Enterprise Linux Log


October 2, 2007  9:02 AM

Linux 2.6.23-rc9 and x86 merge incoming

ITKE ITKE Profile: ITKE

Linus Torvalds provides us with an update on the Linux kernel today, as well as a heads-up about incoming x86 merge news set to drop fairly soon.

LKML:

I said I was hoping that -rc8 was the last -rc, and I hate doing this, but we’ve had more changes since -rc8 than we had in -rc8. And while most of them are pretty trivial, I really couldn’t face doing a 2.6.23 release and take the risk of some really stupid brown-paper-bag thing.

So there’s a final -rc out there, and right now my plan is to make this series really short, and release 2.6.23 in a few days. So please do give it a last good testing, and holler about any issues you find!

This is also a good time to warn about the fact that we’re doing the x86 merge very soon (as in the next day or two) after 2.6.23 is out, so if you have pending patches for the next series that touch arch/i386 or x86-64, you should get in touch with Thomas Gleixner and Ingo Molnar, who are the keepers of the merge scripts, and will help you prepare..

Doing it as early as possible in the 2.6.24-rc4 series (basically I’ll do it first thing) will mean that we’ll have the maximum amount of time to sort out any issues, and the thing is, Thomas and Ingo already have a tree ready to go, so people can check their work against that, and don’t need to think that they have to do any fixups after it his *my* tree. It would be much better if everybody was just ready for it, and not taken by surprise.

Sounds like the kernel fellas have some work to do this week.

October 1, 2007  8:23 AM

First preview of Samba 3.2.0 now available for download

ITKE ITKE Profile: ITKE

This news broke on Sept. 28, but I was so excited about October that I thought it would be cool to post it on October 1. OK, now that I’ve sufficiently covered my butt with an excuse, I give you the 3.2.0 preview release of Samba.

Cue the streamers:

Major enhancements in Samba 3.2.0 include:

File Serving:

  • Use of IDL generated parsing layer for several DCE/RPC interfaces.
  • Removal of the 1024 byte limit on pathnames and 256 byte limit on filename components to honor the MAX_PATH setting from the host OS.
  • Introduction of a registry based configuration system.
  • Improved CIFS Unix Extensions support.
  • Experimental support for file serving clusters.

Winbind and Active Directory Integration:

  • Full support for Windows 2003 cross-forest, transitive trusts and one-way domain trusts
  • Support for userPrincipalName logons via pam_winbind and NSS lookups.
  • Support in pam_winbind for logging on using the userPrincipalName.
  • Expansion of nested domain groups via NSS calls.
  • Support for Active Directory LDAP Signing policy.

Users & Groups:

  • New ldb backend for local group mapping tables
  • Raised level of security defaults for authentication operations.

Note that this is also the first time that Samba is being released under the GPLv3. The Samba Team adopted version 3.0 of the GNU General Public License for the 3.2 and later releases as of September.


September 28, 2007  10:48 AM

Does this script work for you?

ITKE ITKE Profile: ITKE

Recently, we asked our readers to share some of their Linux scripts with us. Our first script comes to us from Diethard Ohrt, who sent us a script named “survf”. He writes:

The script “survf” monitors a file so you can check whether this file is growing (e.g. during ftp transfer). If you link it to the name “survp,” it monitors a running process… when the process terminates it sounds a bell and terminates.

Take a look at survf and give it a try. Diethard adds that he originally wrote it for the Korn shell on a Unix box a few years ago (so you might want to tweak it with “proper, real bash syntax.”)

Thank you, Diethard! To show our appreciation, we are sending you a gift certificate for some Starbucks coffee. Enjoy.

Let us know what you think of the script or send us one of your own. If we use it, you can earn yourself a Starbucks gift certificate plus you’ll be helping out other users.

If you would like some more scripts, check out our tips section. Whether it is help with Linux migrations or managing high-volume CPU processes, our SearchEnterpriseLinux experts help you navigate through the Linux world.

Hope you like the script. Keep them coming.


