Category: computing

General computing topics covering everything I deal with or am interested in.

Posted on
by
Having installed CentOS (wikipedia) on a server here, I was surprised to find that, by default, the source repositories were not enabled.
Below are the source repo definitions I use.  Simply create a file called “Centos-Source.repo” (# chmod 644) in /etc/yum.repos.d/ and enable repositories as required (using enabled=1).  Please note that this example is for CentOS version 5 and may differ from any official versions out there.  I offer no warranty… it just works for me.  ;-)

[base-SRPMS]
name=CentOS-$releasever – Base SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/os/SRPMS/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
enabled=1
#released updates
[update-SRPMS]
name=CentOS-$releasever – Updates SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/updates/SRPMS/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
enabled=1
#packages used/produced in the build but not released
[addons-SRPMS]
name=CentOS-$releasever – Addons SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/addons/SRPMS/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
enabled=0
#additional packages that may be useful
[extras-SRPMS]
name=CentOS-$releasever – Extras SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/extras/SRPMS/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
enabled=0
#additional packages that extend functionality of existing packages
[centosplus-SRPMS]
name=CentOS-$releasever – Plus SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/centosplus/SRPMS/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1
#contrib – packages by Centos Users
[contrib-SRPMS]
name=CentOS-$releasever – Contrib SRPMS
baseurl=http://mirror.centos.org/centos/$releasever/contrib/SRPMS/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
priority=1

Posted on
by
The full title of this blog should really be ‘SELinux is preventing mysqld (mysqld_t) “search” to ./tmp (public_content_rw_t)’ as that is the problem I’ve been having with CentOS recently (and hence my searches on the web for a solution).
The cause of the problem
I use SugarCRM for customer and project management data – and very good it is too! (Gratuitous plug – I can help your company install and use this fine software :-) ). Except that recently, when listing my Accounts within Sugar, I would not see all of the account context. Only the account data itself would be displayed and none of the subpanels/links. The query to retrieve more data was failing, with this error message displayed in the browser window:
mysqld: Can't create/write to file '/tmp/#08y2jw' (Errcode: 13)
In my system log (/var/log/messages), I also got multiple SELinux errors like this:
Oct 13 09:07:50 server setroubleshoot: SELinux is preventing mysqld (mysqld_t) "read" to ./tmp (public_content_rw_t). For complete SELinux messages. run sealert -l 1762c478-f3a2-4eeb-be09-bd3dc037d945
Clearly, the reason for “Errcode: 13″ was due to SELinux.
Incidentally. if you have seen a similar error on your web site, but with (Errcode: 28) instead, this is likely due to shortage of disk space. A great way of determining operating system errors like this, is to use ‘PError’, thus:
# perror 28
OS error code 28: No space left on device
# perror 13
OS error code 13: Permission denied
So there we are – two distinct and different issues.
With SELinux, resolving the permission issue can be difficult. By issuing # sealert -l 1762c478-f3a2-4eeb-be09-bd3dc037d945, as suggested above, I got the following output (trimmed and highlighted for clarity):

Summary:
SELinux is preventing mysqld (mysqld_t) “search” to ./tmp (public_content_rw_t).
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./tmp,
restorecon -v ‘./tmp’
Additional Information:
Source Context root:system_r:mysqld_t
Target Context system_u:object_r:public_content_rw_t

First things first: issuing # restorecon -v './tmp' didn’t fix it for me. I was also surprised to see that the path to /tmp was relative to the current working directory, so I tried a slightly modified # restorecon -v '/tmp', but to no avail. After restarting mysqld, the problem persisted: MySQL was simply being refused access to /tmp. Somewhere, a policy is disallowing this.
It’s a mistake to assume the the source context and target context should be the same; they don’t have to be, as it’s entirely policy-driven.  I made bold those aspects (the file Type) above to highlight this incorrect assumption (that I previously held).
Find and fix a policy?
Although finding the troublesome policy and analysing it is a Good Thing, it’s also time-consuming and requires significant knowledge of SELinux, chiefly to avoid creating security holes. A better way, I found, was simply to relocate where mysqld tries to store temporary data.
Thanks to Surachart Opun’s blog, I learned that you can specify a new location for temporary files. In /etc/my.cnf, add or edit the following:
[mysqld]
tmpdir=/tmp # # e.g.
tmpdir=/var/lib/mysql/tmp

Now do the legwork to set up the directory properly:
First, create directory with appropriate permissions
# cd /var/lib/mysql
# mkdir tmp
# chown mysql:mysql tmp
# chmod 1750 tmp
Now set the SELinux context up:
# chcon --reference /var/lib/mysql tmp
and make the SELinuiux context permanent:
# semanage fcontext -a -t mysql_db_t "/var/lib/mysql/tmp(/.*)?"
Finally, restart mysql:

SugarCRM – Open Source CRM system

# service mysqld restart
Closing thoughts: optimisation
The methods above fixed the particular problem I was having. They didn’t, however, actually pinpoint the cause. This is one of the good things about Linux and SELinux in particular: you are forced to rethink what the system is doing and work out a solution that sits within the predefined security context – or learn how to write SELinux policies. Personally, I prefer the former ;-)
There is an additional benefit to the solution above – namely, optimisation. Because we have specified the security context with semanage, we are free to mount an external file system and use that instead for MySQL’s temporary files. In other words, we can maintain the security but increase the performance.  One such filesystem could be tmpfs. tmpfs is actually a RAM Disk, uses a fixed amount of RAM to provide file storage. It is much quicker than an on-disk filesystem and thus perfectly optimised for storing temporary, caching data. There are many resources about tmpfs on the web. A good introduction to tmpfs can be at Planet Admon.

Posted on
by

Today is Document Freedom Day. To celebrate, many of us open source netizens are doing the right thing and rejecting email attachments sent in proprietary formats, such as Microsoft Word, Excel and Access – 95, 97-2003 and so on.

The campaign is quite simple: refuse locked-in file formats.

The Free Software Foundation has provided some interesting examples of “polite” rejections to send to people who have emailed an attachment with a proprietary file format.

It’s a difficult thing, to tell someone that you are rejecting their attachment through choice.  You fear that it comes across as being awkward.  Breaking the social “norm” and standing for something you believe in is rarely painless.

There are ways to deal with this though, and the best way is probably humour.  It’s a serious message, yes, but that doesn’t mean it has to be all haughty overtones and morally correct principles shoved in people’s faces.  Making it funny will make it stick just as well.

Here are a few of my suggestions for handling your email rejections with a bit of added spice.  It’s a safe assumption that your friend uses Microsoft Office, so you could include this link at the end (http://www.sun.com/software/star/odf_plugin/get.jsp):

  • “Thanks for your email attachment.  Unfortunately, my dog ate it. He likes anything that is completely unpalatable, especially proprietary file formats.  He doesn’t seem bothered at all with open standards formats like the ODF, though.  Could you re-send your file using that format please? “

 

  • “Thanks for the document.  Sadly, we do not use proprietary file formats any more as the internet has brought about a revolution in open document format usage.  It happened so quickly that no-one noticed!! Please could you re-send your file in Open Document Format (ODF)?..”
  • “Thanks for the information. Regrettably, I am unable to open this format of document because I have become enlightened.  In my new karmic state, I only desire peace and harmony, and closed-off formats disrupt my inner sanctum.  Please could you re-send this file in natural, organic and eco-friendly Open Document Format?”

 

And of course, you MUST MUST MUST include a link to the Document Freedom Day web site, or to the Free Software Foundation, or to the Electronic Frontier Foundation, or to the Open Rights Group, or …

Links:

Thanks for watching!

Posted on
by

In every day life, I come across a number of things that I find extremely useful.  Instead of clogging up my browser’s bookmarks, I’ll list there here for my reference.

I hope they might be of use to you too!

Programming

  • PHP
  • Flex

    • Posted on
    by

    There is one thing I want from Org-mode more than anything: the ability to record the time I spend on various activities – even unplanned ones – and then see a summary of this time at the end of the week.

    Luckily, this is actually really simple.  I won’t go through the details of how to install or set-up Org-mode; that information is easy to read through at its rightful place.  Instead, it’s the key time-recording feature which I’ll briefly touch on here.

    How to start:

    1. Open up Emacs (not got Emacs? See the GNU web site or download it straight from the GNU FTP site)
    2. Start Org-mode by opening a .org file:

       C-x C-f  ~/org/work.org

    3. Start the clock on any item:

       C-c C-x C-i

    4. Leave it running for a minute or two and then stop the clock:

       C-c C-x C-o

    5. Now go into Agenda view:

       C-c a a

    6. When in Agenda view (commonly this opens in a second frame), just hit R:

       R

    Et voila! You should be able to see a summary of the time you have booked on your activities.

