a labeling system
Great article by Dan Walsh about #SELinux and using labels.
On the SELinux mail list today, someone asked: I want to store the logs from openswan into a different file ( /var/log/ipsec ) than the default. For this purpose I added plutostderrlog=/var/log/ipsec to ipsec.conf. As long as I keep the server in permissive mode, openswan…
KISS
Last week I have read this blog post from last summer about #systemd and what philosophically changes happening in the basic concepts of Linux.
I think it has some really intersting points and mostly I agree with it. Yesterday I came across another interesting blog post by Lennart Poettering which is explaining some myths about systemd.
I haven't done much with systemd yet, but his points sound reasonable and as a sysadmin I can understand it good and would like to have some of these features, too. But I think it is really a more philosophically question and I am quite ambivalent. I really love #Slackware for its #KISS principles and use it since many years because of this. But I also like working with #SELinux, #Kerberos and I also see some benefits for systemd.
It is also intersting to look at developments like #TYPO3 #Flow with a very strong Convention over configuration pattern which is also following KISS principles actually.
Some time ago I came across yet another angry discussion[1] about systemd, and have been reading and thinking a great deal about the design of Systemd, and what it says about Linux. I’ve come to realize that the strife in the Linux community is because an active and well-funded group of developers who have been driving the direction of various co...
I think it has some really intersting points and mostly I agree with it. Yesterday I came across another interesting blog post by Lennart Poettering which is explaining some myths about systemd.
Since we first proposed systemd for inclusion in the distributions it has been frequently discussed in many forums, mailing lists and conferences. In these discussions one can often hear certain myths about systemd, that are repeated over and over again, but certainly don't gain any truth by constant repetition. Let's take the time to debunk a few ...
I haven't done much with systemd yet, but his points sound reasonable and as a sysadmin I can understand it good and would like to have some of these features, too. But I think it is really a more philosophically question and I am quite ambivalent. I really love #Slackware for its #KISS principles and use it since many years because of this. But I also like working with #SELinux, #Kerberos and I also see some benefits for systemd.
It is also intersting to look at developments like #TYPO3 #Flow with a very strong Convention over configuration pattern which is also following KISS principles actually.
Installing #ownCloud 4.5 was very smooth. #Mediagoblin is still not configured correctly. 🙁 Problems with the db connection when accessed through #FastCGI and #SELinux needs some adjustments, too.
SELinux and Apache
Very good article about some common problems with #Apache and #SELinux. Should remember the ability to put a single process type into permissive mode.
Daniel Walsh SELinux is a powerful tool for controlling what applications are allowed to do on your system. SELinux is a labeling system where every process and every object (files, directories, devices, network ports, etc.) gets a label. Then a large rules database, called policy, is loaded into the kernel. The kernel, based on the policy, control...@Lazy Admin
This website is tracked using the Matomo analytics tool. If you do not want that your visits are logged in this way you can set a cookie to prevent Matomo / Piwik from tracking further visits of the site (opt-out).
Klaus Weidenbach
in reply to Klaus Weidenbach • •At least I can register users at my #Mediagoblin instance now. 😀
Just had to add one line to the Apache2 vHost-configuration of Mediagoblin:
SuexecUserGroup [i]mediagoblinuser mediagoblingroup[/i]But after that it got really messy, because of all the requirements of suEXEC in #CentOS that need to be met, like UID > 500, document root must be under /var/www/, etc. Everything that was not met of course.
Still have not looked closer on the SELinux problem and processing of pictures is also not working yet. I get a success message of the upload, but nothing gets displayed or processed as far as I can see.
But it is a lot of hard work to get there. I haven't tried their official deployment with Debian and nginx. Maybe that is easier.