From: tony m. <to...@ma...> - 2005-06-13 05:37:22
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I hope this isn't too off-topic for the list - I poked around the site for a while and this seemed to be the most appropriate address to send this information to. I recently pulled down the 1.2.5 release of Devil-Linux and was able to get it running on an Openbrick-E (http://shopping.hacom.net/catalog/product_info.php?cPath=22_45&products_id=30) with a 256MB USB stick in no time at all. A couple of observations: * install-on-usb didn't work for me as shipped. The problem is that cp -p exits with return code 1 when copying the source iso over to the USB stick (because of the filesystem type on the USB stick). It looks like this: Last chance, do you really want to continue ? (y/n) y Installing syslinux MBR 0+1 records in 0+1 records out 304 bytes transferred in 0.006160 seconds (49350 bytes/sec) installing SysLinux boot sector copying files copying source file bootcd.iso to device mounted on ./tmp-install2usb/disk-mnt/bootcd.iso cp: failed to preserve ownership for `./tmp-install2usb/disk-mnt/bootcd.iso': Operation not permitted (and then the script exits) The fix is trivial - either drop the -p or remove the "|| return 1" from line 43 of the script. * I tried using a single partition and ran into problems with save-config because the script kept trying to mount the already mounted partion under /var/adm/mount. This could be done with a bind mount, or much simpler, it seems that save-config could check for /config/etc.tar.bz2 in the root filesystem if there are no other mountable partitions containing configurations. * When using 2 paritions on a single USB stick, the message "syncing and unmounting (this could take a while)" comes *after* the filesystem has been synced because sync gets called on line 393 after copying the etc.tar.bz2 to the second parition. This is purely aesthetic, but it caught my eye because when I was trying with a single parition, the message came before the sync. It's a useful message, given how long it takes to sync the ISO to the USB stick, so it might be good to either duplicate it before invoking sync on line 393, or skipping that sync since it's going to occur right after dl_install() completes. Great distro! Thanks, tony -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCrRttpdwBkPlyvgMRAlWPAKCDOqVhUqct3Pw2iuviAJpnwF/C+gCfVSPD CdoSXZgJDF6dKhnhQvzAdH0= =MSIi -----END PGP SIGNATURE----- |
From: Heiko Z. <he...@zu...> - 2005-06-13 15:14:01
|
Hi, thanks for the infos. It would actually help us a lot, if you could attach patches to fix the mentioned problems. Heiko > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I hope this isn't too off-topic for the list - I poked around the site > for a while and this seemed to be the most appropriate address to send > this information to. > > I recently pulled down the 1.2.5 release of Devil-Linux and was able to > get it running on an Openbrick-E > (http://shopping.hacom.net/catalog/product_info.php?cPath=22_45&products_ > id=30) with a 256MB USB stick in no time at all. > > A couple of observations: > > > * install-on-usb didn't work for me as shipped. The problem is that cp > -p > exits with return code 1 when copying the source iso over to the USB stick > (because of the filesystem type on the USB stick). It looks like this: > > > Last chance, do you really want to continue ? (y/n) y > Installing syslinux MBR > 0+1 records in > 0+1 records out > 304 bytes transferred in 0.006160 seconds (49350 bytes/sec) > installing SysLinux boot sector copying files copying source file bootcd.iso > to device mounted on ./tmp-install2usb/disk-mnt/bootcd.iso > cp: failed to preserve ownership for > `./tmp-install2usb/disk-mnt/bootcd.iso': Operation not permitted > > > (and then the script exits) > > > The fix is trivial - either drop the -p or remove the "|| return 1" from > line 43 of the script. > > * I tried using a single partition and ran into problems with save-config > because the script kept trying to mount the already mounted partion > under /var/adm/mount. This could be done with a bind mount, or much > simpler, it seems that save-config could check for /config/etc.tar.bz2 in > the root filesystem if there are no other mountable partitions containing > configurations. > > * When using 2 paritions on a single USB stick, the message "syncing and > unmounting (this could take a while)" comes *after* the filesystem has > been synced because sync gets called on line 393 after copying the > etc.tar.bz2 to the second parition. This is purely aesthetic, but it > caught my eye because when I was trying with a single parition, the > message came before the sync. It's a useful message, given how long it > takes to sync the ISO to the USB stick, so it might be good to either > duplicate it before invoking sync on line 393, or skipping that sync since > it's going to occur right after dl_install() completes. > > Great distro! > > > Thanks, > tony -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.1 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org > > > iD8DBQFCrRttpdwBkPlyvgMRAlWPAKCDOqVhUqct3Pw2iuviAJpnwF/C+gCfVSPD > CdoSXZgJDF6dKhnhQvzAdH0= > =MSIi > -----END PGP SIGNATURE----- > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: NEC IT Guy Games. How far can you > shotput a projector? How fast can you ride your desk chair down the office > luge track? If you want to score the big prize, get to know the little > guy. Play to win an NEC 61" plasma display: http://www.necitguy.com/?r=20 > _______________________________________________ > Devil-linux-develop mailing list > Dev...@li... > https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > > > -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Kim T. C. <th...@ah...> - 2005-06-14 16:21:11
|
Hi all, I've written some Python scripts on my Devil Linux 1.2.5 system but I got some strange segmentation fault error. Looks like 'grsecurity' patch doesn't live happily with Python, in /var/log/message you can see: Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: signal 11 sent to /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, parent /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 The easiest way to reproduce it by a 2-lines Python script: root@Devil:/tmp # cat s.py import smtplib server = smtplib.SMTP('localhost') root@Devil:/tmp # python s.py Segmentation fault root@Devil:/tmp # Any Python develper here that come across the same issue ? or is there a way to disable grsecurity ? /Kim |
From: Heiko Z. <he...@zu...> - 2005-06-14 16:44:54
|
Kim Thye Chua wrote: > Hi all, > > I've written some Python scripts on my Devil Linux 1.2.5 system but I > got some strange segmentation fault error. Looks like 'grsecurity' > patch doesn't live happily with Python, in /var/log/message you can see: > > Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: signal 11 > sent to /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, > parent /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 > Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: denied > resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 > for /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, parent > /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 The second line just means that python tried to create a core dump, but wasn't allowed to. So the main question is why it received a signal 11. > > The easiest way to reproduce it by a 2-lines Python script: > > root@Devil:/tmp # cat s.py > import smtplib > > server = smtplib.SMTP('localhost') > > root@Devil:/tmp # python s.py > Segmentation fault > root@Devil:/tmp # > Is this producing the same log output? > Any Python develper here that come across the same issue ? You may want to try the grsecurity forum ( http://www.grsecurity.net ). > or is there a way to disable grsecurity ? > No, BUT: There is a "-server" version of DL, which has no grsecurity included. -- Regards Heiko http://www.devil-linux.org |
From: Kim T. C. <th...@ah...> - 2005-06-15 02:34:16
|
Thanks Heiko, >Is this producing the same log output? Sorry, the exact log output is this: Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: signal 11 sent to /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, parent /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 where I have the other window doing: root@Devil:/tmp # cat s.py import smtplib server = smtplib.SMTP('localhost') server.quit() root@Devil:/tmp # python s.py Segmentation fault /kim Heiko Zuerker wrote: > Kim Thye Chua wrote: > >> Hi all, >> >> I've written some Python scripts on my Devil Linux 1.2.5 system but I >> got some strange segmentation fault error. Looks like 'grsecurity' >> patch doesn't live happily with Python, in /var/log/message you can see: >> >> Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: signal 11 >> sent to /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, >> parent /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 >> Jun 15 00:07:01 src@Devil kernel: grsec: From 192.168.0.5: denied >> resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 >> for /usr/bin/python2.4[python:19084] uid/euid:0/0 gid/egid:0/0, >> parent /usr/sbin/cron[cron:19083] uid/euid:0/0 gid/egid:0/0 > > > The second line just means that python tried to create a core dump, > but wasn't allowed to. > So the main question is why it received a signal 11. > >> >> The easiest way to reproduce it by a 2-lines Python script: >> >> root@Devil:/tmp # cat s.py >> import smtplib >> >> server = smtplib.SMTP('localhost') >> >> root@Devil:/tmp # python s.py >> Segmentation fault >> root@Devil:/tmp # >> > Is this producing the same log output? > >> Any Python develper here that come across the same issue ? > > > You may want to try the grsecurity forum ( http://www.grsecurity.net ). > >> or is there a way to disable grsecurity ? >> > No, BUT: > There is a "-server" version of DL, which has no grsecurity included. > |
From: Heiko Z. <he...@zu...> - 2005-06-15 13:52:20
|
Kim Thye Chua wrote: > Thanks Heiko, > > >Is this producing the same log output? > > Sorry, the exact log output is this: > > Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: signal 11 > sent to /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, > parent /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 > Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: denied > resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 > for /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, parent > /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 > > > where I have the other window doing: > > root@Devil:/tmp # cat s.py > import smtplib > > server = smtplib.SMTP('localhost') > server.quit() > root@Devil:/tmp # python s.py > Segmentation fault > I think your best chance right now is asking the questions on the grsecurity forum, I really can't help you much there. -- Regards Heiko http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-06-15 13:59:06
|
> > Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: signal 11 > > sent to /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, > > parent /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 > > Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: denied > > resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 > > for /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, parent > > /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 > > > > > > where I have the other window doing: > > > > root@Devil:/tmp # cat s.py > > import smtplib > > > > server = smtplib.SMTP('localhost') > > server.quit() > > root@Devil:/tmp # python s.py > > Segmentation fault > > > > I think your best chance right now is asking the questions on the > grsecurity forum, I really can't help you much there. It definitely appears to be a grsecurity related issue. The easy solution is to use the i686-server release of DL (no grsec!). Did I ever mention how much I dislike grescurity? :-) - BS |
From: Heiko Z. <he...@zu...> - 2005-06-15 14:11:33
|
Bruce Smith wrote: >>>Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: signal 11 >>>sent to /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, >>>parent /bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 >>>Jun 15 10:32:23 src@Devil kernel: grsec: From 192.168.0.16: denied >>>resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 >>>for /usr/bin/python2.4[python:26501] uid/euid:0/0 gid/egid:0/0, parent >>>/bin/bash[bash:26419] uid/euid:0/0 gid/egid:0/0 >>> >>> >>>where I have the other window doing: >>> >>>root@Devil:/tmp # cat s.py >>>import smtplib >>> >>>server = smtplib.SMTP('localhost') >>>server.quit() >>>root@Devil:/tmp # python s.py >>>Segmentation fault >>> >>> >>> >>I think your best chance right now is asking the questions on the >>grsecurity forum, I really can't help you much there. >> >> > >It definitely appears to be a grsecurity related issue. >The easy solution is to use the i686-server release of DL (no grsec!). > >Did I ever mention how much I dislike grescurity? :-) > > > > Every day. ;-) But for me it's a necessary evil, because it also adds a lot of benefits. -- Regards Heiko http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-06-15 14:23:07
|
> >Did I ever mention how much I dislike grescurity? :-) > > > Every day. ;-) > But for me it's a necessary evil, because it also adds a lot of benefits. Such as? - BS |
From: Heiko Z. <he...@zu...> - 2005-06-15 14:38:14
|
Bruce Smith wrote: >>>Did I ever mention how much I dislike grescurity? :-) >>> >>> >>> >>Every day. ;-) >>But for me it's a necessary evil, because it also adds a lot of benefits. >> >> > >Such as? > > http://www.grsecurity.net/features.php I don't care about the RBAC stuff, but the other things are important to me. For example a 'normal' chroot without grsec is not really secure, since it's easy to break out of it. -- Regards Heiko http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-06-15 17:38:02
|
> http://www.grsecurity.net/features.php > I don't care about the RBAC stuff, but the other things are important to > me. For example a 'normal' chroot without grsec is not really secure, > since it's easy to break out of it. Some of the features would be nice, but others bite us in the ass. Is there a compile option to skip the RBAC stuff,and anything else that is causing us problems? Or some way to specify it in the grsec conf? - BS |
From: Heiko Z. <he...@zu...> - 2005-06-15 19:05:18
|
Bruce Smith wrote: >>http://www.grsecurity.net/features.php >>I don't care about the RBAC stuff, but the other things are important to >>me. For example a 'normal' chroot without grsec is not really secure, >>since it's easy to break out of it. >> >> > >Some of the features would be nice, but others bite us in the ass. > >Is there a compile option to skip the RBAC stuff,and anything else that >is causing us problems? Or some way to specify it in the grsec conf? > > > No. There are different options you can choose, but many different of them could cause issues. -- Regards Heiko http://www.devil-linux.org |
From: Kim T. C. <th...@ah...> - 2005-06-18 03:43:42
|
I found that Python works fine with devil-linux version 1.2.5-i686-SMP-server. But I'm trying to rebuild the distro to upgrade Python to v2.4.1, could you provide me with the .config (menuconfig) file for 1.2.5 -server version ? /kim Bruce Smith wrote: >>http://www.grsecurity.net/features.php >>I don't care about the RBAC stuff, but the other things are important to >>me. For example a 'normal' chroot without grsec is not really secure, >>since it's easy to break out of it. >> >> > >Some of the features would be nice, but others bite us in the ass. > >Is there a compile option to skip the RBAC stuff,and anything else that >is causing us problems? Or some way to specify it in the grsec conf? > > - BS > > > > >------------------------------------------------------- >SF.Net email is sponsored by: Discover Easy Linux Migration Strategies >from IBM. Find simple to follow Roadmaps, straightforward articles, >informative Webcasts and more! Get everything you need to get up to >speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click >_______________________________________________ >Devil-linux-develop mailing list >Dev...@li... >https://lists.sourceforge.net/lists/listinfo/devil-linux-develop > > > |
From: Heiko Z. <he...@zu...> - 2005-06-18 22:31:59
|
Kim Thye Chua wrote: > > I found that Python works fine with devil-linux version > 1.2.5-i686-SMP-server. But I'm trying to rebuild the distro to upgrade > Python to v2.4.1, could you provide me with the .config (menuconfig) > file for 1.2.5 -server version ? > Take the default config and just de-select grsecurity. -- Regards Heiko http://www.devil-linux.org |