[opensuse-factory] Features making it into 12.1 for blog
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome. AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc. I know there were others, but I have forgotten them. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 09/20/2011 10:01 AM, Roger Luedecke wrote:
I know there were others, but I have forgotten them.
Shorewall firewall package with systemd support (thanks to Frederic for the help) Togan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le mardi 20 septembre 2011 à 01:01 -0700, Roger Luedecke a écrit :
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD
please write systemd (no capital)
Grub2
not by default
Plymouth?
not done -- Frederic Crozat <fcrozat@suse.com> SUSE -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello Questions: - What opensuse build projects compile or make the 12.1 milestoneX factory isos cd and dvd which end up on the mirrors? - Can you provide a link to the projects ? [1] Thanks Glenn [1]http://mirror.optus.net/opensuse/distribution/12.1-Milestone5/iso/ x86_64 isos produced: openSUSE-NET-Build0250-x86_64.iso openSUSE-KDE-LiveCD-Build0250-x86_64.iso openSUSE-DVD-Build0250-x86_64.iso -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc. Andreas Jager did a series of blog posts on Factory changes, please read those for a comprehensive list. Search for "openSUSE Factory Progress" on the
On Tuesday 20 September 2011 01:01:58 Roger Luedecke wrote: planet. -- Mit freundlichen Grüßen, Sascha Peilicke
Am 20.09.2011 11:59, schrieb Sascha Peilicke:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc. Andreas Jager did a series of blog posts on Factory changes, please read those for a comprehensive list. Search for "openSUSE Factory Progress" on the
On Tuesday 20 September 2011 01:01:58 Roger Luedecke wrote: planet.
http://jaegerandi.blogspot.com If my memory served me right... Kim -- -o) Kim Leyendecker /\\ openSUSE Ambassador, openSUSE Wiki Team DE _\_v http://www.opensuse.org - Linux for open minds -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday, September 20, 2011 13:47:27 Kim Leyendecker wrote:
Am 20.09.2011 11:59, schrieb Sascha Peilicke:
On Tuesday 20 September 2011 01:01:58 Roger Luedecke wrote:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc.
Andreas Jager did a series of blog posts on Factory changes, please read those for a comprehensive list. Search for "openSUSE Factory Progress" on the planet.
http://jaegerandi.blogspot.com If my memory served me right...
And some on lizards.opensuse.org as well, Andreas -- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 09/20/2011 11:59 AM, Sascha Peilicke wrote:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc. Andreas Jager did a series of blog posts on Factory changes, please read those for a comprehensive list. Search for "openSUSE Factory Progress" on the
On Tuesday 20 September 2011 01:01:58 Roger Luedecke wrote: planet.
snapper -- Duncan Mac-Vicar P. - http://www.suse.com/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) Maxfeldstraße 5, 90409 Nürnberg, Germany -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tuesday, September 20, 2011 10:01:58 Roger Luedecke wrote:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2
Not installed by default.
Plymouth?
No.
Kernel 3.1?
Yes.
CDEmu with menu extensions for mounting ISO etc.
I know there were others, but I have forgotten them.
-- Andreas Jaeger aj@{suse.com,opensuse.org} Twitter/Identica: jaegerandi SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Roger, openSUSE 12.1 will have Samba 3.6.x. See http://www.samba.org/samba/news/releases/3.6.0.html for the highlights of this release. Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
On 09/20/2011 10:01 AM, Roger Luedecke wrote:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc.
I know there were others, but I have forgotten them.
Also KDE v4.7.1 Regards. -- İsmail Dönmez - openSUSE Booster SUSE LINUX Products GmbH Maxfeldstr. 5, 90409 Nürnberg, Germany GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello, on Dienstag, 20. September 2011, Roger Luedecke wrote:
AppArmor notifier (aanotify?)
It's "aa-notify" and, well, the new feature is that it is really working ;-) At least mostly - while answering your mail, I discovered a small bug. I have to thank you for asking, because this might have been unnoticed otherwise. Short HowTo to get aa-notify working: - edit /etc/apparmor/notify.conf and change "use_group=" to a group where your user is a member - "users" will of course work, but you might want to create a separate group or use the "trusted" group. (If you are not a member of the specified group, aa-notify will abort with "ERROR: '$user' must be in '$specified_group' group. Aborting".) - optional, but useful (especially if you want aa-notify autostarted at login): setup sudo to allow running aa-notify without entering the root password (using visudo or the YaST2 sudo module) - start aa-notify using sudo: sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-( To be exact, it breaks /usr/bin/notify-send because it can no longer connect to DBUS to display the notification. I just did a nice debugging session with John Johansen (one of the AppArmor developers) on IRC - comparing the env variables to those he got on Ubuntu with sudo finally got me on the right track after two hours. And as a side effect, we discovered that openSUSE's sudo on 11.4 misbehaves when using the -i option (reported as bug 720181). I submitted a patch for aa-notify upstream that restores the HOME and DISPLAY environment variables as good as possible ($HOME is easy, but I had to hardcode $DISPLAY to :0 if not set), so this should be fixed soon. When the fix is in the openSUSE package, you can just run sudo aa-notify -p (or sudo DISPLAY=':123' aa-notify -p if you need a different $DISPLAY) You can also start aa-notify after running "su", but then you have to specify your username: su # check that $HOME and $DISPLAY point to $YOUR_USERNAME's values aa-notify -p -u $YOUR_USERNAME Regards, Christian Boltz -- [...] dabei habe ich extra mutt benutzt! :-) Taugt wohl auch nichts, das Teil... *duck + renn* [Thomas Hertweck in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Christian Boltz wrote:
Short HowTo to get aa-notify working:
- edit /etc/apparmor/notify.conf and change "use_group=" to a group where your user is a member - "users" will of course work, but you might want to create a separate group or use the "trusted" group. (If you are not a member of the specified group, aa-notify will abort with "ERROR: '$user' must be in '$specified_group' group. Aborting".)
- optional, but useful (especially if you want aa-notify autostarted at login): setup sudo to allow running aa-notify without entering the root password (using visudo or the YaST2 sudo module)
- start aa-notify using sudo:
sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p
This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-(
IOW aa-notify is either broken by design or not meant to be run as user. A better solution would be to have a dbus system service that can read the audit log or even subscribe to events directly. The UI would run in the user's session and connect to that system service. To restrict who can read the events policykit can be used. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hello, on Montag, 26. September 2011, Ludwig Nussel wrote:
Christian Boltz wrote:
- start aa-notify using sudo: sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p
For the records: at least HOME=... isn't needed anymore - the upstream version (post-2.7beta2) now sets $HOME correctly.
This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-(
IOW aa-notify is either broken by design or not meant to be run as user.
I'm not sure about your first option ;-)) but I'm sure the second one doesn't apply. aa-notify must be started as root (to be able to read audit.log) and then drops the privileges to the user (which is autodetected from the $SUDO_* environment variables when started with sudo) to display the notifications. Well, to be exact: aa-notify sets its EUID/EGID to the user, switches back to root once per second to check audit.log for changes, and back to the user afterwards and displays a notification if needed. That's still simplified, but you should get the picture. The interesting part is that it works with sudo on Ubuntu out of the box. They seem to use a less strict configuration that doesn't remove most of the environment variables - for example, $HOME isn't changed to /root on Ubuntu, and $DISPLAY isn't removed - see "sudo env" results from Ubuntu on http://paste.opensuse.org/70652816. This is probably a compile-time config option because using a known- working /etc/sudoers from Ubuntu didn't make it work on my openSUSE 11.4 system. In other words, it's the usual problem: everything works until I test it. Then I find a bug, find another bug, and then it tends to explode... ;-)
A better solution would be to have a dbus system service that can read the audit log or even subscribe to events directly. The UI would run in the user's session and connect to that system service. To restrict who can read the events policykit can be used.
I don't know much about dbus and policykit, but your idea sounds good. Unfortunately it also sounds like it would require a (complete?) rewrite of aa-notify, which will need some time... Regards, Christian Boltz -- Bei etwas größeren Dingen mit 6stelligem Budget kommt gern mal "plötzlich" ein Onlineshop dazu. Oder ein Ticketsystem. So ganz von alleine. Gucki, ich bin eine kleine Kundenidee - ist das viel Arbeit? ;) [Ratti in suse-linux] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 27/09/11 00:38, Christian Boltz wrote:
Hello,
on Montag, 26. September 2011, Ludwig Nussel wrote:
Christian Boltz wrote:
- start aa-notify using sudo: sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p For the records: at least HOME=... isn't needed anymore - the upstream version (post-2.7beta2) now sets $HOME correctly.
This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-( IOW aa-notify is either broken by design or not meant to be run as user. I'm not sure about your first option ;-)) but I'm sure the second one doesn't apply.
aa-notify must be started as root (to be able to read audit.log) and then drops the privileges to the user (which is autodetected from the $SUDO_* environment variables when started with sudo) to display the notifications.
