Posts

Posted on

FreeNX and SELinux

As I [mentioned earlier](http://jaredrobinson.com/blog/?p=87), upgrading from Fedora 6 to Fedora 7 broke FreeNX. A temporary solution was to disable SELinux. Here’s what allowed me to re-enable SELinux. First, I read the RHEL 5 SELinux guide to [building a local policy module](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-building-policy-module.html). Next, I ran the following commands, as root:

setenforce Enforcing
/etc/init.d/auditd stop
mv /var/log/audit/audit.log /var/log/audit.log.old
/etc/init.d/auditd start

At this point, I used an NX client to attempt to connect to my server, which failed. Then I did this:

cd /etc/selinux
cat /var/log/audit/audit.log | audit2allow -M freenx
semodule -i freenx.pp

At that point, my NX client allowed me to connect to the server. Here’s the freenx.te file that audit2allow created:

module freenx 1.0;

require {
type unconfined_t;
type lib_t;
class file execmod;
}

#============= unconfined_t ==============
allow unconfined_t lib_t:file execmod;

Posted on

Upgrading from Fedora 6 to Fedora 7

Last night, I completed the easiest Fedora upgrade I’ve ever had, without having to download and boot from a CD/DVD. Here are the instructions I followed:
[http://fedoraproject.org/wiki/YumUpgradeFaq](http://fedoraproject.org/wiki/YumUpgradeFaq)

I did have some unexpected glitches, mostly due to SELinux.

* The pidgin (formerly known as gaim) system tray icon didn’t appear until I deleted my .gconf settings and logged back in. This has the drawback that I had to reconfigure several aspects of my UI. It may be possible to only delete ~/.gconf/apps/panel/applets/systray (or to remove it from the panel manually), then re-add it by right-clicking the panel, selecting “Add to Panel” and chooise “Notification Area”.
* The Dovecot IMAP server wasn’t allowing Thunderbird to connect. I ran ‘yum upgrade’, and it installed an updated SELinux policy pack. After restarting, IMAP services functioned properly.
* HAL didn’t start up. To fix it, I ran ‘touch /.autorelabel’ as root and rebooted. Since then, I’ve learned that using [fixfiles](http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/sec-sel-admincontrol.html#sec-sel-fsrelabel) is a safer approach.
* FreeNX didn’t allow me to connect unless I disable SELinux. Later, I [figured out how](http://jaredrobinson.com/blog/?p=89) to configure SELinux to allow FreeNX.

Posted on

Goodby VMWare, Hello VirtualBox

I’ve been using the freeware VMPlayer and VMware Server for a few years now, and while they function, it’s been a pain to have to recompile kernel modules every time the kernel is updated on my Fedora machines. A big disadvantage of VMWare is that the guests don’t seem to startup when run inside of an NX session, and I can’t run guests “headless” (without a monitor connected) using the free editions.

Based on the recommendation of [Craig Ozancin](http://www.linkedin.com/pub/0/826/810), I’ve tried [Virtual Box](http://www.virtualbox.org/), and I’m pleased with it — it lets me start and stop guests from the command line. I can connect to them using RDP (remote desktop). The new 1.4.0 release includes support for VMWare guest images! VirtualBox hasn’t required me to recompile kernel modules, and it seems to run faster than VMWare.

Goodbye VMware. Hello VirtualBox. What does the future hold? Probably [KVM](http://fedoraproject.org/wiki/Docs/Fedora7VirtQuickStart) (the [kernel-based virtual machine](http://www.phoronix.com/vr.php?view=9066)), which only works with newer Intel and AMD chips containing virtualization instructions.

I later discovered that when I (accidentally) ran the Xen kernel, VirtualBox wouldn’t work. It seems the Xen kernel doesn’t work well with third party virtualization solutions. It’s a good thing I don’t need Xen.

