Removing vm86 support?

Hi- I'm asking here because Fedora seems to one of few distros that enables CONFIG_VM86 on 32-bit kernels. Would anyone object if the upstream kernel (and hence Fedora) removed vm86 support? This would break 16-bit real mode programs under dosemu. It would have no effect on 16-bit protected mod

Re: Removing vm86 support?

On Wed, Jul 8, 2015 at 6:48 AM, Adam Jackson wrote: > On Tue, 2015-07-07 at 16:20 -0700, Andrew Lutomirski wrote: > >> I'm asking here because Fedora seems to one of few distros that >> enables CONFIG_VM86 on 32-bit kernels. >> >> Would anyone object if th

Re: Granting a capability to a service

On Jul 18, 2015 1:42 AM, "Florian Weimer" wrote: > > Let's assume I want to start a service as an ordinary user, but allow to > bind it to a privileged port. The program implementing the service does > not manipulate capabilities in any way. > > I came up with with this system unit for testing pu

Re: Granting a capability to a service

On Jul 20, 2015 4:20 AM, "Florian Weimer" wrote: > > On 07/18/2015 03:53 PM, Andrew Lutomirski wrote: > > > Nothing. Inheritable capabilities are nearly useless. > > Wow. > > The program that sparked this thread is a Go program. So basically, we > hav

Re: Granting a capability to a service

On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: > > On 07/20/2015 05:59 PM, Steve Grubb wrote: > > > Today, any application that wants to manipulate capabilities needs to be > > capability aware. > > The application does not want to manipulate capabilities. I do not want > to run it as full roo

Re: Granting a capability to a service

On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: > On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: >> On Jul 20, 2015 11:05 AM, "Florian Weimer" wrote: >> > On 07/20/2015 05:59 PM, Steve Grubb wrote: >> > > Today, any application that w

Re: Granting a capability to a service

On Mon, Jul 20, 2015 at 2:34 PM, Steve Grubb wrote: > On Monday, July 20, 2015 12:45:28 PM Andrew Lutomirski wrote: >> On Mon, Jul 20, 2015 at 12:26 PM, Steve Grubb wrote: >> > On Monday, July 20, 2015 11:09:39 AM Andrew Lutomirski wrote: >> >> On Jul 20, 2015 11:

Re: Granting a capability to a service

On Jul 21, 2015 4:18 AM, "Florian Weimer" wrote: > > On 07/20/2015 07:30 PM, Andrew Lutomirski wrote: > > >> (b) Make a copy of the file, put it in a directory which only the > >> service user can read (or ship it with 750 permissions and the service >

Re: Granting a capability to a service

On Wed, Jul 22, 2015 at 1:22 PM, Lennart Poettering wrote: > What's worse is that in kernels before 2.6.24 passing caps across > exec() actually worked fine. Kernel broke API heavily in this regard > by introducing fcaps and altering the caps inheritance logic then. Are you sure? I don't recall

Re: Granting a capability to a service

On Wed, Jul 22, 2015 at 1:25 PM, Lennart Poettering wrote: > On Mon, 20.07.15 13:20, Florian Weimer (fwei...@redhat.com) wrote: > >> (d) Change the Go program to optionally drop capabilities and switch the >> user. Do not use fscaps, and keep running it as full root initially. >> This is the clea

Re: [HEADS-UP] Please test kdbus in Rawhide!

On Thu, Jul 30, 2015 at 11:20 AM, Josh Boyer wrote: > On Thu, Jul 30, 2015 at 2:05 PM, Stephen Gallagher > wrote: >> On Thu, 2015-07-30 at 19:57 +0200, Lennart Poettering wrote: >>> Heya! >>> >>> I'd like to ask everybody to test kdbus on Rawhide. Josh thankfully >>> added it to the Rawhide kern

Re: Is it time to allow Chromium in Fedora?

On Tue, Aug 11, 2015 at 12:12 PM, Chris Murphy wrote: > On Tue, Aug 11, 2015 at 12:41 PM, Gerald B. Cox wrote: >> https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries > > Meanwhile, on OS X I was already given notification of Firefox being > updated to 40.0.0 just a bit ago. And while I

Re: Firefox addon signing

On Fri, Aug 28, 2015 at 12:18 AM, Martin Stransky wrote: > On 08/27/2015 04:40 PM, Alexander Ploumistos wrote: >> >> Aren't the addons that we ship in fedora a bunch of text files zipped >> in an xpi archive? It is kind of awkward to send them back and forth, >> but if there are no other binaries,

Re: Disable PulseAudio flat volumes to prevent it from pushing volume level to max

On Thu, Sep 17, 2015 at 11:59 AM, Germano Massullo wrote: > > Today I had a scary experience with the audio of my computer. > I was listening to music with Amarok, using my headphones... The KMix volume > level was ~ 35%. When I logged into a video conference application, the > volume suddenly rea

