2010-05-24 20:56:27

Putting the fun in funionfs

Since a lot of the world still evolves around PHP, and a friend of mine asked me to host a PHP based blog, I was confronted with a typical PHP application which, like all typical PHP applications, enjoys heavily writing to its installation directory and keeping its own configuration there.

Being the automation freak I am, I rolled an RPM package of the PHP application which installs it into /usr/share. Then, a Puppet rule creates an Apache vhost in /home/www and union mounts the shared installation into htdocs, with a vhost subdirectory named confdata as read-write layer.

It turned out I had better used NetBSD for the task. The only unionfs implementation available in CentOS 5.5 is fuse based and called funionfs. However, funionfs doesn't support SElinux contexts, so everything ends up in the context fusefs_t, leaving it inaccessible to Apache. A small SElinux module fixed that:

module serendipity 1.0;

require {
    type httpd_t;
    type fusefs_t;
    class lnk_file read;
    class dir { read write remove_name getattr create search add_name };
    class file { read write getattr create setattr rename };
}

#============= httpd_t ==============
allow httpd_t fusefs_t:dir { read write remove_name getattr create search add_name };
allow httpd_t fusefs_t:file { read write getattr create setattr rename };
allow httpd_t fusefs_t:lnk_file read;

This might not be the most secure solution but nothing other than Apache runs on this VM anyway, so I didn't care enough. It's still better than turning off SElinux entirely.

In order to allow the software to access the database, I had to flip another SElinux switch:

httpd_can_network_connect_db --> on

Now things almost worked. However, installing templates via the web interface does not, so I went on to investigate:

% cd /home/www/s9y.zrh.internetputzen.com/htdocs/templates
% mkdir test
mkdir: cannot create directory `test': No such file or directory
% ls -ld test
ls: test: No such file or directory
% touch test
touch: setting times of `test': File exists
% ls -ld test
-rw-r--r-- 1 root root 0 May 24 20:49 test
% rm test

It's impossible to create directories in the funionfs. Apparently it's some kind of bug. Creating the template in confdir worked but it means the web interface is not working.

Looking forward to aufs2 in later versions of CentOS.


Posted by Tonnerre Lombard | Permanent link | File under: broken

2010-03-10 14:28:40

RPM package for Nanoblogger and preparing a new package repository

Since I was searching for my nanoblogger RPM or .spec file for the third time now, I decided that now that I'm leaving SyGroup it's time to move my software development and packages to a well-defined place. As I recently saw the domain young-solutions.ch and as I'm the owner of ancient-one.ch, I figured it would be a nice fit to put it all on ancient-solutions.ch.

If you're expecting content there yet, you're a tad too early. The idea is merely a sketch at this point. So far my plans comprise an installation of Gitorious so I can migrate my projects away from Github to my own hosted place. Of course, bsdprojects.net was meant for this initially, but it's less private.

The current idea of the domain looks as follows:

Host Content
www.ancient-solutions.ch A small web site describing the whole thing, with links to the other subsites; or maybe the gitorious site?
blog.ancient-solutions.ch A blog with progress information
git.ancient-solutions.ch The git repositories with a gitweb for everyone to see
bcollect.ancient-solutions.ch A short web site (wiki?) about bcollect
clib.ancient-solutions.ch A short web site (wiki?) about clib
rpm.ancient-solutions.ch RPM package repositories
deb.ancient-solutions.ch Debian package repositories

The spec files etc. would eventually end up on git.ancient-solutions.ch.

Anybody got a cthulhu logo?


Posted by Tonnerre Lombard | Permanent link | File under: free_software, programming

2010-03-10 13:46:55

End of an USB stick

Yesterday and today I tried using an USB stick as a medium for installing Fedora 13 on my netbook (a HP Mini 110). In the course, I discovered a bug in liveusb-creator which appears to umount the target file system (type vfat) properly before running syslinux in order to install the boot code. As syslinux also scribbles on the device, the result is a botched file system.

Thinking I had found the cause of my problems, I went on to create my own bootable USB stick — unsuccessfully of course. The /boot partition, which is located at the beginning of the device, always remounted itself read-only when I tried to install the kernel or grub. Sometimes it even showed up as read-write in /proc/mounts, yet it wasn't writable. So I started looking for SElinux context problems — none.

Attempting to set an explicit SElinux context for the /boot partition upon mounting, I unmounted the /boot partition, only to get some terrible notifications in my dmesg:

 Mar 10 11:51:54 methusalix kernel: ext3_abort called.
 Mar 10 11:51:54 methusalix kernel: EXT3-fs error (device sdb1): ext3_put_super: Couldn't clean up the journal

Yet somehow, it was unmounted. I tried to mount the partition again, which yielded:

 Mar 10 11:56:24 methusalix kernel: journal_bmap: journal block not found at offset 12 on sdb1
 Mar 10 11:56:24 methusalix kernel: Aborting journal on device sdb1.
 Mar 10 11:56:25 methusalix kernel: __journal_remove_journal_head: freeing b_committed_data
 Mar 10 11:56:41 methusalix kernel: ext3_abort called.
 Mar 10 11:56:41 methusalix kernel: EXT3-fs error (device sdb1): ext3_journal_start_sb: Detected aborted journal

In the end, the file system was not mounted. Great. So I ran a file system check, which crashed with ”Too many errors in inode …“

So my next idea was to run badblocks, so I tried to umount the root partition of the new system on the stick, and got some more nice kernel messages:

 Mar 10 11:57:01 methusalix kernel: EXT4-fs error (device sdb2): ext4_mb_generate_buddy: EXT4-fs: group 0: 6936 blocks in bitmap, 7095 in gd
 Mar 10 11:57:01 methusalix kernel: JBD: Spotted dirty metadata buffer (dev = sdb2, blocknr = 0). There's a risk of filesystem corruption in case of system crash.
 Mar 10 11:57:01 methusalix kernel: JBD: Spotted dirty metadata buffer (dev = sdb2, blocknr = 0). There's a risk of filesystem corruption in case of system crash.

Mount returned ”umount: /mnt: device is busy.“ although lsof did not reveal any users of the file system. All I could do at this point was to reboot and run badblocks thereafter. After running for approximately 1 ½ hours, it finally displayed:

 3921914
 3921915
 3921916
 3921917
 3921918
 3921919
 done                                
 Pass completed, 798052 bad blocks found.
 tonnerre@methusalix:~% 

I don't think there's any rescue for this USB stick.


Posted by Tonnerre Lombard | Permanent link | File under: hardware

2010-03-04 20:33:22

Poor nobody

Login name: nobody                      In real life: Nobody
Directory: /nonexistent                 Shell: /sbin/nologin
Never logged in.
No Mail.
No Plan.
No Future.
No Past.
No Hope.

(Thanks to salo for this nice one)


Posted by Tonnerre Lombard | Permanent link

2009-09-26 00:54:29

Ubuntus Frequently Unanswered Questions

In a FAQ (Frequently Answered Questions), people usually expect answers to the questions they might ask. Ubuntu is taking things to a new level there and simply repeats the question, adding a new one in the end:

Question: Ubuntu One Client FAQ #588: "My Account says that I have had an account for x months. What does this mean?"

Answer: The My Account page says that I have had an account for x months. This is confusing. What does it mean? Does this represent the age of my subscription?

Source

Thanks for clarifying, Matt Griffin!


Posted by Tonnerre Lombard | Permanent link | File under: free_software