!/bin/bash

survp/f: primitive process/file surveillance
==================================================
monitors a given process using ps(1)
process may be given by PID or name
if called as "survf", a given file is monitored
("CUP" means "cursor up" ...)
__________________________________________________

PROGNAME=`basename $0`

trap echo -e "\n$PROGNAME: terminated." exit 0 2 15

is_int=0

How have we been called? _________________________
if [ $PROGNAME = survp ]
then
OBJECT=process
CMD="ps -U $LOGNAME | grep $1"
if (( $ != 1 ))
then
echo "usage: $PROGNAME { pid | process_name }"
exit 1
fi
Check: is parameter a number, thus PID?
export item2test=$1
bash -u -c typeset -i NUM=$item2test > /dev/null 2>&1
(( $? == 0 )) && is_int=1
else
invoked as "survf" _____________________________
OBJECT=file
CMD="ls -l $1"
if (( $ != 1 ))
then
echo "usage: $PROGNAME { file_name }"
exit 1
fi
fi

typeset -i STATE=0

echo $PROGNAME: surveillance of $OBJECT $1
echo " (use ^C to terminate)"
CUP=`tput cuu1``tput cuu1`
while [ true ]
do
if [ $OBJECT = process ]
then
if (( $is_int == 0 ))
then
ps -u $LOGNAME | grep $1
STATE=$?
else
ps -fp $item2test
STATE=$?
echo $CUP
fi
else
$CMD
STATE=$?
fi
if (( $STATE != 0 ))
then
echo -e "07\n$PROGNAME: *** ERROR *** $OBJECT $1 not found!"
exit 1
fi
echo $CUP
sleep 10
done


September 28, 2007  10:43 AM

Novell microsite targets virtualization

ITKE ITKE Profile: ITKE

I received an email today from Novell touting a new virtualization microsite, so I thought I’d fire off a micropost to the Enterprise Linux Log with a few details.

From Novell:

Novell has created a new microsite to provide the open source community with Virtualization resources such as whitepapers, customer case studies and video interviews (including Novell’s Kurt Garloff and Intel’s Doug Fisher).

You can check out the site at the below link:

http://www.novell.com/virtualization/


September 27, 2007  10:43 AM

Ubuntu bests Jesus — Apocalypse imminent?!

ITKE ITKE Profile: ITKE

So, dear readers, who is more popular: A Linux distribution with a funky name or a funky fella who could supposedly turn water into wine and walk on water?

If you answered Ubuntu, then give yourself a star. If you answered Jesus, then you were right last year, but Google Trends has proved you wrong today. If you answered Mark Shuttleworth, then I suggest you get your head examined, because while Ubuntu is an insanely popular Linux distro right now, the man behind it cannot perform literal miracles (the last time I checked, anyway).

Here’s the evidence, provided by the blog Venture Cake:

Ubuntu versus Jesus

Venture Cake also has a hilarious comparison between Ubuntu and the bearded one up on their site today, so I encourage you to hit that link and check it out.


September 26, 2007  3:16 PM

SELinux — is it *really* too complex?

ITKE ITKE Profile: ITKE

I read a post this afternoon that surprised me a little, which is tough to do because I work on the Internet and I’ve basically seen everything humanity has to offer. Believe me, it’s not much.

What surprised me today is that the old axiom “SELinux is so difficult to use that most IT managers just switch it off” has bubbled to the surface again over at Kerneltrap.org.

The post at Kerneltrap is actually a snippet from a larger rant on the OpenBSD mailing list, which compares the security of SELinux to OpenBSD’s default security.

A thread on the OpenBSD-misc mailing list compared the security of SELinux in the 2.6 Linux kernel to what’s available in OpenBSD. The general opinion was that SELinux and its policy language are too complex, leading Damien Miller to note, “every medium to large Linux deployment that I am aware off has switched SELinux off. Once you stray from the default configurations that the system distributors ship with, the default policies no longer work and things start to break.” Ted Unangst summarized, “the problem with security by policy is that the policy is always wrong.”

I’ve written a few articles about SELinux over the past year and a half for this sole reason: complexity. I’m certainly no expert on the subject, but in 2006 and ’07 I did get to hear from people at various Linux conferences and from interviews for other security stories that SELinux was a great piece of software — perhaps “too great.” As was argued above in the OpenBSD list, people were shutting it off because its NSA-powered muscles were breaking their systems. When that happens, you’ll find 9 times out of 10 an administrator will opt to shut the thing off and find another fix rather than invest the extra time and money, regardless of the features being promised him/her. So I started asking, “what’s being done? Who’s doing what?” and so on.

The folks at Red Hat were the most helpful, for obvious reasons (SELinux is baked into Red Hat Enterprise Linux), but I also interviewed a few SELinux experts for my research, including Karl MacMillan and Frank Mayer, co-authors of SELinux By Example. Mayer even wrote us a nice article on SELinux, called Five Ways SELinux may surprise you, that still does well traffic-wise on SearchEnterpriseLinux.com today. I also interviewed the guys in the trenches who had decided to shut the thing off and deal with it later.