Re: 22: nfs = long boot delay

On Aug 14, 2014 12:11 PM, "J. Bruce Fields" wrote: > > On Tue, Aug 12, 2014 at 12:58:13AM -0400, Felix Miata wrote: > > Why when nothing is automounting nfs either as client or server does boot > > not proceed to completion without a 2+ minute pause while nfs-server fails > > to start? > > Sounds

Re: 22: nfs = long boot delay

On Thu, Aug 14, 2014 at 2:25 PM, Felix Miata wrote: > On 2014-08-14 12:36 (GMT-0700) Andrew Lutomirski composed: > > >> J. Bruce Fields wrote: > > >>> On Tue, Aug 12, 2014 at 12:58:13AM -0400, Felix Miata wrote: > > >>>> Why when nothing is

Re: 22: nfs = long boot delay

[resend -- I hate gmail] On Fri, Aug 15, 2014 at 7:19 AM, Felix Miata wrote: > On 2014-08-14 14:33 (GMT-0700) Andrew Lutomirski composed: > >> Felix Miata wrote: > >>> On 2014-08-14 12:36 (GMT-0700) Andrew Lutomirski composed: > >>>> J. Bruce Fields wrote

Re: /media -> /run/media???

On Aug 15, 2014 7:21 PM, "Nico Kadel-Garcia" wrote: > > On Fri, Aug 15, 2014 at 9:47 AM, Ondrej Vasik wrote: > > On Fri, 2014-08-15 at 08:07 -0400, Nico Kadel-Garcia wrote: > >> On Thu, Aug 14, 2014 at 11:49 AM, Michal Schmidt wrote: > >> > On 08/14/2014 12:17 PM, Matthew Miller wrote: > >> >> O

Re: Systemd boot issue

On Sep 11, 2014 1:51 AM, "P J P" wrote: > >Hello Chris, > > > On Wednesday, 10 September 2014 9:15 PM, Chris Murphy wrote: > > Well I have no idea what's on the screen at the time of the hang. Maybe a > > cell phone photo would be useful. Or maybe you should use the debug kernel which > > was

New package Koji / Bodhi oddities?

Hi- I have a new package. I just got this error: Package: virtme NVR: virtme-0.0.1-1.fc22 User: pbrobinson Status: failed Tag Operation: tagged Into Tag: f22 virtme-0.0.1-1.fc22 unsuccessfully tagged into f22 by pbrobinson Operation failed with the error: : build virtme-0.0.1-1.fc22 already

Re: Latest F-21 updates cause non-booting system on some Haswel systems + workaround

On Fri, Sep 26, 2014 at 11:37 AM, Hans de Goede wrote: > Hi All, > > Just spend some time debugging this and thought I should share this, see: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762195 > > for details, I've filed a bug to track fixing this in Fedora: > > https://bugzilla.redhat.

Re: Latest F-21 updates cause non-booting system on some Haswel systems + workaround

On Fri, Sep 26, 2014 at 11:58 AM, Josh Boyer wrote: > On Fri, Sep 26, 2014 at 2:53 PM, Andrew Lutomirski wrote: >> On Fri, Sep 26, 2014 at 11:37 AM, Hans de Goede wrote: >>> Hi All, >>> >>> Just spend some time debugging this and thought I should share this,

Re: Latest F-21 updates cause non-booting system on some Haswel systems + workaround

On Fri, Sep 26, 2014 at 12:16 PM, Josh Boyer wrote: > On Fri, Sep 26, 2014 at 3:05 PM, Andrew Lutomirski wrote: >> On Fri, Sep 26, 2014 at 11:58 AM, Josh Boyer >> wrote: >>> On Fri, Sep 26, 2014 at 2:53 PM, Andrew Lutomirski wrote: >>>> On Fri, Sep

Re: Request for testers: glibc update to work around Intel TSX errata microcode_ctl problems.

On Sep 28, 2014 12:25 PM, "Reindl Harald" wrote: > > > Am 28.09.2014 um 21:15 schrieb drago01: > > On Sun, Sep 28, 2014 at 8:17 PM, Reindl Harald wrote: > >> > >> Am 28.09.2014 um 20:13 schrieb Carlos O'Donell: > >>> On 09/28/2014 01:24 PM, drago01 wrote: > On Sun, Sep 28, 2014 at 6:49 PM, C

Re: The Poodlebleed Bug

On Wed, Oct 15, 2014 at 9:00 AM, Sérgio Basto wrote: > this site > http://poodlebleed.com/ > > says that my server with F19 is vulnerable > > any news about this ? Poodlebleed? For Pete's sake. The attack is called POODLE, and it's much more likely to be an attack against a client instead of an

Re: fedora 21 lets me install packages without root

On Mon, Oct 20, 2014 at 10:25 AM, drago01 wrote: > On Mon, Oct 20, 2014 at 7:00 PM, Reindl Harald wrote: >> >> Am 20.10.2014 um 18:10 schrieb Stephen John Smoogen: >>> >>> On 20 October 2014 07:45, Matthew Miller >> > wrote: >>> >>> On Mon, Oct 20, 2014 at 06:

U2F and a review swap?

Has Fedora considered supporting U2F for its infrastructure. IMO it's *much* nicer than standard Yubikeys. On a related note, I will gladly swap a review for libu2f-host: https://bugzilla.redhat.com/show_bug.cgi?id=1155826 --Andy -- devel mailing list devel@lists.fedoraproject.org https://admi

Re: Cron jobs output are sent to the network by default

On Oct 29, 2014 11:33 AM, "Miloslav Trmač" wrote: > > - Original Message - > > I created a new bug [1] that explains that ssmtp is sending all cron > > jobs output to an external SMTP server. I marked it as a security bug, > > the security tag was removed and it was recommend to make it pu

Requiring all files in /usr to be world-readable?

I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467 Thoughts? -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct

Re: Requiring all files in /usr to be world-readable?

On Fri, Oct 31, 2014 at 10:59 AM, Miloslav Trmač wrote: > - Original Message - >> I filed an FPC ticket: https://fedorahosted.org/fpc/ticket/467 >> >> Thoughts? > > My intuition is that if an application needs _everything_ in /usr to be > readable then it is likely broken. Something bein

Re: Requiring all files in /usr to be world-readable?

On Tue, Nov 4, 2014 at 8:42 AM, Miloslav Trmač wrote: > Hello, > - Original Message - >> On Mon, 03.11.14 09:13, Miloslav Trmač (m...@redhat.com) wrote: >> > Hello, >> > - Original Message - >> > > On Fri, 31.10.14 10:04, Andrew Lutomirs

Re: Porting initramfs-tools to dracut

On Tue, Nov 4, 2014 at 5:35 PM, Saurabh Kulkarni wrote: > Hi there, > > So I've been working on a project that requires me to have my own custom > initrd. The doc I'm following is specialized for ubuntu, so it makes use of > mkinitramfs to create initrd, and uses initramfs-tools/scripts and > init

Re: Porting initramfs-tools to dracut

ture, it goes in the script. --Andy > > Best, > Saurabh > > On Tue, Nov 4, 2014 at 5:42 PM, Andrew Lutomirski wrote: >> >> On Tue, Nov 4, 2014 at 5:35 PM, Saurabh Kulkarni wrote: >> > Hi there, >> > >> > So I've been working on a project that

Re: /boot on Btrfs still not supported, main problem is anaconda and grubby

On Fri, Mar 20, 2015 at 10:58 AM, drago01 wrote: > On Fri, Mar 20, 2015 at 6:22 PM, Chris Murphy wrote: >> On Fri, Mar 20, 2015 at 7:20 AM, Josef Bacik wrote: >>> Cool so then we use grubby for these other cases and use the grub2 >>> stuff for the grub2 case which covers the majority of installs

Re: /boot on Btrfs still not supported, main problem is anaconda and grubby

On Fri, Mar 20, 2015 at 12:06 PM, Chris Murphy wrote: > On Fri, Mar 20, 2015 at 11:26 AM, Josef Bacik wrote: >> Seems like it's easier to just ditch grubby than patch it, if it takes >> years to merge patches to provide simple functionality that other >> distro's already have then we just need to

Re: hibernation support - lack of distro-wide coordination between systemd, dracut, anaconda, pm-utils and maybe more?

On Mon, Apr 13, 2015 at 3:09 AM, Jaroslav Skarvada wrote: > > > - Original Message - >> On 01.04.2015 10:29, Jaroslav Skarvada wrote: >> >>> pm-hibernate is obsolete as others already mentioned. >> >> >> >> Do the pm-utils maintainers/upstream know this? >> >> >> > >> > Hi, >> > >> > I am

Re: [Bug 1201978] dracut assumes BIOS time is UTC closed without fixing again

On Thu, Apr 30, 2015 at 5:11 PM, Adam Williamson wrote: > On Thu, 2015-04-30 at 19:45 -0400, Felix Miata wrote: >> Adam Williamson composed on 2015-04-30 16:37 (UTC-0700): >> >> > I'd prefer objective analysis over anecdata. poettering's >> > contention >> > is : >> >> > i) there is only a problem

Re: F23 System Wide Change: Default Local DNS Resolver

On Mon, Jun 1, 2015 at 11:02 AM, Reindl Harald wrote: > > Am 01.06.2015 um 19:55 schrieb Jason L Tibbitts III: >>> >>> "RSB" == Ryan S Brown writes: >> >> >> RSB> I disagree; for server & cloud deployments it doesn't make sense to >> RSB> duplicate a DNS server on *every* host, and if you

Re: F23 System Wide Change: Default Local DNS Resolver

On Mon, Jun 1, 2015 at 12:25 PM, Ryan S. Brown wrote: > On 06/01/2015 01:55 PM, Jason L Tibbitts III wrote: >>> "RSB" == Ryan S Brown writes: >> >> RSB> I disagree; for server & cloud deployments it doesn't make sense to >> RSB> duplicate a DNS server on *every* host, and if you care about >>

Re: F23 System Wide Change: Default Local DNS Resolver

On Mon, Jun 1, 2015 at 12:29 PM, Chris Adams wrote: > Once upon a time, Andrew Lutomirski said: >> I'm with Jason here. Glibc's resolver is amazingly buggy, and things >> break randomly and unreproducibly when this happens. A good setup >> would have a lo

Re: F23 System Wide Change: Default Local DNS Resolver

On Mon, Jun 1, 2015 at 1:42 PM, drago01 wrote: > On Mon, Jun 1, 2015 at 9:28 PM, Andrew Lutomirski wrote: >> On Mon, Jun 1, 2015 at 12:25 PM, Ryan S. Brown wrote: >>> On 06/01/2015 01:55 PM, Jason L Tibbitts III wrote: >>>>>>>>> "RSB"

Re: F23 System Wide Change: Default Local DNS Resolver

On Tue, Jun 2, 2015 at 2:44 AM, Florian Weimer wrote: > On 06/01/2015 10:57 PM, Andrew Lutomirski wrote: > >> This is glibc we're talking about, though. Have you tried to get a >> glibc bug fixed? It's not a pleasant experience. > > It is possible, but it requi

Re: F23 System Wide Change: Default Local DNS Resolver

On Thu, Jun 11, 2015 at 1:48 PM, Dan Williams wrote: > On Tue, 2015-06-09 at 12:30 -0400, Matthew Miller wrote: >> On Tue, Jun 09, 2015 at 11:34:39AM -0400, Paul Wouters wrote: >> > decision needs to then be made by the system. I believe that's been >> > mostly due to lack of time for the various

Re: F23 System Wide Change: Default Local DNS Resolver

On Fri, Jun 12, 2015 at 10:17 AM, Dan Williams wrote: > On Fri, 2015-06-12 at 00:48 -0400, Paul Wouters wrote: >> 2) NM/dnssec-trigger does the HTTP and DNS probing and prompting using >> a dedicated container and any DNS requests in that container are >> thrown away with the container onc

Re: F23 System Wide Change: Default Local DNS Resolver

On Fri, Jun 12, 2015 at 10:33 AM, Dan Williams wrote: > On Thu, 2015-06-11 at 14:41 -0700, Andrew Lutomirski wrote: >> On Thu, Jun 11, 2015 at 1:48 PM, Dan Williams wrote: >> > On Tue, 2015-06-09 at 12:30 -0400, Matthew Miller wrote: >> >> On Tue, Jun 09, 2015 at

Re: F23 System Wide Change: Default Local DNS Resolver

On Fri, Jun 12, 2015 at 3:32 PM, Michael Catanzaro wrote: > On Fri, 2015-06-12 at 11:19 -0700, Andrew Lutomirski wrote: >> It wouldn't really have to be Firefox, but getting the browser chrome >> right to avoid trivial phishing attacks is critical, and all real >> brows

Re: GNOME captive portal helper (was Re: F23 System Wide Change: Default Local DNS Resolver)

On Jun 13, 2015 4:28 AM, "Michael Catanzaro" wrote: > > On Fri, 2015-06-12 at 15:49 -0700, Andrew Lutomirski wrote: > > > > > But that's not even right. Suppose you have a captive portal that > > wants you to log in via your Google account. It can s

Re: GNOME captive portal helper (was Re: F23 System Wide Change: Default Local DNS Resolver)

On Mon, Jun 15, 2015 at 12:07 PM, Paul Wouters wrote: > On Mon, 15 Jun 2015, Stephen John Smoogen wrote: > >> Is the code on how ChromeOS or Android detects captivity part of the >> 'public' code? It seems to do a 'good' job in finding many captive >> portals so might be something to get an idea o

Re: GNOME captive portal helper (was Re: F23 System Wide Change: Default Local DNS Resolver)

On Mon, Jun 15, 2015 at 3:02 PM, Miloslav Trmač wrote: > Hello, > > On Jun 13, 2015 4:28 AM, "Michael Catanzaro" wrote: >> On Fri, 2015-06-12 at 15:49 -0700, Andrew Lutomirski wrote: >> > > >> > But that's not even right. Suppose you have a ca

Audit overhead and default rules

On a default Fedora installation, every system call incurs a fair amount of overhead due to syscall auditing. This happens despite the fact that syscalls aren't actually audited, except as part of AVC denials. The overhead is something like 20-40ns per syscall, and the total time to do a simple s

Re: Audit overhead and default rules

On Mon, Feb 10, 2014 at 12:06 PM, Steve Grubb wrote: > On Monday, February 10, 2014 11:05:38 AM Andrew Lutomirski wrote: >> On a default Fedora installation, every system call incurs a fair >> amount of overhead due to syscall auditing. This happens despite the >> fact

Re: Audit overhead and default rules

On Mon, Feb 10, 2014 at 12:26 PM, Steve Grubb wrote: > On Monday, February 10, 2014 12:10:27 PM Andrew Lutomirski wrote: >> On Mon, Feb 10, 2014 at 12:06 PM, Steve Grubb wrote: >> > On Monday, February 10, 2014 11:05:38 AM Andrew Lutomirski wrote: >> >> On a defa

Re: Audit overhead and default rules

On Mon, Feb 10, 2014 at 1:02 PM, Steve Grubb wrote: > On Monday, February 10, 2014 12:41:08 PM Andrew Lutomirski wrote: >> >> There are, indeed, many ways for me to fix this on my machine. I'm >> >> suggesting that Fedora change the default so that no one has &g

yum upgrade creates /var/run/nologin

This has happened twice now. I run 'yum upgrade' and, all of a sudden, /var/run/nologin exists. It contains a message telling me that my system is still booting. This is, of course, a lie -- the system has been up for quite a while, *and I'm logged in with the screen locked*. This is rather imp

Re: Packages with missing %check

On Tue, Feb 25, 2014 at 2:38 PM, Richard W.M. Jones wrote: > On Tue, Feb 25, 2014 at 03:45:51PM +0100, Matthias Runge wrote: >> On Tue, Feb 25, 2014 at 08:50:18AM -0500, Adam Jackson wrote: >> > On Tue, 2014-02-25 at 12:45 +0200, Alexander Todorov wrote: >> > >> > > 1) Do we consider this a bug an

Re: F21 System Wide Change: System-wide crypto policy

On Thu, Feb 27, 2014 at 9:22 AM, Jaroslav Reznik wrote: > = Proposed System Wide Change: System-wide crypto policy = > https://fedoraproject.org/wiki/Changes/CryptoPolicy > > Change owner(s): Nikos Mavrogiannopoulos > > Unify the crypto policies used by different applications and libraries. That

Re: F21 System Wide Change: System-wide crypto policy

On Thu, Feb 27, 2014 at 10:49 AM, Nikos Mavrogiannopoulos wrote: > On Thu, 2014-02-27 at 10:12 -0700, Andrew Lutomirski wrote: >> > == Detailed Description == >> > The idea is to have some predefined security levels such as LEVEL-80, >> > LEVEL-128, LEVEL-256, >

Re: F21 System Wide Change: System-wide crypto policy

On Thu, Feb 27, 2014 at 10:26 AM, Stephen John Smoogen wrote: > > > > On 27 February 2014 10:58, Andrew Lutomirski wrote: >> >> >> > We have to document that, but there will be always ways to shoot >> > someones foot. There are legitimate uses of in

Re: F21 System Wide Change: System-wide crypto policy

On Fri, Feb 28, 2014 at 2:52 AM, Nikos Mavrogiannopoulos wrote: > On Thu, 2014-02-27 at 10:58 -0700, Andrew Lutomirski wrote: > >> >> - LEVEL-256 provides well under 256-bit security. >> - This is fine because no one actually needs 256-bit security. >> >> S

Re: F20: what connects the lid switch to triggering suspend?

On Thu, Mar 13, 2014 at 3:07 PM, Martin Langhoff wrote: > My Lenovo X220, running up-to-date F20 occasionally gets into a state where > closing the laptop lid does not trigger suspend. > > I want to narrow down on the problem, but I'm slightly lost on how > "the signal is routed" through the stack

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Tue, Mar 18, 2014 at 5:19 PM, Lennart Poettering wrote: > On Tue, 18.03.14 15:07, Chris Murphy (li...@colorremedies.com) wrote: > >> > Fedora takes a different approach though, and will mount an explicit >> > boot partition to /boot and the ESP to /boot/efi, and do so >> > unconditionally witho

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Tue, Mar 18, 2014 at 6:07 PM, Adam Williamson wrote: > On Tue, 2014-03-18 at 17:27 -0700, Andrew Lutomirski wrote: >> On Tue, Mar 18, 2014 at 5:19 PM, Lennart Poettering >> wrote: >> > On Tue, 18.03.14 15:07, Chris Murphy (li...@colorremedies.com) wrote: >> >

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Wed, Mar 19, 2014 at 3:53 PM, Lennart Poettering wrote: > On Wed, 19.03.14 13:13, Chris Murphy (li...@colorremedies.com) wrote: > >> I agree, although I go farther. The EFI System partition doesn't >> scale, isn't resilient, can neither be mirrored nor easily sync'd >> (multidevice boot). It sh

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Thu, Mar 20, 2014 at 9:32 AM, Przemek Klosowski wrote: > On 03/20/2014 01:21 AM, Chris Murphy wrote: >> You can in theory just have a bunch of RAID-1 (mirrored) ESPs, because >> of how RAID-1 works; each individual member can also be mounted as if it >> was just a plain old partition, which is

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Thu, Mar 20, 2014 at 10:01 AM, Adam Williamson wrote: > On Thu, 2014-03-20 at 12:32 -0400, Przemek Klosowski wrote: > >> Adam's scheme is the only possibility. > >> Adam's raid1 /boot just seems more >> reliable, especially if it became a designed feature. > > It's not my plan, it's the anacond

Re: rfc: EFI System partition, FAT32, repair and non-persistent mount

On Thu, Mar 20, 2014 at 10:07 AM, Andrew Lutomirski wrote: > On Thu, Mar 20, 2014 at 10:01 AM, Adam Williamson wrote: >> Sure, UEFI has the capability, but it's not going to be used when simply >> booting the system normally. All the firmware does in that case is mount

Re: [CHANGE PROPOSAL] The securetty file is empty by default

On Thu, Apr 3, 2014 at 2:46 PM, Przemek Klosowski wrote: > On 04/03/2014 10:32 AM, quickbooks office wrote: > > "3.1.4.2.2. Disabling Root Logins > > To further limit access to the root account, administrators can > disable root logins at the console by editing the /etc/securetty file. > > This is

Reinstalling the bootloader

Once upon a time (Fedora 15? -- I've lost track), it was possible to reinstall the bootloader using grub-install. Nowadays it's a clusterfsck. I've managed to screw up my bootloader. Is there a way to reinstall it without reinstalling the world? Would it make sense to split the whole bootloader

Re: Reinstalling the bootloader

On Apr 3, 2014 7:18 PM, "Reindl Harald" wrote: > > > > Am 04.04.2014 03:08, schrieb Andrew Lutomirski: > > Once upon a time (Fedora 15? -- I've lost track), it was possible to > > reinstall the bootloader using grub-install. > > besides that it is the

Re: Reinstalling the bootloader

On Thu, Apr 3, 2014 at 8:09 PM, Ankur Sinha wrote: > On Thu, 2014-04-03 at 18:08 -0700, Andrew Lutomirski wrote: >> Once upon a time (Fedora 15? -- I've lost track), it was possible to >> reinstall the bootloader using grub-install. > > Just wondering if you'v

Re: Reinstalling the bootloader

On Mon, Apr 7, 2014 at 5:16 PM, Adam Williamson wrote: > On Thu, 2014-04-03 at 19:44 -0700, Andrew Lutomirski wrote: >> On Apr 3, 2014 7:18 PM, "Reindl Harald" wrote: >> > >> > >> > >> > Am 04.04.2014 03:08, schrieb Andrew Lutomirski: >

Re: Reinstalling the bootloader

On Tue, Apr 8, 2014 at 7:41 PM, Chris Murphy wrote: > > You need to install or reinstall grub2-efi and shim packages. Aha, a correct answer! Thanks! Based on this hint, I think I figured it out. I updated the wiki accordingly. Can you take a quick look at: https://fedoraproject.org/wiki/GRUB_

Re: default local DNS caching name server

On Sat, Apr 12, 2014 at 5:18 PM, William Brown wrote: > >> Now can we go back to actually discussion technical arguments again? > > Actually no. > > This whole thread has forgotten one major thing ... use cases. > > Proposal is to add a local caching DNS server to fedora systems. This > may or may

Re: F21 System Wide Change: The securetty file is empty by default

On Mon, Apr 14, 2014 at 6:50 AM, Michel Alexandre Salim wrote: > On 04/11/2014 11:18 PM, Jaroslav Reznik wrote: >> - Original Message - >>> = Proposed System Wide Change: The securetty file is empty by default = >>> https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default

Re: default local DNS caching name server

On Mon, Apr 14, 2014 at 9:06 AM, Dan Williams wrote: > On Mon, 2014-04-14 at 12:00 -0400, Paul Wouters wrote: >> On Mon, 14 Apr 2014, Dan Williams wrote: >> >> > But another scenario I've seen: older Netgear routers which intercept >> > "www.routerlogin.net" as the setup page. The instructions l

Re: Reinstalling the bootloader

On Mon, Apr 14, 2014 at 2:55 PM, Chris Murphy wrote: > > On Apr 9, 2014, at 12:59 PM, Andrew Lutomirski wrote: > >> On Tue, Apr 8, 2014 at 7:41 PM, Chris Murphy wrote: >>> >>> You need to install or reinstall grub2-efi and shim packages. >> >> Aha, a

Re: Reinstalling the bootloader

On Mon, Apr 14, 2014 at 3:14 PM, Chris Murphy wrote: > > On Apr 14, 2014, at 4:04 PM, Andrew Lutomirski wrote: >>> >>> Create a boot menu entry can be skipped if it's not a dual boot system. >>> /boot/efi/EFI/BOOT contains shim.efi as bootx64.efi which is r

Re: F21 System Wide Change: Workstation: Disable firewall

On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald wrote: > > Am 15.04.2014 16:28, schrieb Christian Schaller: > >> There was a long thread about this on the desktop mailing list, and I was >> not in the 'disable the firewall' camp in that discussion, but nobody in >> that thread or here have articula

rpcbind is enabled by default, and gnome-boxes requires it

I don't know whether this should be a gnome-boxes bug, an rpcbind bug, or a FESCo ticket, or something else, so I'm asking here. rpcbind enables itself by default. This page says that it has a specific exception, so it's okay: https://fedoraproject.org/wiki/Starting_services_by_default I assume

Re: F21 System Wide Change: Workstation: Disable firewall

On Tue, Apr 15, 2014 at 9:04 AM, Christopher wrote: > On Tue, Apr 15, 2014 at 11:40 AM, Andrew Lutomirski wrote: >> On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald >> wrote: >>> >>> Am 15.04.2014 16:28, schrieb Christian Schaller: >>> >>>

Re: rpcbind is enabled by default, and gnome-boxes requires it

On Tue, Apr 15, 2014 at 9:07 AM, Simo Sorce wrote: > On Tue, 2014-04-15 at 08:47 -0700, Andrew Lutomirski wrote: >> I don't know whether this should be a gnome-boxes bug, an rpcbind bug, >> or a FESCo ticket, or something else, so I'm asking here. >> >> rpc

Re: F21 System Wide Change: Workstation: Disable firewall

On Tue, Apr 15, 2014 at 9:44 AM, Reindl Harald wrote: > > > Am 15.04.2014 17:40, schrieb Andrew Lutomirski: >> On Tue, Apr 15, 2014 at 7:42 AM, Reindl Harald >> wrote: > > >> How about having an API where things like DLNA can simply >> not run unti

Re: rpcbind is enabled by default, and gnome-boxes requires it

On Tue, Apr 15, 2014 at 9:25 AM, Simo Sorce wrote: > On Tue, 2014-04-15 at 09:16 -0700, Andrew Lutomirski wrote: >> On Tue, Apr 15, 2014 at 9:07 AM, Simo Sorce wrote: >> > On Tue, 2014-04-15 at 08:47 -0700, Andrew Lutomirski wrote: >> >> I don't know whether t

Re: F21 System Wide Change: Workstation: Disable firewall

On Tue, Apr 15, 2014 at 10:00 AM, Reindl Harald wrote: > > > Am 15.04.2014 18:51, schrieb Andrew Lutomirski: >> On Tue, Apr 15, 2014 at 9:44 AM, Reindl Harald >> wrote: >>> >>> >>> Am 15.04.2014 17:40, schrieb Andrew Lutomirski: >>>>

Re: Reinstalling the bootloader

On Mon, Apr 14, 2014 at 4:22 PM, Chris Murphy wrote: > > No. Boot entries in NVRAM come first. See UEFI spec 2.4.0, section 3.4.1.2, > and 12.3.1.3 "This directory contains EFI images that aide in recovery if the > boot selections for the software installed on the EFI system partition are > eve

Re: F21 System Wide Change: Workstation: Disable firewall

On Wed, Apr 16, 2014 at 3:58 PM, Matthew Miller wrote: > On Thu, Apr 17, 2014 at 12:55:31AM +0200, Lars Seipel wrote: >> > > Perhaps shorten to: >> > > block >> > > public >> > > work >> > > home >> > That is a much more intuitive default set. >> Is it? What's supposed to be the difference between

Re: When a yum update sets up an MTA ...

On Sun, Apr 20, 2014 at 6:39 PM, Lars Seipel wrote: > Nicely aligning with the current firewall thread I noticed that one of > my machines was running the exim MTA for the last few days, dutifully > listening on all interfaces. > > How did this happen? It turns out that smartmontools intermittentl

Re: When a yum update sets up an MTA ...

On Mon, Apr 21, 2014 at 12:17 AM, Florian Weimer wrote: > On 04/21/2014 03:44 AM, Andrew Lutomirski wrote: >> >> Would it >> make sense to audit all spec files to look for instances of >> 'systemctl.*enable'? > > > I'm attaching the hits f

Mass bug proposal: packages that auto-enable systemd units

Hi all- I propose a mass bug against packages that install services and enable them without using the preset mechanism. Some of these can be security issues if they get installed as dependencies. As a related issue, it may pay to review the default presets. For example, rpcbind is enabled. Thi

Re: Mass bug proposal: packages that auto-enable systemd units

On Tue, Apr 22, 2014 at 12:00 PM, Miloslav Trmač wrote: > Hello, > 2014-04-22 20:50 GMT+02:00 Andrew Lutomirski : > >> If your package has an exception from FESCo permitting it to enable >> itself, > > > Note that many (most?) packages don't need an ind

Re: Mass bug proposal: packages that auto-enable systemd units

On Tue, Apr 22, 2014 at 2:19 PM, "Jóhann B. Guðmundsson" wrote: > > On 04/22/2014 06:50 PM, Andrew Lutomirski wrote: >> >> Hi all- >> >> I propose a mass bug against packages that install services and enable >> them without using the preset mechanis

Re: Mass bug proposal: packages that auto-enable systemd units

On Tue, Apr 22, 2014 at 2:54 PM, "Jóhann B. Guðmundsson" wrote: > > On 04/22/2014 09:32 PM, Andrew Lutomirski wrote: >> >> On Tue, Apr 22, 2014 at 2:19 PM, "Jóhann B. Guðmundsson" >> wrote: >>> >>> > >>> &g

Re: Mass bug proposal: packages that auto-enable systemd units

On Tue, Apr 22, 2014 at 3:14 PM, "Jóhann B. Guðmundsson" wrote: > > On 04/22/2014 10:14 PM, Andrew Lutomirski wrote: >> >> I don't think that fixing the broken packages should need to wait for >> this migration to finish -- there is a security problem now

Re: Mass bug proposal: packages that auto-enable systemd units

On Tue, Apr 22, 2014 at 7:02 PM, Zbigniew Jędrzejewski-Szmek wrote: > On Tue, Apr 22, 2014 at 12:17:10PM -0700, Andrew Lutomirski wrote: >> Examples of "runs once then goes away" services >> include iptables and udev. > I removed udev from this paragraph on the wik

Re: Mass bug proposal: packages that auto-enable systemd units

On Wed, Apr 23, 2014 at 9:06 AM, Kevin Fenzi wrote: > On Wed, 23 Apr 2014 08:49:58 -0700 > Andrew Lutomirski wrote: > >> On Tue, Apr 22, 2014 at 7:02 PM, Zbigniew Jędrzejewski-Szmek >> wrote: >> > On Tue, Apr 22, 2014 at 12:17:10PM -0700, Andrew Lutomirski wrote

Re: When a yum update sets up an MTA ...

On Mon, Apr 21, 2014 at 12:17 AM, Florian Weimer wrote: > On 04/21/2014 03:44 AM, Andrew Lutomirski wrote: >> >> Would it >> make sense to audit all spec files to look for instances of >> 'systemctl.*enable'? > > > I'm attaching the hits f

Mass bug: packages should not auto-enable systemd units

Hi everyone- This is a notice in accordance with the mass bug filing procedure. A number of packages install systemd units and enable them automatically. They should not. Please update these packages to use the macroized scriptlet (https://fedoraproject.org/wiki/Packaging:ScriptletSnippets#Syst

Re: When a yum update sets up an MTA ...

On Thu, Apr 24, 2014 at 2:00 AM, Florian Weimer wrote: > On 04/24/2014 01:57 AM, Andrew Lutomirski wrote: >> >> On Mon, Apr 21, 2014 at 12:17 AM, Florian Weimer >> wrote: >>> >>> On 04/21/2014 03:44 AM, Andrew Lutomirski wrote: >>>> >>&g

Re: default local DNS failover solution needed, nscd?

On Fri, Apr 25, 2014 at 3:51 PM, Chuck Anderson wrote: > I'm starting a new thread to clarify and emphasize the problem I'm > actually trying to solve. Here is the problem restated as I posted it > to the dns-operations list: > > - > Is it really expected that the first DNS server listed in >

Re: F21 System Wide Change: Default Local DNS Resolver

On Tue, Apr 29, 2014 at 8:18 AM, Chuck Anderson wrote: > On Tue, Apr 29, 2014 at 05:15:57PM +0200, Alexander Larsson wrote: >> On tis, 2014-04-29 at 14:15 +0200, Jaroslav Reznik wrote: >> > = Proposed System Wide Change: Default Local DNS Resolver = >> > https://fedoraproject.org/wiki/Changes/Def

  1   2   3   4   >