selinux

Dec 01 2008

Upgrading to Fedora 10

As some of you know I run Fedora on my main Laptop, and Ubuntu on my EEE and my office Desktop. My Ubuntu installs were pretty fresh, but my fedora was long due for an upgrade. As after years of abuse (--force --nodeps) it usually is impossible to do a regular upgrade, so my best way out was a quick and fresh install on an isolated root partition. (my /home/ etc live on separate volumes)

Johan tricked me into installing a FC10 x86-64 setup which required some more work than usual, but I`m back in the same state as I was before I started the upgrade. We'll almost .. as I expect I`ll be reinstalling packages I don't daily use on a frequent basis over the next couple of weeks.

I'll dig a bit deeper in my x86_64 struggles later but first I had to tackle the problems I had with stepping my Evolution to a fresh and hopefully more stable version.

Evolution fails to recognise the fact that I have multiple calendars, or got confused.. anyway .. my calendar was empty and I had to recreate them all and import them again one by one.
Luckily the content was still available in .ics

Also Evolution partly forgot about all my email accounts , it remembered their passwords after recreating them, but not their settings.. well. that is if I managed to recreate them all :)
(If I`m not replying to a mail you sent me sinc last thursday.. I might just have forgotten about that email address ..

On to the x86_64 stuff then. Bort pointed me to the
Adobe Labs site that had a working flash plugin. The right symlink in my .mozilla/plugins and the first problem was solved.

There's 2 apps from Google that I sometimes abuse, I don't know why I still use Picasa, there must be plenty of good open source alternatives out there .. however for Google Earth I don't really have a good alternative. bot work (unlike previous Fedora/Googl Earth combinations)

The only thing that annoyed me was Google Earth and selinux , I had to run some chcon s to solve the problems.

  1. chcon -t textrel_shlib_t '/opt/google-earth/libminizip.so'
  2. chcon -t textrel_shlib_t '/opt/google-earth/librender.so'
  3. chcon -t textrel_shlib_t '/opt/google-earth/libauth.so'
  4. chcon -t textrel_shlib_t '/opt/google-earth/libevll.so'
  5. chcon -t textrel_shlib_t '/opt/google-earth/lib*'
  6. chcon -t textrel_shlib_t '/opt/google-earth/libnavigate.so'
  7. chcon -t textrel_shlib_t '/opt/google-earth/liblayer.so'
  8. chcon -t textrel_shlib_t '/opt/google-earth/libmeasure.so'
  9. chcon -t textrel_shlib_t '/opt/google-earth/libbasicingest.so'
  10. chcon -t textrel_shlib_t '/opt/google-earth/libgps.so'
  11. chcon -t textrel_shlib_t '/opt/googleearth/libgooglesearch.so'
  12. chcon -t textrel_shlib_t '/opt/googleearth/libinput_plugin.so'
  13. chcon -t textrel_shlib_t '/opt/google-earth/libflightsim.so'

A couple of more frustrations later and the SELinux config got changed. Afterall .. Life is to short for SELinux.

A must, if you used too have Livna , or FreshRPMS is RPMFusion a merger of the old repositories

Skype seemed to be a bit more difficult. I tried installing the rpm at first but I failed , then I read some tips which suggested to use yum localinstall skype*.rpm

As I`m more of an apt-get user (yes even on CentOS etc) I don't usually try installing packages that way .. but it worked like a charm. Skype started, I could connect to the servers , however a test call reveals no input sound. Maybe if I try again with a headset later.

Anyway, I`m pretty satisfied so far ...

Next step is to get that skype chat integrated in pidgin.. or hope people will realize they have to drop that proprietary tool one day..

Aug 25 2008

SELinux is Dead !

No really it isn't but so isn't AppArmor, altough Russel claims it is. Weird how he totally rewords the OpenSuse statements

From "While our customer experience shows that AppArmor is the best solution for the vast majority of users, applications, and use cases, we want to give all of our users the ability to choose the security framework that’s appropriate for their respective environments and needs. We continue to enable AppArmor as our default Host Intrusion Prevention System......"

To "The next step will be to make SE Linux the default and AppArmor the one that exists in a repository, and the step after that will be to remove AppArmor."

Given Ubuntu's AppArmor adoption I don't see it die that fast ...

The real problem is who uses AppArmor or SELinux, sadly most of the installations I run into have none of both technologies enabled. Most Admins overrule their favourite distro's default config. The reason is pretty obvious as I've heard a lot of intelligent people say "Life Is Too short For SELinux"

So I wonder, how can you die if you never were really alive ?