What I discovered is that part of SELinux’s current dilemma is more easily fixable than the other, because it has nothing to do with technological chops and everything to do with public perception. Jim Klein, the director of information services and technology at the California-based Saugus Union School District, put it best: “The biggest problem for SELinux is mindshare,” Klein told me. “It developed a stigma early on due to the lack of tools for configuration and troubleshooting, which led people to simply turn it off.” Currently, Klein is one of the many IT guys who has the SELinux switch in the “off” position.

But Red Hat was ready for that, or so it seemed. At the Red Hat Summit in May their SELinux guru Dan Walsh was beating the setroubleshoot tool drum as proof that his developers were listening and SELinux was turning a corner towards simplicity. Also known as SELinux Troubleshooter, setroubleshoot is a tool that watches the audit log files for access vector cache (AVC) messages and send reports to the IT manager when things go wrong, right or whatever. Walsh said SELinux has a new GUI in RHEL 5 to assist in management, as well as a set of configurable Booleans (read: if, then statements) that allow IT managers to modify network ports, file labeling and event user mappings. That particular session was one of the more packed ones I attended in San Diego that week. Does that mean anything in particular? Not really, as security is always popular topic, but it was interesting given what’s still being debated today.

As Red Hat talks GUIs and tools and setroubleshoot (oh my!) those crafty OpenBSD guys are ready with a pithy retort (or is that snark?):

If the policy language was halfway sane then this wouldn’t be so bad – a skilled administrator could adjust the policy. Unfortunately:

1) skilled administrators are hard to come by, and their time is usually better spent *not* tweaking brittle mandatory access control policies

2) the SELinux policy language is nowhere near sane.

OpenBSD’s systrace suffers from #1 – it is a generic problem with these sorts of access control mechanisms, and it is one reason why it has never been enabled by default. The brittleness is a real problem – I use systrace for a few things and often need to update my policies because of software upgrades or libc changes. Oh, and “skilled administrator” means someone deeply familiar with the Unix system interface – not a just a graduate of certification course de jour.

The Linux solution to #2 seems to be to add various wizards and other abstraction between the administrator and the policy, rather than tossing the horrid mess and replacing it with something more comprehensible.

What this all means to me is if we can find similar thoughts being shared outside of an OpenBSD mailing list (where Linux or SELinux surely don’t have the home field advantage they’re used to in, say, Linus Torvalds’ backyard), we might be onto to something. That something? That SELinux should in fact be turned off indefinitely until this complexity issue is resolved.

Until then, however, I think we all should probably look into some advice I found in the Kerneltrap comment section:

If I wanted a fair comparison of OpenBSD and SELinux, the last place I would ask would be the openbsd-misc mailing list.

Could be good advice.

Related info: Our site expert James Turnbull has a brief comparison of SELinux and AppArmor (the latter being what Novell SUSE has to offer).


September 25, 2007  3:24 PM

Red Hat reports second quarter results, promotions

ITKE ITKE Profile: ITKE

Red Hat, Inc. today announced financial results for its second fiscal quarter ended August 31, 2007, and the results are again pretty solid.

According to a release that’s still pretty hot after being cut and pasted from my email Inbox, total Red Hat revenue for the quarter was $127.3 million, an increase of 28% from the year ago quarter and 7% from the prior quarter. Subscription revenue, where Red Hat makes its bread and butter, was “$109.2 million, up 29% year-over-year and 6% sequentially,” the release stated.

On the income side of the aisle (take a deep breath before reading this one aloud), net income for the quarter was $18.2 million, or $0.09 per diluted share, compared with $16.2 million, or $0.08 per diluted share, for the prior quarter and $11.0 million, or $0.05 per diluted share, in the year ago quarter. Non-GAAP adjusted net income for the quarter was $36.9 million, or $0.17 per diluted share, after adjusting for stock compensation and tax expense as detailed in the tables below. This compares to non-GAAP adjusted net income of $33.7 million, or $0.16 per diluted share, in the prior quarter and $24.5 million, or $0.12 per diluted share, in the year ago period.

Other highlights of the quarter included the following:

- Red Hat surpassed the milestone of more than 3,000 applications certified on Red Hat Enterprise Linux.
– Following three consecutive years of Red Hat being ranked first in value for enterprise software in the CIO Insight survey, Red Hat Japan was ranked the number one technology vendor in Japan that customers intend to conduct business with in the future according to the Nikkei Market Access survey.
– Red Hat released the beta version of the Red Hat Developer Studio, an integrated Eclipse-based set of open source development tools and runtime environment.
– Red Hat released JBoss Enterprise Application Platform 4.2, an enterprise-ready platform on which to migrate legacy applications to an open source architecture.

