On Mon, 13 Mar 2006 19:48:39 -0500 Ignacio Vazquez-Abrams wrote:
> Is this with 2.14.0 or the previous build?
It is with deskbar-applet-2.13.91-3.fc5 downloaded on 13th of March
but I'm seeing that 2.14 was released and now it is available also in
Fedora Extras: I'm going to update and feedback.
I
Updated Packages:
anaconda-11.0.3-1
-
* Mon Mar 13 2006 Jeremy Katz - 11.0.3-1
- Check for none in size test (clumens, #185172)
- Fix hard drive install (clumens)
- Don't clobber network on upgrade (pnasrat, #183203)
- Fix some simple syntax errors (#185275)
- Allow 128M PE s
Hi.
On Tue, 14 Mar 2006 03:09:05 -0500, Build System wrote:
> firefox-1.5.0.1-9
> -
> * Sat Mar 11 2006 Christopher Aillon - 1.5.0.1-9
> - Add a notice to the about dialog denoting this is a pango enabled
> build.
> - Tweak the user agent denoting this is a pango enabled build.
On Mon, 2006-03-13 at 15:30 -0700, Orion Poplawski wrote:
> I there some docs (FAQ/ReleaseNotes?) that describe how to make changes
> to policy in FC5?
Doing minor tweaks is described at:
http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
As for wholesale policy changes, I don't k
On 3/13/06, Mike Chambers wrote:
>
> I would try an install from rawhide and see if that works with the
> latest kernel/packages.
>
Just installed RawHide. hangs at the very same place :(
I also have a bunch of messages like:
PCI: Cannot allocate resource region X of device Y
are there any smar
it seems ok now also in x86_64 with deskbar-applet-2.14.0-1.fc5
Thanks Gianluca
On Tue, Mar 14, 2006 at 01:18:14AM -0800, Nathanael D. Noblet wrote:
> On Tue, 2006-03-14 at 03:09 -0500, Build System wrote:
> > Broken deps for i386
> > --
> > ekiga - 1.99.1-2.i386 requires libpt_linux_x86_r.so.1.9.3
> > ekiga - 1.9
What do you think about the attached patch to ifup-wireless? Works for me :)
Index: ifup-wireless
===
RCS file: /usr/local/CVS/initscripts/sysconfig/network-scripts/ifup-wireless,v
retrieving revision 1.12
diff -u -r1.12 ifup-wireless
Igor Jagec wrote:
Hapy Birthday To You
Hapy Birthday To You
Hapy Birthday Dear Jesse
Hapy Birthday To You
Cheers mate!;-)
You better not have sung that while typing, or you'll be facing a nasty
copyright suit. *grin*
(Ref. http://www.snopes.com/music/songs/birthday.asp for those who
Ralf Ertzinger wrote:
Hi.
On Wed, 8 Mar 2006 17:04:09 +0100, Patrice Dumas wrote:
[du...@nor75-15-82-67-190-22 include]$ rpm
-qf /usr/X11R6/include/Mrm/MrmAppl.h openmotif-devel-2.3.0-0.1.9.2
[du...@nor75-15-82-67-190-22 include]$ rpm -qf /usr/X11R6/include/Mrm/
file /usr/X11R6/include/Mrm
Paul Howarth wrote:
On Mon, 2006-03-13 at 15:30 -0700, Orion Poplawski wrote:
I there some docs (FAQ/ReleaseNotes?) that describe how to make changes
to policy in FC5?
Doing minor tweaks is described at:
http://fedoraproject.org/wiki/SELinux/LoadableModules/Audit2allow
I've taken a look at A
Dennis Jacobfeuerborn wrote:
Paul Howarth wrote:
On Mon, 2006-03-13 at 15:30 -0700, Orion Poplawski wrote:
I there some docs (FAQ/ReleaseNotes?) that describe how to make
changes to policy in FC5?
Doing minor tweaks is described at:
http://fedoraproject.org/wiki/SELinux/LoadableModules/Aud
> Not an answer to your question but there's an interesting discussion on
> AppArmor and SELinux in Dan Walsh's blog:
>
> http://danwalsh.livejournal.com/424.html
maybe it's time to accept that SELinux as technology is doomed. Not
because the code is bad, but because it's Just Too Complex(tm).
