From martyn at theendofhistether.org.uk  Thu May 17 19:35:40 2007
From: martyn at theendofhistether.org.uk (Martyn)
Date: Fri, 18 May 2007 03:35:40 +0100
Subject: [cAos] cAos2 eurepo gets MPlayer!
Message-ID: <464D10FC.5040803@theendofhistether.org.uk>

Hi guys,

  I know there's been a long silence on the topic, but cAos2's eurepo 
(www.eurepo.co.uk) is slowly starting to take shape.

Currently we have the following packages in -current (which I believe is 
mainly built against cAos-2's -testing repo)

    * dvdauthor 0.6.11
    * k9copy 1.1.0
    * lame 3.96.1 (+devel)
    * vamps 0.99.2
    * vobcopy 1.0.1

The -testing repository also has mplayer and it's associated 
dependencies.  MPlayer is happy to run without them so it doesn't 
require them - only if you require the output and input forms they 
provide should you install them.  I've also packaged up the codecs so 
there's mplayer-codecs-essential and the superset mplayer-codecs-all.

As it says on the website, we're getting there slowly, none of this is 
fully tested, we're just getting things together so this is early 
release stuff.  But at least we can now have MPlayer and OpenVPN on the 
same machine now!  (dag's mplayer is built against lzo1 and our openvpn 
against our lzo2).

A BIG thankyou to Dag, a lot of this stuff is simply rebuilds of his 
srpms, with a few from fedora-extras.

--
Martyn (Joran)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.infiscale.org/pipermail/caos/attachments/20070518/dd9b703d/attachment.html 

From slaton at berkeley.edu  Wed May 30 14:43:54 2007
From: slaton at berkeley.edu (slaton)
Date: Wed, 30 May 2007 14:43:54 -0700 (PDT)
Subject: [cAos] ps: how to see process table for all users? (grsecurity?)
Message-ID: <Pine.LNX.4.64.0705301443220.14686@toro.berkeley.edu>

sent on behalf of Susan James <sjames at lbl.gov>

*****

Hello

I'm using a 2.6.17.11-103.caos kernel on a Warewulf-2.6 cluster.

I would like users to be able to see all the user processes on all nodes 
with the 'wwps' tool from master node.  Out of the box 'wwps' will only 
allow users to see their own processes on nodes, and the same applies to 
'ps' on master node. The Warewulf list suggested that this is a Caos 
kernel, grsecurity thing. I have SELinux turned off.

Can anyone let me know how I can get wwps(and ps) to display all user 
processes?


thanks in advance,
Susan


From mej at caoslinux.org  Wed May 30 15:28:33 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Wed, 30 May 2007 18:28:33 -0400
Subject: [cAos] ps: how to see process table for all users? (grsecurity?)
In-Reply-To: <Pine.LNX.4.64.0705301443220.14686@toro.berkeley.edu>
References: <Pine.LNX.4.64.0705301443220.14686@toro.berkeley.edu>
Message-ID: <20070530222833.GA27520@kainx.org>

On Wednesday, 30 May 2007, at 14:43:54 (-0700),
Susan James wrote:

> I'm using a 2.6.17.11-103.caos kernel on a Warewulf-2.6 cluster.
> 
> I would like users to be able to see all the user processes on all
> nodes with the 'wwps' tool from master node.  Out of the box 'wwps'
> will only allow users to see their own processes on nodes, and the
> same applies to 'ps' on master node. The Warewulf list suggested
> that this is a Caos kernel, grsecurity thing. I have SELinux turned
> off.
> 
> Can anyone let me know how I can get wwps(and ps) to display all
> user processes?

Yes, this is a security feature of grsecurity and the caos kernel.
It's currently set up such that any user who is a member of the group
with GID 109 can see all user processes, so the easiest solution would
be to put all users in that same group.

However, be aware that GID 109 was chosen because it's the "sweep"
group, so make sure you don't install the sweep package on those
systems if you do choose that solution. :)

The only other solution I know of would be to recompile the kernel;
unfortunately the grsec patch does not have a /proc entry for that
setting AFAICT.

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "What's so sacred about programming code?"  "It's the only sacred
  thing there is, Dennis, alright?  It's the only thing that I have
  to depend on.  It is binary, it is pure, and you almost trashed it."
               -- Mark-Paul Gosselaar and Chaka Forman, "Hyperion Bay"


From slaton at berkeley.edu  Thu May 31 14:58:55 2007
From: slaton at berkeley.edu (slaton)
Date: Thu, 31 May 2007 14:58:55 -0700 (PDT)
Subject: [cAos] ps: how to see process table for all users? (grsecurity?)
In-Reply-To: <20070530222833.GA27520@kainx.org>
References: <Pine.LNX.4.64.0705301443220.14686@toro.berkeley.edu>
	<20070530222833.GA27520@kainx.org>
Message-ID: <Pine.LNX.4.64.0705311451550.1143@toro.berkeley.edu>

Michael,

Thanks for the scoop on this. Curiously enough, the GID 109 hack only 
works on my i686 boxes. It has no effect on my x86_64 boxes. Any ideas?

grazie
slaton

Slaton Lipscomb
Nogales Lab, Howard Hughes Medical Institute
http://cryoem.berkeley.edu

On Wed, 30 May 2007, Michael Jennings wrote:

> On Wednesday, 30 May 2007, at 14:43:54 (-0700),
> Susan James wrote:
> 
> > I'm using a 2.6.17.11-103.caos kernel on a Warewulf-2.6 cluster.
> > 
> > I would like users to be able to see all the user processes on all 
> > nodes with the 'wwps' tool from master node.  Out of the box 'wwps' 
> > will only allow users to see their own processes on nodes, and the 
> > same applies to 'ps' on master node. The Warewulf list suggested that 
> > this is a Caos kernel, grsecurity thing. I have SELinux turned off.
> > 
> > Can anyone let me know how I can get wwps(and ps) to display all user 
> > processes?
> 
> Yes, this is a security feature of grsecurity and the caos kernel. It's 
> currently set up such that any user who is a member of the group with 
> GID 109 can see all user processes, so the easiest solution would be to 
> put all users in that same group.
> 
> However, be aware that GID 109 was chosen because it's the "sweep" 
> group, so make sure you don't install the sweep package on those systems 
> if you do choose that solution. :)
> 
> The only other solution I know of would be to recompile the kernel; 
> unfortunately the grsec patch does not have a /proc entry for that 
> setting AFAICT.
> 
> Michael


From mej at caoslinux.org  Thu May 31 15:02:19 2007
From: mej at caoslinux.org (Michael Jennings)
Date: Thu, 31 May 2007 18:02:19 -0400
Subject: [cAos] ps: how to see process table for all users? (grsecurity?)
In-Reply-To: <Pine.LNX.4.64.0705311451550.1143@toro.berkeley.edu>
References: <Pine.LNX.4.64.0705301443220.14686@toro.berkeley.edu>
	<20070530222833.GA27520@kainx.org>
	<Pine.LNX.4.64.0705311451550.1143@toro.berkeley.edu>
Message-ID: <20070531220218.GD27520@kainx.org>

On Thursday, 31 May 2007, at 14:58:55 (-0700),
slaton wrote:

> Thanks for the scoop on this. Curiously enough, the GID 109 hack
> only works on my i686 boxes. It has no effect on my x86_64
> boxes. Any ideas?

Sounds like an error in the grsec patch.  Unfortunately I lack x86_64
hardware. :(

Michael

-- 
Michael Jennings (a.k.a. KainX)  http://www.kainx.org/  <mej at kainx.org>
n + 1, Inc., http://www.nplus1.net/       Author, Eterm (www.eterm.org)
-----------------------------------------------------------------------
 "It takes more than your saline eyes to make things right."
                                        -- Jars of Clay, "Crazy Times"