Posted on

HOWTO disable middle-mouse-paste in Linux

A coworker couldn’t stand the fact that, on his linux computer, when he accidentally clicked the mouse wheel, it would paste text. He offered to buy me lunch if I could turn it off. Here’s how we did it. Run the following command:

> xmodmap -e “pointer = 1 25 3 4 5 6 7 8 9”

To persist this behavior, edit ~/.Xmodmap and add
> pointer = 1 25 3 4 5 6 7 8 9

Next annoyance: My coworker uses Eclipse, and wants to hit the F10 key. GTK (the toolkit underneath Gnome) maps F10 to pop up the application menu. In RHEL/CentOS 4, there’s no good way to fix it. On my Fedora 6 machine, I did the following:

> gconftool-2 –get /desktop/gnome/interface/menubar_accel

I saved off the value of that, which was “F10”. Then I ran this:

> gconftool-2 –type string –set /desktop/gnome/interface/menubar_accel “Ctrl-Shift-M”

It also works to use gconf-editor to edit the key /desktop/gnome/interface/menubar_accel.

Posted on

Ethics are about business survival

[Business ethics about survival, leaders told](http://www.deseretnews.com/dn/view2/1,4382,660225718,00.html)

> Ethics aren’t important because they help businesses feel good about themselves… [it] is about staying in business.

> “We don’t ask you to do ethics so you can feel warm and soft and squishy,” Jennings said. “We ask you to do ethics because it is an integral part of long-term business survival. This is the thing you have to stay focused on when the pressure hits. This is the antidote,” [said professor and columnist Marianne Jennings]

[Read more](http://www.deseretnews.com/dn/view2/1,4382,660225718,00.html)

Posted on

Morse Code Tutor

Here’s a morse code tutor I’ve been using. It works on Windows, Linux, Mac and Dos: [http://c2.com/morse/](http://c2.com/morse/)

Posted on

SSH File System (sshfs)

I find that using `scp` to repeatedly copy files to a remote host gets tedious. Setting up NFS or Samba is often either not a viable choice, or is more work than seems warranted. Recently, I started using SSHFS, which I highly recommend. It works well because most servers I connect to support SSH, and therefore, my Linux box can use SSHFS to connect to them. Here are instructions for setting it up on Fedora Linux: [http://fedorasolved.org/server-solutions/sshfs/](http://fedorasolved.org/server-solutions/sshfs/)

Posted on

glibc malloc hooks and TLSF

Recently, I was asked to constrain the memory usage of an application on Linux. Glibc provides hooks for [malloc, free, etc](http://www.gnu.org/software/libc/manual/html_node/Hooks-for-Malloc.html). By the way, the hook functions are responsible to guarantee thread safety — glibc doesn’t do it automatically. I used the malloc hooks in combination with a memory manager that a colleague found: TLSF. There are two implementations:

* [http://tlsf.baisoku.org/](http://tlsf.baisoku.org/) (public domain)
* [http://rtportal.upv.es/rtmalloc/](http://rtportal.upv.es/rtmalloc/) (GPL)

There are benefits and caveats when using a custom memory allocator. TLSF was meant to shine for real-time use, because the overhead of malloc and free are O(1) constant-time operations. On the other hand, TLSF isn’t thread-safe.

Posted on

mtnwestruby: Meta Notes

Mountain West Ruby Conference: Meta Notes
17 March 2007

Setup. When I arrived, the conference organizers were setting up the auditorium
with power extension cables, network cabling, etc. Having a wired network
connection was very nice, although Wi-Fi was available.

Attendance was better on Friday than on Saturday.

Laptops. I’d estimate that nearly half of attendees had Apple laptops. Nearly
half of the presenters used Apple laptops, and of the remainder, half used
Windows and half used Linux.

Editors. Of the presenters that edited code on-the-fly, one used emacs, one used Textmate and the rest used VIM. None used an IDE.

JRuby or Ruby.NET. It seems like my app would become tied to the platform if I
use the libraries from that platform. This would make it difficult to go from
JRuby to Ruby.NET, or visa-versa. Or difficult to move from JRuby or Ruby.NET to
traditional Ruby.