Fedora

Gerrit and systemd socket activation

Once this change goes into gerrit it is possible to let gerrit be socket activated by systemd: https://gerrit-review.googlesource.com/#/c/89893/. To make above work correctly on „Fedora 24 (Server Edition)“ you need to install those custom SELinux rules: gerrit-systemd-port80.te: module gerrit-systemd-port80 1.0; require { type unconfined_service_t; type init_t; class tcp_socket { bind create listen setopt }; } #============= init_t ============== allow init_t unconfined_service_t:tcp_socket { bind create listen setopt }; systemd-java.

Install Fedora 21 alpha on UML

Download the Fedora 21 alpha ISO image E.g. the Server variant here: https://fedoraproject.org/get-prerelease#server Extract the initrd image from the ISO image Mount the ISO image as loop device losetup /dev/loop0 /path/to/Fedora-Server-netinst-x86_64-21_Alpha.iso and mount the loop device mount /dev/loop0 /mnt Copy the initial ramdisk image from the ISO image cp /mnt/isolinux/initrd.img /target/dir Patch the UML kernel This is needed because the initrd image finds the squashfs in the ISO image only, when no root parameter is passed as kernel command line option.

User Mode Linux (UML), systemd and Fedora cloud image

Create a system user „uml“ with home directory /home/uml/ Add systemd unit file for uml under /etc/systemd/system/uml@.service # Systemd unit file for an UML instance [Unit] Description=User Mode Linux [Service] Type=simple WorkingDirectory=/home/uml/ Environment=HOME=/home/uml TEMP=/dev/shm/ UMID=fedora23-%i IID=%i ExecPreStart=/home/uml/cloud.sh ExecStart=/home/uml/linux mem=1280M umid=${UMID} eth0=tuntap,,,192.168.10.${IID} ubd0=${UMID}/Fedora23-Root.cow,images/Fedora-Cloud-Base-23-20151030.x86_64.raw ubd1=${UMID}/cloud-config.iso root=/dev/ubda1 ds=nocloud LANG=de_DE.utf8 plymouth.enable=0 stderr=1 con=pts ExecStop=/usr/bin/uml_mconsole ${UMID} halt ExecRestart=/usr/bin/uml_mconsole ${UMID} reboot User=uml SyslogIdentifier=uml [Install] WantedBy=multi-user.target Add a cloud.sh file under /home/uml/cloud.

WordPress, MySQL, PHP-FPM, Fedora and SELinux

Sadly the PHP-FPM process on Fedora 22 is forbidden to connect to non-localhost addresses… So when using a local wordpress installation on a remote MySQL database you will get an SELinux avc, like: time->Sun Aug 16 14:11:36 2015<br /> type=PROCTITLE msg=audit(1439727096.488:571): proctitle=7068702D66706D3A20706F6F6C20777777<br /> type=SYSCALL msg=audit(1439727096.488:571): arch=c000003e syscall=42 success=no exit=-13 a0=4 a1=55ce39e50cf8 a2=10 a3=0 items=0 ppid=1062 pid=1068 auid=4294967295 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm="php-fpm" exe="/usr/sbin/php-fpm" subj=system_u:system_r:httpd_t:s0 key=(null)<br /> type=AVC msg=audit(1439727096.

Fedora 22 cloud images and User Mode Linux

Download the Fedora 22 raw cloud image Unpack the image with unxz Prepare a script the the cloud-init „NoCloud“ datasource ` 1. Download the Fedora 22 raw cloud image Unpack the image with unxz Prepare a script the the cloud-init „NoCloud“ datasource ` Change the variable $IMAGE_DIR, $UML_DIR and $CLOUD_CONFIG_DIR to your setup Save above script as cloud.sh and make it executable Start the script. The script will start 10 parallel UML instance from the same Fedora cloud base image

HTTP/2 with Jetty 9.3.0 on Fedora 22

Firefox 38 offers these cipher suites when trying to connect via HTTP/2 ALPN: [TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA] Sadly OpenJDK 8, which is part of Fedora 22 doesn’t support ECC, so all ECDHE key exchange algorithms are not available :-( Besides that Firefox 38 also checks some addtional constrains for the TLS connection: – Key Exchange Algorithm (KEA) must be DHE or ECDHE – DHE key size must be 2048 bits, ECDHE key size must be 256 bits

Juniper applet and OpenJDK on Fedora 21

The Juniper VPN applet tries to spawn a new java process like this: java -classpath /usr/lib/jvm/jre/lib/plugin.jar:/home/user/.juniper_networks/tncc.jar net.juniper.tnc.NARPlatform.linux.LinuxHttpNAR Sadly the plugin.jar file is not part of the OpenJDK JVM, it actually belongs to IcedTea-Web. So to make the Juniper applet work again, you must create a symlink to the plugin.jar. You sadly must do this for each new OpenJDK version that is being installed, e.g. after each update. ``The Juniper VPN applet tries to spawn a new java process like this: