > comments and seems to be able to control NFS versions at 3 levels - per mount > point, per server and globally. It is done on the client end. That is OKbut doesn't fit the bill for what the OP wanted. The OP wanted to limit the versions being offered by the "server". -- Getting tired of non-Fedora discussions and self-serving posts -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 01:49 PM, Chris Adams wrote: Once upon a time, Chris Murphy said: If the head has been stripped, the driver is wrong sized for the screw. An exactly right sized driver with moderate pressure will unstick a tight screw so long as it isn't actually glued. And in that case with even more pressure it should still crack the glue with less than Herculean effort. My Thinkpads have thread-lock on all screws, so that may explain why it is so difficult to break the screw free. The super glue got one out, but still ruined the screwdriver. Then I found a #0 phillips with more substance to it, and it got the other three out. Boy were they tight! Most likely a touch of thread-lock on all of them. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
Hi On Tue, Dec 24, 2013 at 1:52 PM, Rick Stevens wrote: > I don't have examples at hand, but I have seen FTP-related stuff, some > upgrades and some other network-related things fail when SELinux is in > permissive mode and work just fine when it's disabled. > The default SELinux policy in Fedora is fairly relaxed anyway since it has to work out of the box for most users but once it it goes into permissive mode, any enforcement must be treated as a bug and reported. The goal of permissive model is to purely log policy issues. Permissive domains in SELinux mean an entirely different thing however and shouldn''t be confused with permissive mode. Rahul -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: nx-3.5.0-17.fc19.src.rpm
On 12/24/2013 12:28 PM, Patrick Dupre wrote: Where can I get nx-3.5.0-17.fc19.src.rpm? It does not seem to be available anywhere! rpm.pbone.net/index.php3/stat/26/dist/86/size/24252532/name/nx-3.5.0-17.fc19.src.rpm -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Gnome login hangs F20 after fedup upgrade
On Dec 24, 2013 1:34 PM, "David Highley" wrote: > ( I wrote ) > > And with the new user account? This is a crucial test, because tweaking > > your config files and troubleshooting the display stack are very different. > (Reply) > Bingo, seems to be old scruff somewhere in the accounts that is > preventing the logins from working. Did two tests. One with a local new > account and another with the account on the remote user server using > autofs and NFS to server the home directories. Both tests worked. > > Now do we take a meat axe and remove all the dot directories or in great > pain discover what is blocking the logins from working. Note we have > already removed every directory and file that had gnome in the name. > > Only you can answer this question. If you only have a hammer in your toolbox, use the hammer. If you have some patience and a scalpel, you can be more selective. BTW, there's nothing that says that any file created by GNOME must have "gnome" in the file name, and nothing that restricts GNOME from using files that don't have "gnome" in the file name. It's a good start, but the process continues. --Pete -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: how to set up my "fetchmail" on f20 without sendmail?
"Robert P. J. Day" writes: > since (obviously), without sendmail, nothing is listening on port > 25. so what's the solution these days? a pointer to a web page > somewhere would work just fine. thanks. Since mail at your ISP is most likely going to all go to one user, piping it into a full-blown MTA is overkill. I just have ISP imaps mail placed into the user's mbox directly with getmail(1). I run getmail out of the user's own crontab twice an hour. yum install getmail -wolfgang -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: nx-3.5.0-17.fc19.src.rpm
On Tue, Dec 24, 2013 at 1:28 PM, Patrick Dupre wrote: > Where can I get nx-3.5.0-17.fc19.src.rpm? > It does not seem to be available anywhere! http://koji.fedoraproject.org/koji/buildinfo?buildID=390227 -T.C. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Gnome login hangs F20 after fedup upgrade
"Pete Travis wrote:" > > --===8084609375064345886== > Content-Type: multipart/alternative; boundary=001a11c36c50d0f15c04ee3edcaa > > --001a11c36c50d0f15c04ee3edcaa > Content-Type: text/plain; charset=ISO-8859-1 > > On Dec 23, 2013 4:47 PM, "David Highley" > wrote: > > > > " > > > > OK, I did find those and some old gnome2 stuff. So I went the drastic > > route and wiped out all files and directories with gnome in the name. > > Still get the same results. > > > > And with the new user account? This is a crucial test, because tweaking > your config files and troubleshooting the display stack are very different. Bingo, seems to be old scruff somewhere in the accounts that is preventing the logins from working. Did two tests. One with a local new account and another with the account on the remote user server using autofs and NFS to server the home directories. Both tests worked. Now do we take a meat axe and remove all the dot directories or in great pain discover what is blocking the logins from working. Note we have already removed every directory and file that had gnome in the name. > > --Pete > > --001a11c36c50d0f15c04ee3edcaa > Content-Type: text/html; charset=ISO-8859-1 > > > On Dec 23, 2013 4:47 PM, "David Highley" < href="mailto:dhigh...@highley-recommended.com";>dhigh...@highley-recommended.com> > wrote: > > > > " > > > > OK, I did find those and some old gnome2 stuff. So I went the drastic > > route and wiped out all files and directories with gnome in the name. > > Still get the same results. > > > And with the new user account? This is a crucial test, because > tweaking your config files and troubleshooting the display stack are very > different. > --Pete > > > --001a11c36c50d0f15c04ee3edcaa-- > > --===8084609375064345886== > Content-Type: text/plain; charset="utf-8" > MIME-Version: 1.0 > Content-Transfer-Encoding: base64 > Content-Disposition: inline > > LS0gCnVzZXJzIG1haWxpbmcgbGlzdAp1c2Vyc0BsaXN0cy5mZWRvcmFwcm9qZWN0Lm9yZwpUbyB1 > bnN1YnNjcmliZSBvciBjaGFuZ2Ugc3Vic2NyaXB0aW9uIG9wdGlvbnM6Cmh0dHBzOi8vYWRtaW4u > ZmVkb3JhcHJvamVjdC5vcmcvbWFpbG1hbi9saXN0aW5mby91c2VycwpGZWRvcmEgQ29kZSBvZiBD > b25kdWN0OiBodHRwOi8vZmVkb3JhcHJvamVjdC5vcmcvY29kZS1vZi1jb25kdWN0Ckd1aWRlbGlu > ZXM6IGh0dHA6Ly9mZWRvcmFwcm9qZWN0Lm9yZy93aWtpL01haWxpbmdfbGlzdF9ndWlkZWxpbmVz > CkhhdmUgYSBxdWVzdGlvbj8gQXNrIGF3YXk6IGh0dHA6Ly9hc2suZmVkb3JhcHJvamVjdC5vcmcK > > --===8084609375064345886==-- > -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
nx-3.5.0-17.fc19.src.rpm
Hello, Where can I get nx-3.5.0-17.fc19.src.rpm? It does not seem to be available anywhere! Thank. === Patrick DUPRÉ | | email: pdu...@gmx.com Laboratoire de Physico-Chimie de l'Atmosphère | | Université du Littoral-Côte d'Opale | | Tel. (33)-(0)3 28 23 76 12 | | Fax: 03 28 65 82 44 189A, avenue Maurice Schumann | | 59140 Dunkerque, France === -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: how to set up my "fetchmail" on f20 without sendmail?