    Posted on
    by
    Apple’s attempt to sell me an iPad
    (the image has now been deleted, but depicted Apple’s QuickTime-only web site with the plugin not working – or failing-over nicely, in my browser)

    So, I can’t quite work out why I might want or need an iPad. Amusingly, a friend of mine posted a link on Facebook to Apple’s “TV” adverts on its website.

    What I saw was the image, opposite.

    Hmm, strange. Is this product only for people who already use Windows and/or a Mac? Being unable to install QuickTime (which is for a “PC” or Mac only) means I am unable to view this product. Apple are unable to do the most basic thing with sales and actually demonstrate to me why this product is good.

    Which then led me to think, perhaps it isn’t.

    Posted on
    by

    Hot off the press is v1.4.5 of Mark Hershberger’s weblogger, an extension to GNU Emacs / XEmacs which allows blogging from within the Emacs editor environment.

    Early indications are good – for me at least. I have found the process of setting up and using weblogger a bit tricky, at times, so it’s encouraging to see that I can at least add this blog entry fairly easily.

    Now, which is that “publish blog” keystroke…? 😉

    Posted on
    by

    I love Linux.  Sure, it ain’t perfect; there’s still some things that could “feel” a bit more modern.  But at the same time, there is so much to its credit that it’s hard to ignore.

    Take, for instance, virtual memory.  All modern computers have it.  Mobile phones use it.  Basically any computer-oriented device probably used virtual memory paging instead of real address allocation.  It’s just more flexible and safer to leave all the memory management to the operating system kernel.

    The nice thing about the open source OS, however, is that you can determine just how “swappy” Linux is.  It’s a feature which allows incredible flexibility.

    For example, a recent filesystem and partition resizing operation that I undertook had the strange side-effect of rendering my swap partition strangely ineffective.  Being able to tune the swappiness of the kernel has allowed me to fix and test the problem in-situ.

    Posted on
    by

    I’ve never been one for uploading my images in different places.  I don’t upload images to albums in Facebook or into Blogger itself.  Instead, I prefer to centralilse all my image storage at Flickr Picasa.

    The main reason for this is was that Flickr has been around a long time, is a veteran Yahoo web application, and has a great Javascript-based uploader which works flawlessly on Linux browsers – well, Firefox at least.  Unlike that stupid Java-applet attempt courtesy of Facebook’s programming team.  Sorry guys, “almost, but no cigar”.

    However, given that Yahoo charges for something that is an added detour from something else (Google+) that is essentially free, it no longer seems necessary to use it.

    So, when we see another wintry spell in the UK, perhaps I’ll take the aging Pentax *istDL out for another burn somewhere.

    Or maybe I’ll cling on to the Samsung Galaxy S (mk1) and the ease of Android 🙂

    Posted on
    by

    I have two blogs hosted by Google/Blogger (a blog for work, life and general stuff that interests me) and WordPress (a blog just for work).  I differentiate these on the basis of content type as opposed to areas of interest.  That is, purely commercial (or tech-commercial) stuff goes to the WordPress one.

    And yet, I wonder, what is the point?  With the ability to group, tag, label and so on, I can collect similar articles together in a variety of ways.  Anyone with half a brain, left or right, would be able to see that any articles I have labelled “business” are probably more commercially-oriented that ones labelled “may contain nuts”.

    The problem is, I don’t want to miss the party – anywhere.  WordPress blogs seem, by some opinion, so popular that it makes me wonder if WordPress is more of a writer’s platform than blogger, and that blogger is something more akin to myspace for the blogosphere – a kind of scrawly, messy, throw-together-but-informative kind of creative jumble.  Perhaps I’m being harsh of others’ blogger blogs, even if I’m being slightly too kind to my own… 😉

    Conversely, the opinions cited in various threads (1, 2, 3) would suggest that Blogger is the way to go, at least for feedback options and template customisability

    Regardless, I am not entirely convinced that either system is, actually, tremendously brilliant. Maybe I’d be a better person to judge once I’ve committed a thousand or two- more articles to cyberspace and then regret/celebrate making the wrong/right choice.

    Then everyone would really thank me for my opinion.  Then disregard it.  😉