On 3/14/06, Dennis Jacobfeuerborn wrote:
> I've taken a look at AppArmor and it looks like a much more incremental
> and easier to use solution than selinux. It's not as powerful but all this
> power doesn't help much if most people will turn off selinux anyway because
> it gets in the way. Has an
Arjan van de Ven wrote:
Not an answer to your question but there's an interesting discussion on
AppArmor and SELinux in Dan Walsh's blog:
http://danwalsh.livejournal.com/424.html
maybe it's time to accept that SELinux as technology is doomed. Not
because the code is bad, but because it's Jus
I'm not sure I buy that SELinux is doomed.
While it may be complex we use it on all of our linux servers and
desktops. We've had a few problems but that caused us to read the docs
and learn how to write policy to deal with these things.
Just like any new technology there are going to be learning
Jeff Spaleta wrote:
On 3/14/06, Dennis Jacobfeuerborn wrote:
I've taken a look at AppArmor and it looks like a much more incremental
and easier to use solution than selinux. It's not as powerful but all this
power doesn't help much if most people will turn off selinux anyway because
it gets in
On 03/14/2006 03:25 AM, Ralf Ertzinger wrote:
Hi.
On Tue, 14 Mar 2006 03:09:05 -0500, Build System wrote:
firefox-1.5.0.1-9
-
* Sat Mar 11 2006 Christopher Aillon - 1.5.0.1-9
- Add a notice to the about dialog denoting this is a pango enabled
build.
- Tweak the user agent deno
Orion Poplawski wrote:
I there some docs (FAQ/ReleaseNotes?) that describe how to make
changes to policy in FC5?
http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions
On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
> complex solutions. AppArmor looks more attractive to me because while it
> may not be perfect at least it's usable and easily understandable compared
> to selinuxes black wizardry.
Lots of things can look pretty but it does
On Tue, 2006-03-14 at 15:13 +0100, Arjan van de Ven wrote:
> > Not an answer to your question but there's an interesting discussion on
> > AppArmor and SELinux in Dan Walsh's blog:
> >
> > http://danwalsh.livejournal.com/424.html
>
>
> maybe it's time to accept that SELinux as technology is doo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel J Walsh wrote:
> Orion Poplawski wrote:
>
>> I there some docs (FAQ/ReleaseNotes?) that describe how to make
>> changes to policy in FC5?
>>
> http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions
>
This should be widely linked and beco
Alan Cox wrote:
On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
complex solutions. AppArmor looks more attractive to me because while it
may not be perfect at least it's usable and easily understandable compared
to selinuxes black wizardry.
Lots of things can look prett
Stephen Smalley wrote:
On Tue, 2006-03-14 at 15:13 +0100, Arjan van de Ven wrote:
Not an answer to your question but there's an interesting discussion on
AppArmor and SELinux in Dan Walsh's blog:
http://danwalsh.livejournal.com/424.html
maybe it's time to accept that SELinux as technology is
On Tue, 2006-03-14 at 16:55 +0100, Dennis Jacobfeuerborn wrote:
> Stephen Smalley wrote:
> > No, there is quite a bit of ongoing work on improving useability for
> > SELinux, including several new higher level tools that have been
> > recently released.
> [snip]
>
> Where can I get more informatio
On Tue, Mar 14, 2006 at 15:13:15 +0100,
Arjan van de Ven wrote:
>
> maybe it's time to accept that SELinux as technology is doomed. Not
> because the code is bad, but because it's Just Too Complex(tm).
> Complexity kills, and I think the time it is taking to get to the point
> where at least le
Arjan van de Ven wrote:
Not an answer to your question but there's an interesting discussion on
AppArmor and SELinux in Dan Walsh's blog:
http://danwalsh.livejournal.com/424.html
maybe it's time to accept that SELinux as technology is doomed. Not
because the code is bad, but because it'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dennis Jacobfeuerborn wrote:
> Alan Cox wrote:
>
>> On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
>>
>>> complex solutions. AppArmor looks more attractive to me because while
>>> it may not be perfect at least it's usable and
On 3/14/06, Dennis Jacobfeuerborn wrote:
> Alan Cox wrote:
> > On Tue, Mar 14, 2006 at 03:24:45PM +0100, Dennis Jacobfeuerborn wrote:
> >> complex solutions. AppArmor looks more attractive to me because while it
> >> may not be perfect at least it's usable and easily understandable compared
> >> t
On Tue, Mar 14, 2006 at 04:52:54PM +0100, Dennis Jacobfeuerborn wrote:
> I understand that but if this system that "solves the fundamental problems"
> is so complex that most people just turn it off then the gain in security
> you get is pretty much theoretical. Security isn't an all-or-nothing t
> I equate SELinux to the point when personal firewalls were first being
> introduced to each computer, everyone at that point just turned them
> off. But eventually the technology got to the point where most people
> don't
> realize they have a firewall running on there system.
I start hearin
On 3/14/06, Stephen J. Smoogen wrote:
> 3) They found a legitimate problem with selinux but did not have the
> tools to debug it or had the training needed to fix it.
I'm getting more comfortable with at least troubleshooting selinux
errors by looking for avc error messages in the logs. But somet
On Tue, 2006-03-14 at 11:33 -0500, Jeff Spaleta wrote:
> On 3/14/06, Stephen J. Smoogen wrote:
> > 3) They found a legitimate problem with selinux but did not have the
> > tools to debug it or had the training needed to fix it.
>
> I'm getting more comfortable with at least troubleshooting selinu
Jeff Spaleta wrote:
On 3/14/06, Stephen J. Smoogen wrote:
3) They found a legitimate problem with selinux but did not have the
tools to debug it or had the training needed to fix it.
I'm getting more comfortable with at least troubleshooting selinux
errors by looking for avc error mes
>
> I'm over-simplifying, but the main source of complexity in the current
> SELinux environment is its comprehensive nature. None of the security
> models currently used in SELinux is particularly complex. The MLS
> security model is counter-intuitive, but it's also not currently used
> ;-P A
On 3/14/06, Stephen Smalley wrote:
> Under FC4 and earlier:
> http://fedora.redhat.com/docs/selinux-faq-fc3/index.html#id2827008
>
> Under FC5, you install the enableaudit.pp package, see the end of:
> http://fedoraproject.org/wiki/SELinux/Troubleshooting
>
> The wiki could use some help...
excel
Stephen J. Smoogen writes:
>
> To be honest, we have found that the following people turn off SeLinux
> for the following reasons:
>
> 1) They were told that xyz would be fixed by turning off SeLinux. In
> most cases, they the problem with xyz was really a config issue that
> they then fix
Florian La Roche wrote:
>>I equate SELinux to the point when personal firewalls were first being
>>introduced to each computer, everyone at that point just turned them
>>off. But eventually the technology got to the point where most people
>>don't
>>realize they have a firewall running on there
> 5) They don't want enhanced security. I suspect this is a sizable
>number of people.
or rather, they don't care as long as it doesn't get in the way at all.
On Tue, Mar 14, 2006 at 11:33:05 -0500,
>
> Are there selinux interactions which will not generate avc messages as
> a matter of selinux design? If so how do i troubleshoot or even
> confirm that selinux policy is what an application is tripping over in
> those situations?
I believe there is a w
On Tue, 2006-03-14 at 17:45 +0100, Arjan van de Ven wrote:
> which is because the policy design seems to keep starting from the wrong
> place. That policy design is aimed for a "strict" policy. Even the so
> called targeted policy tries to work in a strict way.
>
> With this I mean it tries to be
Harald Hoyer (har...@redhat.com) said:
> What do you think about the attached patch to ifup-wireless? Works for me :)
This should really be done in NM.
Bill
Hi.
On Tue, 14 Mar 2006 12:30:08 -0500, Stephen Smalley wrote:
> Go read:
> http://www.ranum.com/security/computer_security/editorials/dumb/
So shipping the targetted policy is a dumb idea. RH will be glad to hear that.
On Tue, 2006-03-14 at 12:30 -0500, Stephen Smalley wrote:
> On Tue, 2006-03-14 at 17:45 +0100, Arjan van de Ven wrote:
> > which is because the policy design seems to keep starting from the wrong
> > place. That policy design is aimed for a "strict" policy. Even the so
> > called targeted policy tr
On Tue, 2006-03-14 at 18:36 +0100, Ralf Ertzinger wrote:
> Hi.
>
> On Tue, 14 Mar 2006 12:30:08 -0500, Stephen Smalley wrote:
>
> > Go read:
> > http://www.ranum.com/security/computer_security/editorials/dumb/
>
> So shipping the targetted policy is a dumb idea. RH will be glad to hear that.
Ta
may I use mock to test compilation of the 64bit variant of a rpm using
my regular 32bit centrino laptop?
Thanks in advance
Gianluca
On Tue, 2006-03-14 at 18:48 +0100, Gianluca Sforna wrote:
> may I use mock to test compilation of the 64bit variant of a rpm using
> my regular 32bit centrino laptop?
Nope.
--
Ignacio Vazquez-Abrams
http://fedora.ivazquez.net/
gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72
signatu
On Tue, 2006-03-14 at 16:54 +, Andrew Haley wrote:
> Stephen J. Smoogen writes:
> >
> > To be honest, we have found that the following people turn off SeLinux
> > for the following reasons:
> >
> > 1) They were told that xyz would be fixed by turning off SeLinux. In
> > most cases, they
On Tue, 14 Mar 2006 08:04:05 -0500 Doug Stewart
>You better not have sung that while typing, or you'll be facing a
nasty copyright suit. *grin*
And casually he missed one of the p in the first word... ;-)
Something like in M$?
On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> Harald Hoyer (har...@redhat.com) said:
> > What do you think about the attached patch to ifup-wireless? Works for me :)
>
> This should really be done in NM.
I may have the wrong end of the stick, but what about the increasingly
common
On 3/14/06, Ralf Corsepius wrote:
> On Tue, 2006-03-14 at 16:54 +, Andrew Haley wrote:
> > Stephen J. Smoogen writes:
> Finally, one fundamental problem, probably most users ask them
> themselves: Is coping with all the issues SELinux causes worth the
> effort, and does it really help the use
Arjan van de Ven wrote:
>
> The parallel to firewalls has been made several times. But in fact the
> linux firewall does exactly this; the "related" ruleset is a dynamic
> behavior that allows more than strictly would be needed to be allowed,
> yet it's an effective way to keep things tight when y
Keith Sharp (k...@passback.co.uk) said:
> On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> > Harald Hoyer (har...@redhat.com) said:
> > > What do you think about the attached patch to ifup-wireless? Works for me
> > > :)
> >
> > This should really be done in NM.
>
> I may have the w
Ralf Ertzinger wrote:
Hi.
On Tue, 14 Mar 2006 12:30:08 -0500, Stephen Smalley wrote:
Go read:
http://www.ranum.com/security/computer_security/editorials/dumb/
So shipping the targetted policy is a dumb idea. RH will be glad to hear that.
No targeted policy is confining the select
On Tue, Mar 14, 2006 at 09:26:01AM -0700, Stephen J. Smoogen wrote:
> To be honest, we have found that the following people turn off SeLinux
> for the following reasons:
[1-4]
5. They copied their / through remounting and rsync to another
partition on another disk to be able to change the partitio
On Tue, 2006-03-14 at 18:29 +, Keith Sharp wrote:
> On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> > Harald Hoyer (har...@redhat.com) said:
> > > What do you think about the attached patch to ifup-wireless? Works for me
> > > :)
> >
> > This should really be done in NM.
>
> I m
http://fedoraproject.org/wiki/SELinux/FAQ/ProposedAdditions#head-6dcc9a7f5f2d7e7ee033e777caacebb434713dd7
"The most common reason for a silent denial is when the policy
contains an explicit dontaudit rule to suppress audit messages. The
dontaudit rule is often used this way when a benign de
The selinux cra^Wlabels should have been taken into account in
cp/tar/rsync and other applications that copy executables before
cp has supported selinux for quite some time now.
As far as recovering from disaster is concerned... there's the option of
turning selinux off, or enabling it in
smo...@gmail.com ("Stephen J. Smoogen") writes:
>> Finally, one fundamental problem, probably most users ask them
>> themselves: Is coping with all the issues SELinux causes worth the
>> effort, and does it really help the user?
>>
>> I guess, all Fedora users have been fighting with SELinux at so
A while back my lower-window keybinding stopped working and I filed a
bug against metacity. Turns out it wasn't metacity because it started
working after an update and metacity hadn't changed. Well, it's back and
even though metacity has been updated, I don't believe it's metacity's
fault given pa
On Tue, 2006-03-14 at 07:34 -0800, Shahms King wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Daniel J Walsh wrote:
> > Orion Poplawski wrote:
> >
> >> I there some docs (FAQ/ReleaseNotes?) that describe how to make
> >> changes to policy in FC5?