Red Hat also appointed two new financial executives today: Mark Cook was promoted to Vice President, Finance and Controller; and Paul Argiry joined Red Hat as Vice President and Treasurer.


September 25, 2007  3:06 PM

GPLv3 growth flattens out, LGPLv3 adds 49 projects

ITKE ITKE Profile: ITKE

For a month that saw a GNU GPL lawsuit and nearly 20% growth in GPLv3 project conversions, September has quickly become yet another month set to go out like a lamb (I’m looking at you, March).

At the beginning of the month, I cited a Palamida report that had tracked the number of GPLv3 adoptions among open source projects at a 15-20% increase month-over-month. Today? The numbers have cooled slightly, although the GPL’s younger brother the LGPL has taken up some of the slack.

Again, Palamida provides some of the licensing numbers they’ve been tracking for the period of September 10 through the 21rst:

Wow for the LGPL v3 (Relatively)
The last two weeks have seen a 17% increase over last in the number of projects that have adopted GPLv3. As of 3pm PDT, September 21, 2007, our research indicates that 683 projects have officially adopted GPLv3, as compared to 585 projects on September 7th. A whopping 31 new projects have adopted LGPLv3 bringing the total LGPLv3 projects to 76.

Palamida is also pretty good at keeping people up to date on some of the specific projects being converted to the GPLv3 (they aren’t just about statistics, people!).

Some of the latest conversions:

  • mySerialz: A Web application that allows users to keep track of their serial keys.
  • gPodder: A Podcast receiver/catcher written in Python and pyGTK. It manages podcast feeds for you, and automatically downloads all podcasts from as many feeds as you like. If you are interested in Podcast feeds, simply put the feed URLs into gPodder and it will download all episodes for you automatically. If there is a new episode, it will get it for you. It supports download resume, if the server supports it.
  • Version Control Control (VC”): A tool that integrates with off-the-shelf version control systems and monitors file system access in order to enhance awareness among users. The tool warns about actions made by other users and suggests conflict avoiding actions.
  • GNU Emacs: Emacs is the extensible, customizable, self-documenting real-time display editor. Emacs is a text editor and more. At its core is an interpreter for Emacs Lisp (“elisp”, for short), a dialect of the Lisp programming language with extensions to support text editing.
  • yWiCo: SyWiCo is a tool for managing concurrent modifications of shared files between unconnected computers. It can be used as a synchronization tool relying on email.
  • Portaneo Open Source Homepage (POSH): Posh is a open source personalizable portal (Netvibes, iGoogle, …) developed with PHP/MySQL/Ajax.

I assume the last one has no relation to Becks.

Bonus link: More on the FSF lawsuit against Monsoon Multimedia.

UPDATE: Hate to kick you while you’re down, buddy, but InformationWorld is reporting that developers are shunning GPLv3.


September 25, 2007  12:28 PM

Novell shows off open source ATI drivers

ITKE ITKE Profile: ITKE

As this relates to one of our most popular blog posts ever here at the Enterprise Linux Log, I thought it was worth a mention. Apparently, Novell has released an alpha level video driver for ATI Radeon R5xx/R6xx boards. Seriously, at 77 comments, our original post from the Red Hat Summit last May on the open source drivers topic is the most read and most discussed post in our short little history. Kudos to Jan Stafford on the scoop.

The Inquirer has more to say (and, really, when don’t they?):

The software release comes just eight days after AMD open sourced the register specs for the cards. It supports only initial mode settings at the moment, but SUSE developers plan to add support for more hardware, RanR 1.2, video overlay and 2D acceleration soon.

Novell’s ATI Radeon R5xx/R6xx video drivers are available in a multi-distribution package that supports the Fedora, Mandriva, and all SUSE flavours of Linux

This was a big deal when AMD announced a similar item way back in May, and it appears that it will remain a big deal for some time to come. The topic is kind of outside the focus of our parent site, SearchEnterpriseLinux.com, but you can be sure updates will find their way here to the blog when they happen.


September 24, 2007  10:06 AM

Monday morning Linux kernel news

ITKE ITKE Profile: ITKE

It’s kernel update time. This is the single security bug fix edition:

We (the -stable team) are announcing the release of the 2.6.22.7 kernel. It contains a single security bugfix for the x86_64 architecture. There is potential for local privilege escalation, so all x86_64 users are certainly encouraged to upgrade.

CVE-2007-4573: x86_64: Zero extend all registers after ptrace in 32bit entry path.

I’ll also be replying to this message with a copy of the patch between 2.6.22.6 and 2.6.22.7.

I’m going to go out on a limb and guess this won’t be the last we hear from lwn.net.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: