search for: confined

Hello, I''m having some trouble. I keep getting the following warnings when trying to run: $ puppet master --no-daemonize /usr/local/build/puppet-bundle/vendor/gems/ruby/1.9.1/gems/ puppet-2.7.12/lib/puppet/external/pson/pure.rb:7:in `<module:PSON>'': iconv will be deprecated in the future, use String#encode instead. Could not load confine test

Hi while writing facts I heavily use confines to avoid that facts get loaded where they shouldn''t. However I didn''t yet find out how I can add a multiple decision to a confine. so normally I have confine :kernel => :linux but what when kernel can be linux or sunos? just add 2 confines? or can I nest them? something like confine :kernel => :linux||:sunos would be nice.

Hey all. I am trying to set up puppet for the first time and I am having the following issues. On the client when I run it I get this error. Running puppet agent it should configure itself now /usr/local/lib/ruby/gems/1.9.1/gems/facter-1.6.3/lib/facter/util/config.rb:7: Use RbConfig instead of obsolete and deprecated Config. /usr/local/lib/ruby/1.9.1/rubygems/custom_require.rb:36:in

Hello, I''m new to puppet and facter. Initially we are planning on using facter/puppet to inventory machines (Mac, Ubuntu, and RHEL). We plan on writing a number of custom facts. Obviouly some of the facts will only be specific to some OSs. I know there is a "confine" method, but it confuses me. It seems the confine statement in some of the recipes and in the Turnbull book is

Hello all, I am developing a few custom providers for some features that I need into my system (such as dealing with different zipped files or generating some JSON data based on OS files) and I have hit into a question about "how to do this for multiple OS?" Lets focus into the zipped file provider that should provide a common method to pack or unpack zipped files (tar, tar.gz,

Moat of the advanced persistent threats (APT) are initiated via e-mail. Opening an attachment or clicking on a web link starts the process. Why isn't Firefox and Evolution confined with SELinux policy in a way that APT can't damage the rest of the system? Why are we not sandboxing these two apps with SELinux? I've discovered some guidance for sandboxing Firefox using the 'sandbox' command. Once I test it a bit, I'll post the results back here. Seems to...

Hello all, I would like to fit a mixture model whose components are normal distributions confined in a closed interval. Since there are already several packages for EM, I would like to extend one of these instead of writing a new script from scratch. What would be the best way to customize such an existing package for doing that? Which one is the best in terms of extensibility? (e.g mixtool...

Thomas, Special thanks for the dragdrop library. I consider your javascript abilities quite superior to my own, in fact I''m just setting out on a quest to master javascript, I found your library the other night and started hacking away on my app. I replaced a dom-drag.js library I was using before with yours since it integrated with prototype better, and appears to be better coded.

Quick and dirty: --- lib/facter.rb (revision 203) +++ lib/facter.rb (working copy) @@ -989,6 +989,18 @@ %x{/usr/sbin/scutil --get LocalHostName} end end + Facter.add(:interfaces) do + confine :kernel => :linux + setcode do + %x{/sbin/ifconfig -a -s}.split($/)[1..-1].collect {|line|

Bunch of weird stuff after a power failure here this morning. One of my virtual servers, managed through puppet, seems to not be talking to the master any more. And I can''t get it to reconnect. I did puppetca --clean on the master, cleaned off certs on the client, started puppetd manually on the client, and got this: sh-3.2# rm -rf /var/lib/puppet/ssl/ sh-3.2# puppetd --server

Hi, I've added R_init_data_table to the "data.table" package (which has a dot in its name). This works well in R 2.15.0, because of this from the Writing R Extensions manual : " Note that there are some implicit restrictions on this mechanism as the basename of the DLL needs to be both a valid file name and valid as part of a C entry point (e.g. it cannot contain ?.?): for

Een ingesloten tekst met niet-gespecificeerde tekenset is gescrubt ... Naam: niet beschikbaar URL: <https://stat.ethz.ch/pipermail/r-help/attachments/20080916/2d0f3a45/attachment.pl>

Hi all, I'm using a tinc 1.0.19 (from Debian Squeeze) setup with some nodes connecting to a "server" node which has "StrictSubnets = yes". Whenever a new node is added to the mesh, a process generates and drops its host file in the server's host directory before the node is booted and tries to connect. For instance, I create a node "node_2" and a host file

...hat said, I'm wondering if this isn't more of a bug or a need to adjust the selinux policy packages to allow the functionality. The user story is this: Gnome3 user wants to burn a CD/DVD. The system is selinux enforcing, selinux boolean cdrecord_read_content is set to on, and the user is confined to staff_u. When the user runs Brasero to burn a disk, the burn operation fails. /var/log/audit/audit.log contains the following: type=AVC msg=audit(1556724762.446:1133340): avc: denied { read } for pid=8296 comm="growisofs" name="devices" dev="proc" ino=402653222...

...seems to require that the root directory > be > owned by root and not group or world writable, so I think, no, not > unless you make local source changes. Yes, you are right. The chroot directory can not be writable. We were there once and they called it CVE-2009-2904. In short, if the confined user has write access to the chroot directory, there are ways how to get out, gain privileges and or do other nasty things. You should not do that. If you aim for the end-user comfort that he does not have to change directory before uploading/downloading files, there is -d switch to the sftp-serv...

When does echo 0 > /selinux/inforce need to be used? I.e., where is selinux enforcing itself on the system to protect it? When I do yum install of some package, it seems to work (not being blocked). When would doing something not work because selinux is watching it (or whatever that process is doing)? Thanks, -wes

...alar opts; they do not optimize > vector operations and will not deal with SV either. > > 3. With builtins there are fewer places to pay attention to, > as most of the compiler is already dealing with builtins in > a neutral way. > > 4. The builtin approach is more targeted and confined: it allows > to amend one optimizer at a time. > In the alternative of changing the IR, one has to touch all the > passes in the initial implementation. Interestingly, with similar considerations, I've come to the opposite conclusion. While in theory the intrinsics and opaque types a...

Hi puppet masters, while working on my site I came across a requirement that might be helpful for others as well.... With the aim of confining human errors as much as possible, I thought that it would be nice to have yum repositories disabled so that specific repositories could be enabled for certain packages. This is easily implementable via command-line, but I found that the

...do this is to make all C IO calls that need OS > specific hacks go into the compatibility module. Eg for open() > calls: > > int _flac_open(....){ #if win32 ... #else if os2 ... #else ... > [generic call to open() without hacks] #endif } > > All those ifdefs will at least be confined rather than spread out > through the code. I did it plibc-style: in compat.h: #if defined(_WIN32) #define FOPEN grabbag__fopen_utf8_wrapper #else #define FOPEN fopen #endif in grabbag: #if defined(_WIN32) <implement grabbag__fopen_utf8_wrapper, which has the same signature as fopen, but do...

...;modules" are rails, most are still python, including the reporting side of things. Any suggestions? I have used FOP in the past and there is no way it''s powerful enough for some of the things we do. In some synarios, we really had to push the limits of ReportLab (and sometimes confined by them). Thanks! Jeremy