> >>
> > http://fedoraproject.org/wi
Once upon a time, Ivan Gyurdiev said:
> cp has supported selinux for quite some time now.
The fact that it "supports" SELinux by adding a new option doesn't
really help. People know "cp -p" to preserve ownership and permissions,
but you have to use (the annoyingly verbose) "cp --preserve=all" to
Once upon a time, Bill Nottingham said:
> Harald Hoyer (har...@redhat.com) said:
> > What do you think about the attached patch to ifup-wireless? Works for me :)
>
> This should really be done in NM.
NM doesn't support system network configuration; only when a user logs
in will NM work. That i
Quoting Bojan Smojver :
Stopping tasks: =
Just before that, the keyboard/touchpad gets initialised, so maybe I'm
hitting this:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8bd0ee93fef9733c72fef1817330b3ee2b71cf9d
--
Bojan
On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> Harald Hoyer (har...@redhat.com) said:
> > What do you think about the attached patch to ifup-wireless? Works for me :)
> This should really be done in NM.
Some of us would prefer to avoid being plagued by NM. It
(wpa_supplican
Bill Crawford wrote:
Ralf Ertzinger wrote:
Hi.
On Wed, 8 Mar 2006 17:04:09 +0100, Patrice Dumas wrote:
[du...@nor75-15-82-67-190-22 include]$ rpm
-qf /usr/X11R6/include/Mrm/MrmAppl.h openmotif-devel-2.3.0-0.1.9.2
[du...@nor75-15-82-67-190-22 include]$ rpm -qf /usr/X11R6/include/Mrm/
file
On Wednesday, 15 March 2006 at 00:02, Michael H. Warfield wrote:
> On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> > Harald Hoyer (har...@redhat.com) said:
> > > What do you think about the attached patch to ifup-wireless? Works for me
> > > :)
>
> > This should really be done in NM.
On Wed, 2006-03-15 at 02:02 +0100, Dominik 'Rathann' Mierzejewski wrote:
> On Wednesday, 15 March 2006 at 00:02, Michael H. Warfield wrote:
> > On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> > > Harald Hoyer (har...@redhat.com) said:
> > > > What do you think about the attached patch
On Tue, 2006-03-14 at 18:48 +0100, Gianluca Sforna wrote:
> may I use mock to test compilation of the 64bit variant of a rpm using
> my regular 32bit centrino laptop?
>
No. Generally speaking, you can build and run 32-bit code on a 64-bit
systems, but not vice-versa.
--
Peter Gordon (codergeek42)
Chris Adams (cmad...@hiwaay.net) said:
> > > What do you think about the attached patch to ifup-wireless? Works for me
> > > :)
> >
> > This should really be done in NM.
>
> NM doesn't support system network configuration; only when a user logs
> in will NM work. That is supposed to change eve
Michael H. Warfield (m...@wittsend.com) said:
> Some of us would prefer to avoid being plagued by NM. It
> (wpa_supplicant) works just fine, independent of NM and I've just got it
> hooked in the bottom of the ifup scripts as they describe doing on the
> project site. So far, I haven't fou
On Wed, 2006-03-15 at 02:02 +0100, Dominik 'Rathann' Mierzejewski wrote:
> On Wednesday, 15 March 2006 at 00:02, Michael H. Warfield wrote:
> > On Tue, 2006-03-14 at 12:26 -0500, Bill Nottingham wrote:
> > > Harald Hoyer (har...@redhat.com) said:
> > > > What do you think about the attached patch
On Tue, 2006-03-14 at 21:51 -0500, Bill Nottingham wrote:
> Chris Adams (cmad...@hiwaay.net) said:
> > > > What do you think about the attached patch to ifup-wireless? Works for
> > > > me :)
> > >
> > > This should really be done in NM.
> >
> > NM doesn't support system network configuration;
On Tue, 2006-03-14 at 21:52 -0500, Bill Nottingham wrote:
> Michael H. Warfield (m...@wittsend.com) said:
> > Some of us would prefer to avoid being plagued by NM. It
> > (wpa_supplicant) works just fine, independent of NM and I've just got it
> > hooked in the bottom of the ifup scripts as t
74 matches
Mail list logo