Quoting Michael Schwendt : On Tue, 24 Dec 2013 13:55:14 -0500, Robert P. J. Day wrote: finally getting around to building my new f20 machine and, as i read it, f20 now ships without sendmail. By default. Of course, you could install sendmail, which is still available. so far, to match what i've used for years, i've installed on my f20 box: * alpine * fetchmail and i've copied over from my old (ubuntu) system the relevant files: * .addressbook{,.lu} * .pinerc * .fetchmailrc i can check that there is mail waiting at my ISP with: $ fetchmail -c and sure enough, there's a pile of mail there. however, not surprisingly, if i try to fetch it, i get: fetchmail: Connection errors for this poll: name 0: connection to localhost:smtp [::1/25] failed: Connection refused. name 1: connection to localhost:smtp [127.0.0.1/25] failed: Connection refused. fetchmail: SMTP connect to localhost failed since (obviously), without sendmail, nothing is listening on port 25. so what's the solution these days? a pointer to a web page somewhere would work just fine. thanks. Depends on whether you need sendmail for how you use fetchmail. I run fetchmail with option mda "/usr/bin/procmail -t -f -" to deliver (and filter) via procmail. hmmm ... i may try that. i assume that, with this approach, i won't need to install sendmail, correct? and if i choose to use procmail, will this simply deliver mail for me locally even before i start to configure my procmail rules? thanks. rday -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On Dec 24, 2013, at 11:52 AM, Rick Stevens wrote: > > > As I said, I don't have examples but the OP on this thread ran into the > same thing I've hit in the past. He went from permissive to disabled and > it worked. I'm just saying that permissive is not the same thing as > disabled. Ok no, that's not what happened to the OP at all as I explained earlier. His system booted in enforcing, and it was while it was enforcing that he got the denial prior to the fedup upgrade process changing to enforcing=0. He solved this problem by selinux=0 rather than enforcing=0. Prior versions of fedup placed enforcing=0 as a boot parameter so it would have been permissive from the get go and would have avoided this problem, as most likely would a relabel prior to rebooting in the upgrade environment. Rebooting with selinux actually disabled for an upgrade is really not a good idea because as the new rpms are written, none of those installed bits will have the proper labeling. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: how to set up my "fetchmail" on f20 without sendmail?
On Tue, 24 Dec 2013 13:55:14 -0500, Robert P. J. Day wrote: >finally getting around to building my new f20 machine and, as i > read it, f20 now ships without sendmail. By default. Of course, you could install sendmail, which is still available. >so far, to match what i've used for years, i've installed on my > f20 box: > >* alpine >* fetchmail > > and i've copied over from my old (ubuntu) system the relevant files: > >* .addressbook{,.lu} >* .pinerc >* .fetchmailrc > > i can check that there is mail waiting at my ISP with: > >$ fetchmail -c > > and sure enough, there's a pile of mail there. however, not > surprisingly, if i try to fetch it, i get: > > fetchmail: Connection errors for this poll: > name 0: connection to localhost:smtp [::1/25] failed: Connection refused. > name 1: connection to localhost:smtp [127.0.0.1/25] failed: Connection > refused. > fetchmail: SMTP connect to localhost failed > > since (obviously), without sendmail, nothing is listening on port > 25. so what's the solution these days? a pointer to a web page > somewhere would work just fine. thanks. Depends on whether you need sendmail for how you use fetchmail. I run fetchmail with option mda "/usr/bin/procmail -t -f -" to deliver (and filter) via procmail. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Tue, 24 Dec 2013 11:52:11 -0700 Chris Murphy wrote: > > On Dec 24, 2013, at 9:28 AM, Ranjan Maitra > wrote: > > >> > >> > >> grub2-install --debug /dev/sda > > > Looks good. > > > > >> bash -x grub2-mkconfig -o /boot/grub2/grub.cfg > > FYI: > Line 79, I do not see resume= having been added to /etc/default/grub, > therefore it won't be in the grub.cfg. Thanks! I made a mistake in the /boot/grub2/grub.cfg entry. (Forgot to actually put in resume= ... I have now fixed that and it shows in there. > Line 127/128, it found kernel 3.12.5-302 and its initramfs. > Line 129 only kernel 3.11.10-301 is found, this probably isn't a bootable > kernel option. > Line 130/131 is the rescue kernel and initramfs, it should work and chances > are it's 3.11.10-301. > > > > > >> /boot/grub2/grub.cfg #from the above command > > This looks better than the original one, the root=UUID= is present > instead of referring to root with /dev/sd3. As expected, contains working > 3.12 and rescue kernel boot options. The 3.11.10 option probably ends in a > kernel panic, because line 91 lacks an initrd command for this kernel entry. > > I suggest you do not yum erase the 3.11.10 kernel, because that will remove > all of its modules, which the rescue kernel depends on. To remove this from > the grub menu, just rm -f the vmlinuz-3.11.10 kernel from the /boot > directory. If you want you can also remove its config file. Then you can > rerun: grub2-mkconfig -o /boot/grub2/grub.cfg and it will no longer have the > 3.11.10 option, just the working 3.12.5 and rescue options. > > When the next kernel update comes out, it ought to update this grub.cfg now. > If not report back and we'll try to figure out what's going on. Thanks very much! This has been an enormous help! Booting into the 3.12.5 kernel now. Best wishes, Ranjan > > Chris Murphy > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. GET FREE 5GB EMAIL - Check out spam free email with many cool features! Visit http://www.inbox.com/email to find out more! -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On Dec 24, 2013, at 10:48 AM, Rick Stevens wrote: > On 12/24/2013 01:42 AM, Bill Murray issued this missive: >> Dear all, >> I had trouble persuading 'fedup --network 20' to run on my f19 >> laptop. It install all the files and gets ready. Then it boots and gets >> as far as: >> >> [ OK ] Started trigger flushing of journal to persistent storage >> [ OK ] Started Forward Password Requests to Plymouth >> [ OK ] Started Forward Password Requests to Plymouth >> [ OK] Started Recreate Volatile files and Directories >> There are then 3 lines of selinux permission denied. But no problem, >> selinux is set permissive anyway. >> >> Earlier on I see 'dracut-initqueue[400] failed to issue method call: >> Access denied' >> >> However, when I add selinux=0 to the command line..installation proceeds. >> This is very odd - selinux was in permissive mode. > > I've said this before and I'll say it again...permissive mode does NOT > allow ALL access (permissive != disabled, despite what others may say). > If you see selinux deny messages, it's still being denied. I've seen > this bite people a number of times. When enforcing=0 it reports denial messages, it does not enforce the denials. http://danwalsh.livejournal.com/24537.html http://danwalsh.livejournal.com/10972.html You might be thinking of the application of permissive domains, which largely still causes enforcement of denials to occur. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
how to set up my "fetchmail" on f20 without sendmail?
finally getting around to building my new f20 machine and, as i read it, f20 now ships without sendmail. so far, to match what i've used for years, i've installed on my f20 box: * alpine * fetchmail and i've copied over from my old (ubuntu) system the relevant files: * .addressbook{,.lu} * .pinerc * .fetchmailrc i can check that there is mail waiting at my ISP with: $ fetchmail -c and sure enough, there's a pile of mail there. however, not surprisingly, if i try to fetch it, i get: fetchmail: Connection errors for this poll: name 0: connection to localhost:smtp [::1/25] failed: Connection refused. name 1: connection to localhost:smtp [127.0.0.1/25] failed: Connection refused. fetchmail: SMTP connect to localhost failed since (obviously), without sendmail, nothing is listening on port 25. so what's the solution these days? a pointer to a web page somewhere would work just fine. thanks. rday -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Dec 24, 2013, at 9:28 AM, Ranjan Maitra wrote: >> >> >> grub2-install --debug /dev/sda Looks good. > >> bash -x grub2-mkconfig -o /boot/grub2/grub.cfg FYI: Line 79, I do not see resume= having been added to /etc/default/grub, therefore it won't be in the grub.cfg. Line 127/128, it found kernel 3.12.5-302 and its initramfs. Line 129 only kernel 3.11.10-301 is found, this probably isn't a bootable kernel option. Line 130/131 is the rescue kernel and initramfs, it should work and chances are it's 3.11.10-301. > >> /boot/grub2/grub.cfg #from the above command This looks better than the original one, the root=UUID= is present instead of referring to root with /dev/sd3. As expected, contains working 3.12 and rescue kernel boot options. The 3.11.10 option probably ends in a kernel panic, because line 91 lacks an initrd command for this kernel entry. I suggest you do not yum erase the 3.11.10 kernel, because that will remove all of its modules, which the rescue kernel depends on. To remove this from the grub menu, just rm -f the vmlinuz-3.11.10 kernel from the /boot directory. If you want you can also remove its config file. Then you can rerun: grub2-mkconfig -o /boot/grub2/grub.cfg and it will no longer have the 3.11.10 option, just the working 3.12.5 and rescue options. When the next kernel update comes out, it ought to update this grub.cfg now. If not report back and we'll try to figure out what's going on. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On 12/24/2013 10:27 AM, Marko Vojinovic issued this missive: On Tue, 24 Dec 2013 09:48:38 -0800 Rick Stevens wrote: I've said this before and I'll say it again...permissive mode does NOT allow ALL access (permissive != disabled, despite what others may say). If you see selinux deny messages, it's still being denied. I've seen this bite people a number of times. Care to give a F18/19/20-working example of this? IOW, provide a sequence of steps on a clean Fedora install that works with selinux disabled, while it fails with selinux in permissive mode? I don't have examples at hand, but I have seen FTP-related stuff, some upgrades and some other network-related things fail when SELinux is in permissive mode and work just fine when it's disabled. I never bothered tracking specifically what they are--it's just when they poop out, I've disabled SELinux, redone it and it's worked fine. I have then put it back in permissive mode, looked at the denial messages and put in local rules to cover them and gone to "targeted" mode. Permissive does allow most actions, but there are some things it still denies. I guess "permissive" should be taken literally, like "we're relaxing most of the rules, but there are some we are going to enforce as long as we're in charge." As I said, I don't have examples but the OP on this thread ran into the same thing I've hit in the past. He went from permissive to disabled and it worked. I'm just saying that permissive is not the same thing as disabled. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Microsoft Windows: Proof that P.T. Barnum was right - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
Once upon a time, Chris Murphy said: > If the head has been stripped, the driver is wrong sized for the screw. An > exactly right sized driver with moderate pressure will unstick a tight screw > so long as it isn't actually glued. And in that case with even more pressure > it should still crack the glue with less than Herculean effort. My Thinkpads have thread-lock on all screws, so that may explain why it is so difficult to break the screw free. -- Chris Adams -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On Tue, 24 Dec 2013 09:48:38 -0800 Rick Stevens wrote: > I've said this before and I'll say it again...permissive mode does NOT > allow ALL access (permissive != disabled, despite what others may > say). If you see selinux deny messages, it's still being denied. I've > seen this bite people a number of times. Care to give a F18/19/20-working example of this? IOW, provide a sequence of steps on a clean Fedora install that works with selinux disabled, while it fails with selinux in permissive mode? Best, :-) Marko -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Tue, 24 Dec 2013 18:53:26 +0100 Michael Schwendt wrote: > On Tue, 24 Dec 2013 10:28:37 -0600, Ranjan Maitra wrote: > > > > bash -x grub2-mkconfig -o /boot/grub2/grub.cfg > > > > Uploading (8.6KiB)... > > http://ur1.ca/g93u5 -> http://paste.fedoraproject.org/64214/02391138 > > So, the initrd for the F20 release kernel 3.11.10-301.fc20 is missing > here, too: > > + echo '### BEGIN /etc/grub.d/10_linux ###' > + /etc/grub.d/10_linux > Found linux image: /boot/vmlinuz-3.12.5-302.fc20.x86_64 > Found initrd image: /boot/initramfs-3.12.5-302.fc20.x86_64.img > Found linux image: /boot/vmlinuz-3.11.10-301.fc20.x86_64 > Found linux image: /boot/vmlinuz-0-rescue-26b05c2e8b5144b4b396c604c823681b > Found initrd image: > /boot/initramfs-0-rescue-26b05c2e8b5144b4b396c604c823681b.img > + echo '### END /etc/grub.d/10_linux ###' > > Have you ever booted with that kernel after installing F20? > Probably not. ;) H, actually I have. This is a new install, and I rebooted a few times. > Everything related to updating grub.cfg should work normally for the > next kernel update. OK, this means that I should reboot now? > Once you've booted to the latest kernel, you could erase the previous > kernel with "yum remove kernel-3.11.10-301.fc20" or generate the missing > initrd for it as a fallback: > > $ su - > # dracut /boot/initramfs-3.11.10-301.fc20.x86_64.img 3.11.10-301.fc20.x86_64 Thanks again! Ranjan > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys Works with AIM®, MSN® Messenger, Yahoo!® Messenger, ICQ®, Google Talk™ and most webmails -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Tue, 24 Dec 2013 10:28:37 -0600, Ranjan Maitra wrote: > > bash -x grub2-mkconfig -o /boot/grub2/grub.cfg > > Uploading (8.6KiB)... > http://ur1.ca/g93u5 -> http://paste.fedoraproject.org/64214/02391138 So, the initrd for the F20 release kernel 3.11.10-301.fc20 is missing here, too: + echo '### BEGIN /etc/grub.d/10_linux ###' + /etc/grub.d/10_linux Found linux image: /boot/vmlinuz-3.12.5-302.fc20.x86_64 Found initrd image: /boot/initramfs-3.12.5-302.fc20.x86_64.img Found linux image: /boot/vmlinuz-3.11.10-301.fc20.x86_64 Found linux image: /boot/vmlinuz-0-rescue-26b05c2e8b5144b4b396c604c823681b Found initrd image: /boot/initramfs-0-rescue-26b05c2e8b5144b4b396c604c823681b.img + echo '### END /etc/grub.d/10_linux ###' Have you ever booted with that kernel after installing F20? Probably not. ;) Everything related to updating grub.cfg should work normally for the next kernel update. Once you've booted to the latest kernel, you could erase the previous kernel with "yum remove kernel-3.11.10-301.fc20" or generate the missing initrd for it as a fallback: $ su - # dracut /boot/initramfs-3.11.10-301.fc20.x86_64.img 3.11.10-301.fc20.x86_64 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Linux hardening with Lynis
On 12/24/2013 08:21 AM, bruce issued this missive: Hey. Looked over your link/app. how is this any different from rkhunter/chkrootkit or any of the other apps that inspect files for changes to indicate a potential root/virus issue? Does anyone know of an app/process that can prevent a rootkit/virus from modifying files, as opposed to simply detecting when/if a file has been modified? SELinux can help with this. Also look at a hardened kernel such as grsecurity (http://grsecurity.net/) On Tue, Dec 24, 2013 at 2:39 AM, M. Boelen wrote: Hi, I saw your post regarding guidance to harden/secure a Linux system [1]. Did you already try my open source tool Lynis? http://www.rootkit.nl/projects/lynis.html Kind regards, Michael -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - Memory is the second thing to go, but I can't remember the first! - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On 12/24/2013 01:42 AM, Bill Murray issued this missive: Dear all, I had trouble persuading 'fedup --network 20' to run on my f19 laptop. It install all the files and gets ready. Then it boots and gets as far as: [ OK ] Started trigger flushing of journal to persistent storage [ OK ] Started Forward Password Requests to Plymouth [ OK ] Started Forward Password Requests to Plymouth [ OK] Started Recreate Volatile files and Directories There are then 3 lines of selinux permission denied. But no problem, selinux is set permissive anyway. Earlier on I see 'dracut-initqueue[400] failed to issue method call: Access denied' However, when I add selinux=0 to the command line..installation proceeds. This is very odd - selinux was in permissive mode. I've said this before and I'll say it again...permissive mode does NOT allow ALL access (permissive != disabled, despite what others may say). If you see selinux deny messages, it's still being denied. I've seen this bite people a number of times. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - This message printed using recycled bandwidth- -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 12:21 PM, Robert Moskowitz wrote: On 12/24/2013 12:08 PM, Chris Murphy wrote: On Dec 24, 2013, at 9:59 AM, murph wrote: crazy glue in the screw. neat trick. At this point it is well worth trying. I not only want the caddy for the new SSD, but the old drive I want to put into an enclosure. If you damage the screws and have to replace them, remember that they're probably metric threads! --doug -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 08:59 AM, murph issued this missive: Something I've done successfully in the past for small, nearly stripped screws: Put a drop of crazy glue in the screw. Put the screwdriver in as straight as you can and balance against something. Let dry. Now try to get the screw out. Sounds crazy, but it has worked. Of course, this is last resort before drilling it out. Often 5-minute epoxy works better (thicker, goey-ier, can take a bit more torque and off-axis force than Crazy Glue). If the carrier isn't plastic, try a 30-watt soldering iron applied (no tinning) to the center of the screw head. Heat will often loosen that stuff. That being said, I've drilled and ez-outed more screws (from #2s and up) and bolts (I have old Jaguar cars) than I care to think about. -- - Rick Stevens, Systems Engineer, AllDigitalri...@alldigital.com - - AIM/Skype: therps2ICQ: 22643734Yahoo: origrps2 - -- - If you're not part of the solution, you're part of the precipitate - -- -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 12:08 PM, Chris Murphy wrote: On Dec 24, 2013, at 9:59 AM, murph wrote: crazy glue in the screw. neat trick. BTW, the reason I can hold this conversation and talk about taking apart a drive caddy, is I have an old one from a fried system. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 12:08 PM, Chris Murphy wrote: On Dec 24, 2013, at 9:59 AM, murph wrote: crazy glue in the screw. neat trick. At this point it is well worth trying. I not only want the caddy for the new SSD, but the old drive I want to put into an enclosure. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On Dec 24, 2013, at 9:59 AM, murph wrote: > crazy glue in the screw. neat trick. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
Something I've done successfully in the past for small, nearly stripped screws: Put a drop of crazy glue in the screw. Put the screwdriver in as straight as you can and balance against something. Let dry. Now try to get the screw out. Sounds crazy, but it has worked. Of course, this is last resort before drilling it out. --murph On Tue, Dec 24, 2013 at 11:54 AM, Robert Moskowitz wrote: > > > Right size screwdriver: Phillips #0; I have been doing this for close to 60 > years. Stripping phillips head screws that is :) > Heads not stripped. yet. Being careful. > Lots of pressure tried. Including holding screwdriver with wrench and > trying to turn. But can't maintain enough downward pressure to get it to > budge. > Heads not raised enough to grab with any pliers I own, and I have a lot of > them. Maybe try and file the heads square and see if that makes grabbing > them easier. > -- Team Amiga New Jersey - The less that I speak, the smarter I sound. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On 12/24/2013 11:33 AM, Chris Murphy wrote: > On Dec 24, 2013, at 8:43 AM, Robert Moskowitz > wrote: > >> Can't get the screws loose on the drive caddy (lenovo e120x)! >> Someone really torked them tight or glued them in. :( >> >> $9.9 to buy one used from someone that either figured out how to >> loosen the screws or has the right tools. >> >> Venting here. > > If the head has been stripped, the driver is wrong sized for the > screw. An exactly right sized driver with moderate pressure will > unstick a tight screw so long as it isn't actually glued. And in that > case with even more pressure it should still crack the glue with less > than Herculean effort. > > If the screw head is stripped and sticks out a bit you can use a > small file to create a couple notches top and bottom of the screw > then use needle nose pliers to unscrew it. Or you'll have to drill it > out. Thanks but... Right size screwdriver: Phillips #0; I have been doing this for close to 60 years. Stripping phillips head screws that is :) Heads not stripped. yet. Being careful. Lots of pressure tried. Including holding screwdriver with wrench and trying to turn. But can't maintain enough downward pressure to get it to budge. Heads not raised enough to grab with any pliers I own, and I have a lot of them. Maybe try and file the heads square and see if that makes grabbing them easier. Stupid manufacturers. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Trying to install to new drive, but drive caddy torked
On Dec 24, 2013, at 8:43 AM, Robert Moskowitz wrote: > Can't get the screws loose on the drive caddy (lenovo e120x)! Someone really > torked them tight or glued them in. :( > > $9.9 to buy one used from someone that either figured out how to loosen the > screws or has the right tools. > > Venting here. If the head has been stripped, the driver is wrong sized for the screw. An exactly right sized driver with moderate pressure will unstick a tight screw so long as it isn't actually glued. And in that case with even more pressure it should still crack the glue with less than Herculean effort. If the screw head is stripped and sticks out a bit you can use a small file to create a couple notches top and bottom of the screw then use needle nose pliers to unscrew it. Or you'll have to drill it out. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Tue, 24 Dec 2013 09:04:27 -0700 Chris Murphy wrote: > > On Dec 24, 2013, at 2:12 AM, Michael Schwendt wrote: > > > On Mon, 23 Dec 2013 19:25:49 -0600, Ranjan Maitra wrote: > > > >> ### BEGIN /etc/grub.d/10_linux ### > >> menuentry 'Fedora, with Linux 3.11.10-301.fc20.x86_64' --class fedora > >> --class gnu-linux --class gnu --class os $menuentry_id_option > >> 'gnulinux-3.11.10-301.fc20.x86_64-advanced-f96397ae-311d-4826-8fb0-6a0fe710dd9c' > >> { load_video > >> set gfxpayload=keep insmod gzio > >>insmod part_msdos > >>insmod ext2 > >>set root='hd0,msdos1' > >>if [ x$feature_platform_search_hint = xy ]; then > >> search --no-floppy --fs-uuid --set=root > >> --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 > >> --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' > >> 54f94607-a593-4d5c-b03a-356574992f4e else search --no-floppy --fs-uuid > >> --set=root 54f94607-a593-4d5c-b03a-356574992f4e fi > >> linux /vmlinuz-3.11.10-301.fc20.x86_64 resume=/dev/sda2 > >> root=/dev/sda3 ro vconsole.font=latarcyrheb-sun16 nomodeset rhgb > >> quiet } > > > > There is no "initrd" parameter for this first boot entry! > > What are the contents of the /boot directory? > > Right, so how is this computer even bootable? These kernels, without an > initramfs, will face plant on boot. > > I've found that anaconda sometimes issues grub2-mkconfig before the initramfs > is built, but it got fixed later once new-kernel-pkg called grubby. Yet > grubby is failing on this computer, which might be why this entry was never > fixed. > > The one other time I've seen this behavior, with a missing initrd entry, and > grubby's failure to "fix" it, was when I placed /boot on Btrfs (as its own > subvolume). This confuses grubby. But I'm not seeing an insmod btrfs in this > grub.cfg. And I'm not seeing that this computer has UEFI firmware or it would > have an insmod part_gpt. > > So I'd like to see the output from: > > grub2-install --debug /dev/sda Uploading (452.3KiB)... http://ur1.ca/g93u3 -> http://paste.fedoraproject.org/64213/13879023 > bash -x grub2-mkconfig -o /boot/grub2/grub.cfg Uploading (8.6KiB)... http://ur1.ca/g93u5 -> http://paste.fedoraproject.org/64214/02391138 > /boot/grub2/grub.cfg #from the above command Uploading (5.5KiB)... http://ur1.ca/g93ua -> http://paste.fedoraproject.org/64215/79024291 Thanks again, for all the help! Ranjan > Chris Murphy > > -- > users mailing list > users@lists.fedoraproject.org > To unsubscribe or change subscription options: > https://admin.fedoraproject.org/mailman/listinfo/users > Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct > Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines > Have a question? Ask away: http://ask.fedoraproject.org -- Important Notice: This mailbox is ignored: e-mails are set to be deleted on receipt. Please respond to the mailing list if appropriate. For those needing to send personal or professional e-mail, please use appropriate addresses. GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys Works with AIM®, MSN® Messenger, Yahoo!® Messenger, ICQ®, Google Talk™ and most webmails -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: fedup and selinux
On Dec 24, 2013, at 2:42 AM, Bill Murray wrote: > Dear all, >I had trouble persuading 'fedup --network 20' to run on my f19 laptop. It > install all the files and gets ready. Then it boots and gets as far as: > > [ OK ] Started trigger flushing of journal to persistent storage > [ OK ] Started Forward Password Requests to Plymouth > [ OK ] Started Forward Password Requests to Plymouth > [ OK] Started Recreate Volatile files and Directories > There are then 3 lines of selinux permission denied. But no problem, selinux > is set permissive anyway. > > Earlier on I see 'dracut-initqueue[400] failed to issue method call: Access > denied' > > However, when I add selinux=0 to the command line..installation proceeds. > This is very odd - selinux was in permissive mode. > > This is a bug I think? On a test VM with dracut and systemd debugging enabled (so it's slow): [5.094179] type=1404 audit(1387844762.554:2): enforcing=1 old_enforcing=0 auid=4294967295 ses=4294967295 The upgrade environment comes up in enforcing mode. [ 37.388496] upgrade[665]: /bin/upgra[ 37.427863] type=1404 audit(1387844794.861:9): enforcing=0 old_enforcing=1 auid=4294967295 ses=4294967295 de@18(setstate): UPGRADE_STATE=running Then goes to permissive mode. For fully 32 seconds it is in enforcing mode. And I see quite a few dracut-initqueue process entries at 15 seconds through 21 seconds. So all the preliminary setup logic before the upgrade runs, happens with enforcing enabled. It's not so good to use selinux=0 because it totally disables selinux and all the labels on files will be unset. You should instead use enforcing=0 which allows selinux to correctly label the system, while not enforcing policy. So I suggest that now that your system is upgraded to Fedora 20, assuming you leave selinux running in enforcing mode on this system, that you relabel it with: restorecon -R -v / As for whose bug this is, it could be mislabeling from the F19 system. But now that the system is upgraded it's difficult to reproduce to file a bug. I first would have tried a relabel from within Fedora 19: restorecon -R -v / and then tried the update without changing the selinux behavior. If it still failed, then I'd do: ausearch -m AVC to see exactly what's being denied and file a bug against it, or maybe against selinux-policy if the request is reasonable and the denial isn't. And then I'd rerun the upgrade with enforcing=0 as a work around. Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Linux hardening with Lynis
Hey. Looked over your link/app. how is this any different from rkhunter/chkrootkit or any of the other apps that inspect files for changes to indicate a potential root/virus issue? Does anyone know of an app/process that can prevent a rootkit/virus from modifying files, as opposed to simply detecting when/if a file has been modified? Thanks On Tue, Dec 24, 2013 at 2:39 AM, M. Boelen wrote: > Hi, > > I saw your post regarding guidance to harden/secure a Linux system [1]. > Did you already try my open source tool Lynis? > > http://www.rootkit.nl/projects/lynis.html > > Kind regards, > > Michael > > > [1] > https://lists.fedoraproject.org/pipermail/users/2013-December/443516.html > > -- > > > http://www.linkedin.com/in/mboelen - Connect with me on LinkedIn > > Also in love with my software? Consider a donation: > http://www.amazon.com/gp/registry/registry.html/ref=wlem-si-ht_gotowl/104-1424502-6563959?id=32XNM5AMPYBG8 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Dec 24, 2013, at 2:12 AM, Michael Schwendt wrote: > On Mon, 23 Dec 2013 19:25:49 -0600, Ranjan Maitra wrote: > >> ### BEGIN /etc/grub.d/10_linux ### >> menuentry 'Fedora, with Linux 3.11.10-301.fc20.x86_64' --class fedora >> --class gnu-linux --class gnu --class os $menuentry_id_option >> 'gnulinux-3.11.10-301.fc20.x86_64-advanced-f96397ae-311d-4826-8fb0-6a0fe710dd9c' >> { load_video >> set gfxpayload=keep insmod gzio >> insmod part_msdos >> insmod ext2 >> set root='hd0,msdos1' >> if [ x$feature_platform_search_hint = xy ]; then >>search --no-floppy --fs-uuid --set=root >> --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 >> --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' >> 54f94607-a593-4d5c-b03a-356574992f4e else search --no-floppy --fs-uuid >> --set=root 54f94607-a593-4d5c-b03a-356574992f4e fi >> linux/vmlinuz-3.11.10-301.fc20.x86_64 resume=/dev/sda2 >> root=/dev/sda3 ro vconsole.font=latarcyrheb-sun16 nomodeset rhgb >> quiet } > > There is no "initrd" parameter for this first boot entry! > What are the contents of the /boot directory? Right, so how is this computer even bootable? These kernels, without an initramfs, will face plant on boot. I've found that anaconda sometimes issues grub2-mkconfig before the initramfs is built, but it got fixed later once new-kernel-pkg called grubby. Yet grubby is failing on this computer, which might be why this entry was never fixed. The one other time I've seen this behavior, with a missing initrd entry, and grubby's failure to "fix" it, was when I placed /boot on Btrfs (as its own subvolume). This confuses grubby. But I'm not seeing an insmod btrfs in this grub.cfg. And I'm not seeing that this computer has UEFI firmware or it would have an insmod part_gpt. So I'd like to see the output from: grub2-install --debug /dev/sda bash -x grub2-mkconfig -o /boot/grub2/grub.cfg /boot/grub2/grub.cfg #from the above command Chris Murphy -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20 in VirtualBox VM
On Tue, 2013-12-24 at 14:40 +0800, Ed Greshko wrote: > On 12/24/13 14:06, Ed Greshko wrote: > > I guess I'd be interested in the output of > > > > cat /proc/cpuinfo 8 repetitions of: > processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 60 model name : Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz stepping: 3 microcode : 0x16 cpu MHz : 800.000 cache size : 8192 KB physical id : 0 siblings: 8 core id : 3 cpu cores : 4 apicid : 7 initial apicid : 7 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon pebs bts rep_good nopl xtopology nonstop_tsc aperfmperf eagerfpu pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 fma cx16 xtpr pdcm pcid sse4_1 sse4_2 movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand lahf_lm abm ida arat epb xsaveopt pln pts dtherm tpr_shadow vnmi flexpriority ept vpid fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid bogomips: 6995.85 clflush size: 64 cache_alignment : 64 address sizes : 39 bits physical, 48 bits virtual power management: > And maybe > > lshw -C processor | grep width > lscpu | grep "CPU op-mode" [root@mongoliad mythtv]# lshw -C processor | grep width width: 64 bits [root@mongoliad mythtv]# lscpu | grep "CPU op-mode" CPU op-mode(s):32-bit, 64-bit --Greg -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Trying to install to new drive, but drive caddy torked
Can't get the screws loose on the drive caddy (lenovo e120x)! Someone really torked them tight or glued them in. :( $9.9 to buy one used from someone that either figured out how to loosen the screws or has the right tools. Venting here. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On 12/24/2013 05:19 AM, Ed Greshko wrote: On 12/24/13 17:21, Tom H wrote: On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko wrote: After making the suggested changes. [root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt [root@meimei ~]# mount | grep mnt 192.168.0.196:/home on /mnt type nfs4 (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) [root@meimei ~]# umount /mnt [root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt mount.nfs: requested NFS version or transport protocol is not supported I tried disallowing v2 and v3 on Fedora 19 and failed. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the kernel and "mount -t -o nfsvers=3 ..." succeeds. I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 and v3 are disabled. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and "mount -t -o nfsvers=3 ..." fails. I must've done something wrong on Fedora 19. I'll have to try again later, but I can't see anything wrong in my setup offhand. On an F20 system where I'm doing the testing root@f20f ~]# cat /proc/fs/nfsd/versions -2 -3 +4 +4.1 -4.2 Shows only 4 and 4.1 allowed. I suppose I could try it on F19 for you at some point. Did you look into /etc/nfsmount.conf file? It has lots of useful hints in comments and seems to be able to control NFS versions at 3 levels - per mount point, per server and globally. It is done on the client end. Cheers, Leon -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: x2go fedora howto
Neal Becker wrote: > I'm trying to test x2go on f20, but doc is very thin. > > I installed x2goserver on server, and x2goclient on client. When I try to > create a session, I just get a textbox with this message: > > > The host key for this server was not found but an othertype of key exists.An > attacker might change the default server key toconfuse your client into > thinking the key does not exist > > I then read that freenx-server was needed, so I installed that on the server. > > I did not configure any packages on the server (is any config needed?) > I found the problem: http://john.wesorick.com/2011/11/issues-installing-x2go.html -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
x2go fedora howto
I'm trying to test x2go on f20, but doc is very thin. I installed x2goserver on server, and x2goclient on client. When I try to create a session, I just get a textbox with this message: The host key for this server was not found but an othertype of key exists.An attacker might change the default server key toconfuse your client into thinking the key does not exist I then read that freenx-server was needed, so I installed that on the server. I did not configure any packages on the server (is any config needed?) -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
Quoting Ed Greshko : On 12/24/13 21:24, Robert P. J. Day wrote: just to explain where this all came from, i was working off of what i was seeing on a RHEL (actually CentOS) 6.5 system, where the config file /etc/sysconfig/nfs had helpful comments which allowed me to tweak that file thusly: # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" ... snip ... # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support RPCNFSDARGS="-N 2 -N 3" if i make the above changes and restart NFS (on the RHEL system), the *only* NFS-related entries i see in the output of "rpcinfo -p" are: 134 tcp 2049 nfs 134 udp 2049 nfs and that's *it*, nothing more, which is what i expected. sadly, i don't have access to my fedora 20 box at the moment, but all i was doing was trying to produce the same result -- only those two lines in the output of "rpcinfo -p". i can see that the *effect* of the earlier suggestions is the same, in that only NFSv4 is supported, but there is still that crud in the output of "rpcinfo -p" that seems irrelevant. oh, and on the RHEL 6.5 system, the contents of the file /proc/fs/nfsd/versions correctly contains: -2 -3 +4 -4.1 OK. In any event, I think the original question has been answered. Yes, you can configure nfs on Fedora to allow only NFSv4. Agreed? yup, agreed. rday -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On 12/24/13 21:24, Robert P. J. Day wrote: > just to explain where this all came from, i was working off of what > i was seeing on a RHEL (actually CentOS) 6.5 system, where the config > file /etc/sysconfig/nfs had helpful comments which allowed me to > tweak that file thusly: > > # Define which protocol versions mountd > # will advertise. The values are "no" or "yes" > # with yes being the default > MOUNTD_NFS_V2="no" > MOUNTD_NFS_V3="no" > ... snip ... > # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) > # Turn off v2 and v3 protocol support > RPCNFSDARGS="-N 2 -N 3" > > if i make the above changes and restart NFS (on the RHEL system), > the *only* NFS-related entries i see in the output of "rpcinfo -p" are: > > 134 tcp 2049 nfs > 134 udp 2049 nfs > > and that's *it*, nothing more, which is what i expected. > > sadly, i don't have access to my fedora 20 box at the moment, > but all i was doing was trying to produce the same result -- > only those two lines in the output of "rpcinfo -p". i can see > that the *effect* of the earlier suggestions is the same, in > that only NFSv4 is supported, but there is still that crud in > the output of "rpcinfo -p" that seems irrelevant. > > oh, and on the RHEL 6.5 system, the contents of the file > /proc/fs/nfsd/versions correctly contains: > > -2 -3 +4 -4.1 OK. In any event, I think the original question has been answered. Yes, you can configure nfs on Fedora to allow only NFSv4. Agreed? -- Getting tired of non-Fedora discussions and self-serving posts -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
Quoting Ed Greshko : On 12/24/13 17:21, Tom H wrote: On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko wrote: After making the suggested changes. [root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt [root@meimei ~]# mount | grep mnt 192.168.0.196:/home on /mnt type nfs4 (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) [root@meimei ~]# umount /mnt [root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt mount.nfs: requested NFS version or transport protocol is not supported I tried disallowing v2 and v3 on Fedora 19 and failed. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the kernel and "mount -t -o nfsvers=3 ..." succeeds. I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 and v3 are disabled. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and "mount -t -o nfsvers=3 ..." fails. I must've done something wrong on Fedora 19. I'll have to try again later, but I can't see anything wrong in my setup offhand. On an F20 system where I'm doing the testing root@f20f ~]# cat /proc/fs/nfsd/versions -2 -3 +4 +4.1 -4.2 Shows only 4 and 4.1 allowed. just to explain where this all came from, i was working off of what i was seeing on a RHEL (actually CentOS) 6.5 system, where the config file /etc/sysconfig/nfs had helpful comments which allowed me to tweak that file thusly: # Define which protocol versions mountd # will advertise. The values are "no" or "yes" # with yes being the default MOUNTD_NFS_V2="no" MOUNTD_NFS_V3="no" ... snip ... # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) # Turn off v2 and v3 protocol support RPCNFSDARGS="-N 2 -N 3" if i make the above changes and restart NFS (on the RHEL system), the *only* NFS-related entries i see in the output of "rpcinfo -p" are: 134 tcp 2049 nfs 134 udp 2049 nfs and that's *it*, nothing more, which is what i expected. sadly, i don't have access to my fedora 20 box at the moment, but all i was doing was trying to produce the same result -- only those two lines in the output of "rpcinfo -p". i can see that the *effect* of the earlier suggestions is the same, in that only NFSv4 is supported, but there is still that crud in the output of "rpcinfo -p" that seems irrelevant. oh, and on the RHEL 6.5 system, the contents of the file /proc/fs/nfsd/versions correctly contains: -2 -3 +4 -4.1 rday -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Possibly OT --- Adobe flash player; how to get it to run?
On 12/24/2013 04:58 PM, Frank Murphy wrote: On Tue, 24 Dec 2013 21:56:22 +1300 Rolf Turner wrote: People keep sending me links to videos and then when I click on them Firefox says that the video won't play since I don't have flash installed. But then when I click on the installer I (eventually) get messages to the effect that the required package is already installed. Adobe have stopped updating flash for Linux. Yes and no. They have stopped enhancing it, but they are still bug fixing, especially for security issues. The latest update RPM on my Fedora 19 boxes is less than a month old. That said, flash is on its way out. If you consider they have withdrawn flash from the largest single media platform on the planet - Android - its obviously going through a near death experience. Its just a pity so many web site are super slow at reworking their platform to feed us video in other ways. Steve -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On 12/24/13 17:21, Tom H wrote: > On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko wrote: >> >> After making the suggested changes. >> >> [root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt >> [root@meimei ~]# mount | grep mnt >> 192.168.0.196:/home on /mnt type nfs4 >> (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) >> [root@meimei ~]# umount /mnt >> >> [root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt >> mount.nfs: requested NFS version or transport protocol is not supported > I tried disallowing v2 and v3 on Fedora 19 and failed. > > "cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the > kernel and "mount -t -o nfsvers=3 ..." succeeds. > > I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 > and v3 are disabled. > > "cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and > "mount -t -o nfsvers=3 ..." fails. > > I must've done something wrong on Fedora 19. I'll have to try again > later, but I can't see anything wrong in my setup offhand. On an F20 system where I'm doing the testing root@f20f ~]# cat /proc/fs/nfsd/versions -2 -3 +4 +4.1 -4.2 Shows only 4 and 4.1 allowed. I suppose I could try it on F19 for you at some point. -- Getting tired of non-Fedora discussions and self-serving posts -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
fedup and selinux
Dear all, I had trouble persuading 'fedup --network 20' to run on my f19 laptop. It install all the files and gets ready. Then it boots and gets as far as: [ OK ] Started trigger flushing of journal to persistent storage [ OK ] Started Forward Password Requests to Plymouth [ OK ] Started Forward Password Requests to Plymouth [ OK] Started Recreate Volatile files and Directories There are then 3 lines of selinux permission denied. But no problem, selinux is set permissive anyway. Earlier on I see 'dracut-initqueue[400] failed to issue method call: Access denied' However, when I add selinux=0 to the command line..installation proceeds. This is very odd - selinux was in permissive mode. This is a bug I think? Bill -- Bill Murray ATLAS STFC/Warwick at: Bat 40-4-C26, CERN,1211 Meyrin, Geneve 23, Switzerland Tel:- CERN +41 22 7678432 -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On Tue, Dec 24, 2013 at 2:10 AM, Ed Greshko wrote: > On 12/24/13 09:12, Robert P. J. Day wrote: > > After making the suggested changes. > > [root@meimei ~]# mount -o ro,nfsvers=4 192.168.0.196:/home /mnt > [root@meimei ~]# mount | grep mnt > 192.168.0.196:/home on /mnt type nfs4 > (ro,relatime,vers=4.0,rsize=262144,wsize=262144,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=192.168.0.18,local_lock=none,addr=192.168.0.196) > [root@meimei ~]# umount /mnt > > [root@meimei ~]# mount -o ro,nfsvers=3 192.168.0.196:/home /mnt > mount.nfs: requested NFS version or transport protocol is not supported I tried disallowing v2 and v3 on Fedora 19 and failed. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are allowed by the kernel and "mount -t -o nfsvers=3 ..." succeeds. I ssh'd into a RHEL 6 box and an Ubuntu 14.04 VM where I know that v2 and v3 are disabled. "cat /proc/fs/nfsd/versions" shows that v2 and v3 are disallowed and "mount -t -o nfsvers=3 ..." fails. I must've done something wrong on Fedora 19. I'll have to try again later, but I can't see anything wrong in my setup offhand. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Possibly OT --- Adobe flash player; how to get it to run?
On Tue, 2013-12-24 at 21:56 +1300, Rolf Turner wrote: [Looking for Flash Player] > > Grateful for any suggestions and/or advice. Googling didn't turn this up? https://fedoraproject.org/wiki/Flash > > cheers, > > Rolf Turner > > -- Matthew Saltzman Clemson University Math Sciences mjs AT clemson DOT edu -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: F20: yum update does not automatically update grub2
On Mon, 23 Dec 2013 19:25:49 -0600, Ranjan Maitra wrote: > ### BEGIN /etc/grub.d/10_linux ### > menuentry 'Fedora, with Linux 3.11.10-301.fc20.x86_64' --class fedora > --class gnu-linux --class gnu --class os $menuentry_id_option > 'gnulinux-3.11.10-301.fc20.x86_64-advanced-f96397ae-311d-4826-8fb0-6a0fe710dd9c' > { load_video > set gfxpayload=keep insmod gzio > insmod part_msdos > insmod ext2 > set root='hd0,msdos1' > if [ x$feature_platform_search_hint = xy ]; then > search --no-floppy --fs-uuid --set=root > --hint-bios=hd0,msdos1 --hint-efi=hd0,msdos1 > --hint-baremetal=ahci0,msdos1 --hint='hd0,msdos1' > 54f94607-a593-4d5c-b03a-356574992f4e else search --no-floppy --fs-uuid > --set=root 54f94607-a593-4d5c-b03a-356574992f4e fi > linux /vmlinuz-3.11.10-301.fc20.x86_64 resume=/dev/sda2 > root=/dev/sda3 ro vconsole.font=latarcyrheb-sun16 nomodeset rhgb > quiet } There is no "initrd" parameter for this first boot entry! What are the contents of the /boot directory? If the initramfs image file for this kernel is missing, it's no surprise that grubby doesn't recognise this boot menu entry. The image may be regenerated using "dracut" (see "man dracut"). That it refers to the root device with UUID and /dev/sda3 is strange, too. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On Tue, Dec 24, 2013 at 12:44 AM, Ed Greshko wrote: > > Port 2049 is used by V4. I don't think V3 or V2 uses it 2049 is the nfs port for all nfs versions. "grep nfs /etc/services" -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On Tue, Dec 24, 2013 at 12:15 AM, Robert P. J. Day wrote: > Quoting Ed Greshko : >> >> In /etc/sysconfig/nfs >> >> # Optional arguments passed to rpc.nfsd. See rpc.nfsd(8) >> RPCNFSDARGS="" >> >> man 8 rpc.nfsd >> >> -N or --no-nfs-version vers >> This option can be used to request that rpc.nfsd does not >> offer >> certain versions of NFS. The current version of rpc.nfsd can >> sup‐ >> port NFS versions 2,3,4 and the newer version 4.1. > > i tried that and it didn't seem to work, in the sense that when i > ran "rpcinfo -p" to verify the result, here's part of the output: > > 133 tcp 2049 nfs > 1002273 tcp 2049 nfs_acl > 133 udp 2049 nfs > 1002273 udp 2049 nfs_acl > 134 tcp 2049 nfs > 134 udp 2049 nfs > > so isn't that telling me i still have both versions 3 and 4? here's > the line i added to the file: > > RPCNFSDARGS="-N 2 -N 3" 1) Try "mount -t nfs -o nfsvers=3 ..." 2) cat /proc/fs/nfsd/versions -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On Mon, Dec 23, 2013 at 11:16 PM, Robert P. J. Day wrote: > > how does one configure fedora 20 to support only NFSv4? i'm used to > mucking with /etc/sysconfig/nfs in earlier versions of RH, and tweaking > the variables MOUNTD_NFS_V* and RPCNFSDARGS. i don't see those vars > in fedora 20 and, according to "rpcinfo -p", i'm currently supporting > NFS versions both 3 and 4. so how does one turn off NFSv3? thanks. RPCNFSDARGS="-N 2 -N3" or RPCNFSDARGS="--no-nfs-version 2 --no-nfs-version 3" -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Possibly OT --- Adobe flash player; how to get it to run?
On 24/12/13 21:58, Frank Murphy wrote: On Tue, 24 Dec 2013 21:56:22 +1300 Rolf Turner wrote: People keep sending me links to videos and then when I click on them Firefox says that the video won't play since I don't have flash installed. But then when I click on the installer I (eventually) get messages to the effect that the required package is already installed. Adobe have stopped updating flash for Linux. So is there anything that I can do so as to be able to watch such videos? cheers, Rolf Turner -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: can you (theoretically) run only NFSv4 (without earlier versions)?
On Mon, Dec 23, 2013 at 7:14 PM, Robert P. J. Day wrote: > Quoting Tom H : >> On Fri, Dec 20, 2013 at 2:34 PM, Robert P. J. Day >> wrote: >>> >>> a long, long time ago, i reported an apparent glitch with NFS on >>> fedora: >>> >>> https://lists.fedoraproject.org/pipermail/users/2010-January/097465.html >>> >>> in that, at the time, it *appeared* that you couldn't set up >>> NFS so that *only* version 4 was running. before i start messing >>> with this again, anyone know whether that's changed? that is, >>> is it possible to set up a network in which only NFSv4 is running, >>> and no earlier versions are supported? thanks. >> >> It's been possible to run nfsv4-only nfs for a long time, with only >> port 2049 being let through the firewall. It only appears that you >> can't because because rpc.mountd has to run on the server but it's >> only involved in the exporting and not the mounting. > > a followup question, then -- i'm reading the RHEL docs (but i imagine > the contents are applicable here as long as we're talking about NFSv4); > the section on NFS reads: > > "The mounting and locking protocols have been incorporated into the NFSv4 > protocol. The server also listens on the well-known TCP port 2049. As such, > NFSv4 does not need to interact with rpcbind [3], lockd, and rpc.statd > daemons." > > does that mean that if i configure my system(s) to run NFSv4 only, > those daemons no longer need to be run? better yet, if i configure > for NFSv4 *only*, will those daemons even be started? i guess i could > peruse /etc/rc.d/init.d/nfs to find out. 1) NFSv3 a) set up versions of nfsd, rpc.mountd in "/etc/sysconfig/nfs" b) set up fixed ports for rpc.lockd, rpc.mountd, rpc.statd, rpc.quotad in "/etc/sysconfig/nfs" c) set up firewall rules to allow rpcbind, nfsd, rpc.lockd, rpc.mountd, rpc.statd, rpc.quotad in "/etc/sysconfig/iptables" 1) NFSv4 a) set up versions of nfsd, rpc.mountd in "/etc/sysconfig/nfs" b) set up firewall rule to allow nfsd in "/etc/sysconfig/iptables" -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Re: Possibly OT --- Adobe flash player; how to get it to run?
On Tue, 24 Dec 2013 21:56:22 +1300 Rolf Turner wrote: > > People keep sending me links to videos and then when I click on > them Firefox says that the video won't play since I don't have > flash installed. But then when I click on the installer I > (eventually) get messages to the effect that the required package > is already installed. > > Adobe have stopped updating flash for Linux. -- Regards, Frank www.frankly3d.com -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Possibly OT --- Adobe flash player; how to get it to run?
People keep sending me links to videos and then when I click on them Firefox says that the video won't play since I don't have flash installed. But then when I click on the installer I (eventually) get messages to the effect that the required package is already installed. If I click on Tools -> Addons -> Plugins I get messages to the effect that I don't "have any plugins of this type installed". (***WHAT*** deleted> type? I never mentioned any "type"!!! I've googled around quite a bit and any suggestion that I've found was of no use whatever. (I.e. I keep getting the same message that I don't have flash installed.) WTF do I have to do? Is the problem the fact that I am still running Fedora 17? (I have not upgraded since everything except the flash business seems to be running smoothly, and I don't want to get into an incomprehensible upgrade hassle unless I absolutely have to.) Grateful for any suggestions and/or advice. cheers, Rolf Turner -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org