Well, to be exact: aa-notify sets its EUID/EGID to the user, switches back to root once per second to check audit.log for changes, and back to the user afterwards and displays a notification if needed. That's still simplified, but you should get the picture.
Couldn't this be done with setuid binary (+ restricted to trusted users execute permissions obviously) instead? It seems that would be the more typical solution compared to relying on sudo (which not everyone uses) and requiring a special config.
<snip> Christian Boltz
Regards, Tejas -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Tue, Sep 27, 2011 at 1:38 AM, Christian Boltz <opensuse@cboltz.de> wrote:
The interesting part is that it works with sudo on Ubuntu out of the box. They seem to use a less strict configuration that doesn't remove most of the environment variables - for example, $HOME isn't changed to /root on Ubuntu, and $DISPLAY isn't removed - see "sudo env" results from Ubuntu on http://paste.opensuse.org/70652816. This is probably a compile-time config option because using a known- working /etc/sudoers from Ubuntu didn't make it work on my openSUSE 11.4 system.
Actually, for the X issue, it's how openSUSE handles X authorization. Debian uses a less strict method that works without some extra environment variables that have to be added to the list of variables to preserve. sudo can be "fixed" in openSUSE, by adding the required variables to that list. Although there are warnings about potential security issues when doing so. I bet that's why openSUSE comes with those variables removed. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On 09/26/2011 04:38 PM, Christian Boltz wrote:
Hello,
on Montag, 26. September 2011, Ludwig Nussel wrote:
Christian Boltz wrote:
- start aa-notify using sudo: sudo HOME="$HOME" DISPLAY="$DISPLAY" /usr/sbin/aa-notify -p
For the records: at least HOME=... isn't needed anymore - the upstream version (post-2.7beta2) now sets $HOME correctly.
This is also where I found the bug mentioned above - sudo drops lots of environment variables for security reasons. In practise, it drops too many of them and breaks aa-notify :-(
IOW aa-notify is either broken by design or not meant to be run as user.
I'm not sure about your first option ;-)) but I'm sure the second one doesn't apply.
aa-notify must be started as root (to be able to read audit.log) and then drops the privileges to the user (which is autodetected from the $SUDO_* environment variables when started with sudo) to display the notifications.
Well, to be exact: aa-notify sets its EUID/EGID to the user, switches back to root once per second to check audit.log for changes, and back to the user afterwards and displays a notification if needed. That's still simplified, but you should get the picture.
The interesting part is that it works with sudo on Ubuntu out of the box. They seem to use a less strict configuration that doesn't remove most of the environment variables - for example, $HOME isn't changed to /root on Ubuntu, and $DISPLAY isn't removed - see "sudo env" results from Ubuntu on http://paste.opensuse.org/70652816. This is probably a compile-time config option because using a known- working /etc/sudoers from Ubuntu didn't make it work on my openSUSE 11.4 system.
In other words, it's the usual problem: everything works until I test it. Then I find a bug, find another bug, and then it tends to explode... ;-)
A better solution would be to have a dbus system service that can read the audit log or even subscribe to events directly. The UI would run in the user's session and connect to that system service. To restrict who can read the events policykit can be used.
I don't know much about dbus and policykit, but your idea sounds good.
Unfortunately it also sounds like it would require a (complete?) rewrite of aa-notify, which will need some time...
Not a complete rewrite, just a few fn's to add a new source, and any of the bits around it. This is already done for audit and syslog, and push based alternatives are planned but they won't happen for this release. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am 20.09.11, 01:01 -0700 schrieb Roger Luedecke:
I wanted to start off my openSUSE blog with the latest release. I'll rehash the ones I have heard. Emphasis on KDE since I NEVER use Gnome.
AppArmor notifier (aanotify?) systemD Grub2 Plymouth? Kernel 3.1? CDEmu with menu extensions for mounting ISO etc.
Oyranos CMS, a Colour Management System, is new in 12.1 with its Kolor Manager front end integrated into the KDE systemsettings. kind regards Kai-Uwe Behrmann -- developing for colour management oyranos-cms.blogspot.com oy@freenode#openicc -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (16)
-
Andreas Jaeger -
Christian Boltz -
Claudio Freire -
doiggl@velocitynet.com.au -
Duncan Mac-Vicar P. -
Frederic Crozat -
Ismail Donmez -
John Johansen -
Kai-Uwe Behrmann -
Kim Leyendecker -
Lars Müller -
Ludwig Nussel -
Roger Luedecke -
Sascha Peilicke -
Tejas Guruswamy -
Togan Muftuoglu