FacadeFS: A FUSE-based filesystem sandbox. [TESTERS NEEDED]

Info page: http://xyne.archlinux.ca/info/facadefs
This is a result of this thread. There's not much point in explaining it here. Just jump directly to the man page for a description. The rest of this post assumes that you've read the info.
I've tested several things so far but I've probably missed a lot. The python-fuse documentation is sketchy at best. I could use some testers to play around with facadefs to see if any errors show up. Use the "-d" option to get debugging information from fuse itself. That will contain Python errors from facadefs.
I would also like people to try setting up different types of system sandboxes and then try to break out of them. I don't know enough about breaking out of chroot jails or manipulating namespaces and mounts to know how secure this is. One setup that seems appealing is this:
facadefs / /tmp/cache /tmp/mount -o allow_other -c /tmp/config
sudo chroot /tmp/mount
su <non-privileged user>
In this case, /tmp/config can be used to tweak the system (permissions, file access, etc). From what I've read about breaking out of chroot jails, you seem to need root privileges. I'd like to know if it's possible to prevent that with this setup.
Even if that setup isn't completely secure against malicious code, it should work well for testing things out, including installing anything you want on your system to give a live preview. The added bonus is that all modified files can be found in the cache (including new ones). It should be trivial to package anything by adding the right .PKGINFO file to the cache and archiving it. This might be useful for packages like SAGE which require building in the post_install function.
If this turns out to be useful, I'll try to rewrite it in C to make it faster.
Anyway, sorry for babbling. I've just finished coding and am in a rush right now. I'll clean this post up later.
*edit*
Considering what this does I've tried to make the code very clear by using self-explanatory names and lots of comments. As long as you don't use the [live] section of the configuration file, it should never touch anything inside the base filesystem. Obviously I guarantee nothing, but I generally try to be very careful with such things.
Last edited by Xyne (2009-09-27 06:36:09)

Okay I did a little testing with this.
I tried two different methods...
$ facadefs / /tmp/cache /tmp/mount -o allow_other
$ sudo chroot --userspec=myuser:myuser /tmp/mount
$ firefox
and
$ sudo facadefs / /tmp/cache /tmp/mount -o allow_other
$ sudo chroot /tmp/mount
$ su myuser
$ firefox
In both cases facadefs seemed to be working as far as the folders I could access in the shell.  However, firefox reported this error in a pop-up on startup:
Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking
for ORBit, or you have stale NFS locks due to a system crash. See http://projects.gnome.org/gconf/ for
information. (Details - 1: Failed to get connection to session: /usr/bin/dbus-launch terminated abnormally
without any error message)
Also, Firefox started with a fresh profile, as if it couldn't read /home/*/.mozilla.  Later when I unmounted /tmp/mount, /tmp/cache contained a new /home folder with a new .mozilla folder, including a new default profile (different in name from my actual one).  So it would appear that Firefox is not reading the files provided by fuse, but it does write files to the cache.  I was able to access the web in firefox.
When I su myuser and run firefox without facadefs involved, it works normally.  From what I could tell it didn't appear to be an environment variable issue, especially since Firefox wrote to /mnt/cache/home/myuser/.mozilla (so it knew the username and its home folder).
Also, I got the same results if I added a config file with:
[live]
/home/myuser/.mozilla
I also experimented with the configuration file, trying to limit what folders were visible.  This worked to an extent.  I strongly suggest adding an "[associate]" section which takes precedence over "[dissociate]".  Otherwise it is very difficult to, for example, let Firefox see only ~/.mozilla.  IOW I would like to specify what folders ARE associated rather than what folders are not.  Also, I tried this:
[dissociate]
regex:/home/.*/[^\.]
which worked as expected - only folders and files beginning with "." were visible.  However, this...
[dissociate]
regex:/home/.*/[^\.]
regex:/home/.*/\.[^m]
did not work as expected - all of /home/*/ was empty.  So it doesn't appear the regex code is working properly, unless I misunderstand something (which wouldn't be a first!)
I would like something like this:
[dissociate]
[associate]
/home/myuser/.mozilla
/bin
/etc
/usr
/lib
/var/lib
Also, it seems impossible to effectively dissociate /etc since you then can't use su.  An option to dissociate all of /etc except the files needed by su would be helpful - or this could be done using [associate] as I suggested.
So appears Firefox can be sandboxed with the current facadefs, except you will start with a blank configuration.
I still hope to use such a system as a universal packaging tool because it would enable the user to install absolutely anything in the chroot, then simply turn the cache into a package*. With the proper settings and some sort of network interception to prevent malicious code from calling home, it would make the build process simple and secure.
That sounds useful too.  I think this can also be a good sandboxing tool for apps.  I am not fond of fuse in general though, especially with what I've read on its security problems.  A non-fuse solution would be preferable (and I think some of your problems may stem from fuse).  It could be pacman isn't working for the same reason Firefox isn't?  Seems like you're pretty close to the functionality you want.
Edit:  Just after submitting that it occurred to me that sudo might be causing a problem.  So I tried it from root without sudo and now firefox seems to be working...  still testing.  Update: Never mind...  I was fooled because I had another firefox session open when I ran firefox.  Using root directly seems to work the same as sudo.
Last edited by IgnorantGuru (2010-01-28 21:47:07)

Similar Messages

  • I PAD 2 TESTERS NEEDED; IS THIS FOR REAL?

    IS ALL THIS I PAD 2 TESTERS NEEDED FOR REAL?

    Umm, little more information please?  Testing of what (an app, a case, a cover, a mobile solar charger - what are you being asked to test)?  By whom?  Who sent you the request to test something, or where did you see it?
    P.S. If it is Apple asking you to help them beta test some software, they do email people (using the email address registered with their AppleID) and the email will be pretty self explanatory.

  • SECURITY sandbox workaround needed

    we are building an application for our partners, where
    together with web based applications, we will need to show very big
    video files. These video files will not be updated ever.
    In order to 1. provide a better experience with download time
    delay 2. save on bandwidth,
    we are tying to build a hybrid application, where remote SWF
    (web) make use of local video resources (local FS).
    we know that a web hosted SWF cannot access local resources
    by default,
    as described in:
    http://www.adobe.com/devnet/flash/ar..._security.html
    I am however confused about the content of this article,
    regarding interaction between a REMOTE SWF and a LOCAL TRUSTED ONE.
    According to page 5:
    “... the first rule—that remote SWFs cannot load
    local SWFs—is absolute. "
    so apparently it is just not possible
    however, on page 7, figure 7, it's shown how we can set
    permission to remote swf to interact with local trusted files.
    we tried as in figure 7, but still doesn't work.
    so, apparently these 2 statements (page 5- 7) are
    conflicting.
    which one is right?
    we will ask our partner to install softwares on their
    computer anyway, so if it's possible to set permissions trough a
    custom installation, we can do.
    thank you!

    i have tried several combinations but couldn't get
    success now it is scaring me so finally i want to see
    it working and to see where was i wrong?
    now in such consition plz don't send me such comments i am
    already frustated, that's why i asked only for code
    if you wan to help me please do it
    any effort to help me 'll be highly appreciated!
    sparya

  • Obmenugen next version (v0.5): beta-testers needed

    Hi everybody:
    It's been a long time since last obmenugen release. Sorry about that, I've been very busy.
    I need everybody out there using (or not) obmenugen to help me making the next version the best ever. I have ported to D 1.0 (from 2.0), thus it's posible to build it easily using dmd and libphobos from community. No more need to distribute it as a binary. I've also fixed some bugs reported in lauchpad project's bugtracker.
    I consider this the most important release of obmenugen from 0.1, so, help me to test it before the final release.
    Sources: http://www.pvr-online.me/obmenugen-0.5-r68.tar.bz2
    # Contributor: Pável Varela Rodríguez [NeOnsKuLL] <[email protected]>
    pkgname=obmenugen
    pkgver=0.5
    pkgrel=1
    _serie=0.5
    _pkgrev=68
    pkgdesc="Menu generator for Openbox3, based on .desktop files"
    url="https://launchpad.net/obmenugen"
    arch=('i686' 'x86_64')
    license=('GPL')
    depends=(openbox)
    conflicts=(obmenugen-bin)
    makedepends=(dmd libphobos txt2tags)
    options=('!strip' 'docs')
    source=(http://www.pvr-online.me/obmenugen-$pkgver-r$_pkgrev.tar.bz2)
    md5sums=(35a8ba59950a68e7ff13fe8f3c865257)
    [ "$CARCH" = "x86_64" ] && depends=(${depends[@]} lib32-glibc)
    build() {
    cd $srcdir/obmenugen-$pkgver-r$_pkgrev
    make || return 1
    make install PREFIX=$pkgdir/usr/ || return 1
    Hopefully I will receive a lot of feedback and release v0.5 about friday or so.
    See you and thanks in advance to all people out there who test obmenugen and helps me making it a good app.
    Last edited by NeOnsKuLL (2011-11-21 17:53:10)

    Yes, indeed, it's the same app, I'm the developer, but this thread is about a complete diferent topic: the new version, which cames with a lot of changes, not much at the interface level, but in the inside. Anyway, at the interface level, there are changes too.
    I'm not sure, probable you are the one to make me clear, but I think both threads are related, no more than that, 'cause is the same application, but in this thread I'm asking for beta-testers for this new version, for the matter that it cames with so much changes, the other thread is where I do inform the Arch community about releases.
    If you think this thread is not needed or redundant, just tell me, and I will move my posts to the other, then you could remove this.
    Thanks a lot

  • FUSE Preprocessing Filesystem

    EDIT: Updated code, does everything I need it to for now, still maybe a little unclean, but much better than it was.
    A while ago I was thinking up ways to pre-process files such as .Xdefaults when they were read, to allow per machine configs and other such things (I think it turns out that Xdefaults actually supports this anyway), and I thought the coolest way to do this would be to use a FUSE filesystem.
    Originally I was going to use the standard cpp program to handle the processing, but I've changed this to use gpp for the time being since it seems to work better for this kind of thing. You can have files with stuff like
    #if 0
    Not going to be printed
    #else
    This is printed
    #exec date
    #endif
    Compile with
    gcc -o prepfs prepfs.c -lfuse -D_FILE_OFFSET_BITS=64 -DFUSE_USE_VERSION=26
    Run with
    ./prepfs mountpoint -b basedir -pp preprocessor (eg, gpp -x "%s")
    Your mountpoint will simply mirror whatever basedir is set to, but run all files through the preprocessor before outputting them.
    prepfs.c
    PrepFS, by HashBox
    Modified from "Hello World" example, original notice below:
    FUSE: Filesystem in Userspace
    Copyright (C) 2001-2005 Miklos Szeredi <[email protected]>
    This program can be distributed under the terms of the GNU GPL.
    #include <fuse.h>
    #include <fuse/fuse_opt.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <stddef.h>
    #include <string.h>
    #include <dirent.h>
    struct options {
    char *base_dir;
    char *pp_path;
    } options;
    static struct fuse_opt prepfs_opts[] =
    { "-b %s", offsetof(struct options, base_dir), 0},
    { "-pp %s", offsetof(struct options, pp_path), 0}
    static char *get_extended_path(const char *path)
    char *extended_path = malloc(sizeof(char) * PATH_MAX + 1);
    extended_path[0] = '\0';
    strncat(extended_path, options.base_dir, PATH_MAX);
    strncat(extended_path, path, PATH_MAX);
    return extended_path;
    static int prepfs_getattr(const char *path, struct stat *stbuf)
    char *expath = get_extended_path(path);
    stat(expath, stbuf); /* Return unmodified stat, although filesize will be wrong */
    free(expath);
    return 0;
    static int prepfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler, off_t offset, struct fuse_file_info *fi)
    char *expath = get_extended_path(path);
    DIR *dirp = opendir(expath);
    free(expath);
    struct dirent *ent;
    while ((ent = readdir(dirp)) != NULL) {
    filler(buf, ent->d_name, NULL, 0);
    closedir(dirp);
    return 0;
    static int prepfs_read(const char *path, char *buf, size_t size, off_t offset, struct fuse_file_info *fi)
    char *expath = get_extended_path(path);
    char pp_temp[PATH_MAX + strlen(options.pp_path)];
    sprintf(pp_temp, options.pp_path, expath);
    free(expath);
    size = 0;
    FILE *fp = popen(pp_temp, "r");
    while (!feof(fp)) {
    fread(buf + size, sizeof(char), 1, fp);
    size += 1;
    pclose(fp);
    size -= 1;
    return size;
    static struct fuse_operations prepfs_oper = {
    .getattr = prepfs_getattr,
    .readdir = prepfs_readdir,
    .read = prepfs_read,
    int main(int argc, char *argv[])
    int ret;
    struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
    memset(&options, 0, sizeof(struct options));
    if (fuse_opt_parse(&args, &options, prepfs_opts, 0) == -1) {
    return -1;
    if (!options.base_dir || !options.pp_path) {
    fprintf(stderr, "Usage: %s mountpoint -b basedir -pp preprocessor (eg, gpp -x \"%%s\")\n", argv[0]);
    return -1;
    ret = fuse_main(args.argc, args.argv, &prepfs_oper, NULL);
    fuse_opt_free_args(&args);
    return ret;
    Last edited by HashBox (2009-06-29 09:18:57)

    EDIT: Updated code, does everything I need it to for now, still maybe a little unclean, but much better than it was.
    A while ago I was thinking up ways to pre-process files such as .Xdefaults when they were read, to allow per machine configs and other such things (I think it turns out that Xdefaults actually supports this anyway), and I thought the coolest way to do this would be to use a FUSE filesystem.
    Originally I was going to use the standard cpp program to handle the processing, but I've changed this to use gpp for the time being since it seems to work better for this kind of thing. You can have files with stuff like
    #if 0
    Not going to be printed
    #else
    This is printed
    #exec date
    #endif
    Compile with
    gcc -o prepfs prepfs.c -lfuse -D_FILE_OFFSET_BITS=64 -DFUSE_USE_VERSION=26
    Run with
    ./prepfs mountpoint -b basedir -pp preprocessor (eg, gpp -x "%s")
    Your mountpoint will simply mirror whatever basedir is set to, but run all files through the preprocessor before outputting them.
    prepfs.c
    PrepFS, by HashBox
    Modified from "Hello World" example, original notice below:
    FUSE: Filesystem in Userspace
    Copyright (C) 2001-2005 Miklos Szeredi <[email protected]>
    This program can be distributed under the terms of the GNU GPL.
    #include <fuse.h>
    #include <fuse/fuse_opt.h>
    #include <stdlib.h>
    #include <stdio.h>
    #include <stddef.h>
    #include <string.h>
    #include <dirent.h>
    struct options {
    char *base_dir;
    char *pp_path;
    } options;
    static struct fuse_opt prepfs_opts[] =
    { "-b %s", offsetof(struct options, base_dir), 0},
    { "-pp %s", offsetof(struct options, pp_path), 0}
    static char *get_extended_path(const char *path)
    char *extended_path = malloc(sizeof(char) * PATH_MAX + 1);
    extended_path[0] = '\0';
    strncat(extended_path, options.base_dir, PATH_MAX);
    strncat(extended_path, path, PATH_MAX);
    return extended_path;
    static int prepfs_getattr(const char *path, struct stat *stbuf)
    char *expath = get_extended_path(path);
    stat(expath, stbuf); /* Return unmodified stat, although filesize will be wrong */
    free(expath);
    return 0;
    static int prepfs_readdir(const char *path, void *buf, fuse_fill_dir_t filler, off_t offset, struct fuse_file_info *fi)
    char *expath = get_extended_path(path);
    DIR *dirp = opendir(expath);
    free(expath);
    struct dirent *ent;
    while ((ent = readdir(dirp)) != NULL) {
    filler(buf, ent->d_name, NULL, 0);
    closedir(dirp);
    return 0;
    static int prepfs_read(const char *path, char *buf, size_t size, off_t offset, struct fuse_file_info *fi)
    char *expath = get_extended_path(path);
    char pp_temp[PATH_MAX + strlen(options.pp_path)];
    sprintf(pp_temp, options.pp_path, expath);
    free(expath);
    size = 0;
    FILE *fp = popen(pp_temp, "r");
    while (!feof(fp)) {
    fread(buf + size, sizeof(char), 1, fp);
    size += 1;
    pclose(fp);
    size -= 1;
    return size;
    static struct fuse_operations prepfs_oper = {
    .getattr = prepfs_getattr,
    .readdir = prepfs_readdir,
    .read = prepfs_read,
    int main(int argc, char *argv[])
    int ret;
    struct fuse_args args = FUSE_ARGS_INIT(argc, argv);
    memset(&options, 0, sizeof(struct options));
    if (fuse_opt_parse(&args, &options, prepfs_opts, 0) == -1) {
    return -1;
    if (!options.base_dir || !options.pp_path) {
    fprintf(stderr, "Usage: %s mountpoint -b basedir -pp preprocessor (eg, gpp -x \"%%s\")\n", argv[0]);
    return -1;
    ret = fuse_main(args.argc, args.argv, &prepfs_oper, NULL);
    fuse_opt_free_args(&args);
    return ret;
    Last edited by HashBox (2009-06-29 09:18:57)

  • Compiz - GL_EXT_x11_sync_object support: testers needed

    Please see post below for details.
    Last edited by Chazza (2014-06-23 08:10:32)

    Okay. I fill in the details, since i am using this patch, have talked with it's author [from nvidia] and have also been in touch with some of the involved compiz devs
    Backstory: For months there has been a patch floating around for compiz that implements the GL_EXT_x11_sync_object extension [OpenGL] into compiz. This patch is intended to fix the nvidia refresh issue / possibly other rendering bugs experienced by nvidia users. [although, if using another driver that supports  GL_EXT_x11_sync_object, you would likely benefit too. It adds the ability to use X11 synchronization fences/objects in Compiz [ and nvidia supports this extension ]. The support is about "deep pipelining" not parallelism, the idea is that you have X number of syncs and by the time we fold back to the beginning Y number of syncs should be flushed and thus 'ready', which should avoid any stalling in compiz. As an aside; the mutter devs have also ported this to their framework.
    http://www.opengl.org/registry/specs/EX … object.txt
    OpenGL Specification wrote:
    Synchronization objects added the ability to better coordinate operations between multiple GL command streams. However, it is desirable to have the same level of coordination between GL command streams and external rendering APIs. This extension introduces two new concepts to build upon the synchronization infrastructure provided by ARB_sync:
    1) A means to import an X Synchronization Fence object into the GL and use it as a sync object.
    2) The concept of a reusable sync object.
    The latter is necessary because the import operation is expensive and performing it every time a synchronization point was reached would make the synchronization prohibitively slow.
    This extension stops short of allowing the GL to change the state of imported/reusable sync objects, but does not add any language that would prohibit such functionality from being added in a subsequent extension.
    Original LP bug report; https://bugs.launchpad.net/compiz/+bug/269904 ...
    Why hasn't this patch been integrated into Compiz???
    1). Nvidia released the code as MIT, But Canonical requires CLA for contributions [copyright assignment]. Nvidia wouldn't accept those terms.
    2). because of #1 - the patch hasn't really had a whole lot of testng / exposure, aside from a single ppa
    Now, since we are on Arch - the CLA/Ubuntu thing is not our problem, thus it would be nice to see to get this code into people's hands and tested. We can then report back issues, [hopefully] get any problems sorted out and possibly be able to carry/use the patch, regardless of Canonical not including it in Compiz. [although, having it tested might help it get into compiz/apply some pressure]. So that all being said, we need some testers
    TESTING:
    I'll provide a compiz package, based on compiz-core-bzr in AUR. Found here; https://www.dropbox.com/s/xryiqlozviwya … src.tar.gz (updated link/package)
    There are a few things tester will need to note: First, you will need to start compiz from the commandline for testing [ie: 'compiz --replace ccp' in terminal]
    1). I have debug/logging for this patch enabled by default. We need to be able to see if the patch is working or having problems. * but the logging may degrade performance. That being said, you can rebuild the package, without debugging, by commenting/uncommenting the correct patch;
    # msg "applying compiz-nvidia-refresh"
    # patch -Np1 -i "$srcdir/compiz-nvidia-refresh.patch"
    msg "applying compiz-nvidia-refresh_debug.patch - ** DEBUG BUILD - may degrade performance"
    patch -Np1 -i "$srcdir/compiz-nvidia-refresh_debug.patch"
    2). The number of x11 sync fences/objects is arbitrary, so it is possible, depending on setup that you may require more syncs. I have also dealt with this in the pkgbuild, via line 88;
    sed -i 's#NUM_X11_SYNCS = 10#NUM_X11_SYNCS = 16#' "${srcdir}/compiz-nvidia-refresh.patch"
    ...in the patch the default is 10. I have up'd it to 16. [so has the compiz dev in his package]. So, if you happen to get messages like this;
    compiz (opengl) - Info: Initializing sync objects
    compiz (opengl) - Warn: We should never wait for a sync -- add more syncs?
    compiz (opengl) - Error: Timed out waiting for sync object.
    compiz (opengl) - Info: Destroying sync objects
    compiz (opengl) - Info: Initializing sync objects
    compiz (opengl) - Error: glClientWaitSync failed
    compiz (opengl) - Error: Timed out waiting for sync object.
    compiz (opengl) - Info: Destroying sync objects
    ... then you could try increasing the NUM_X11_SYNCS value. Myself, I had to increase them + disable some logging before the patch stabilized for me.
    3). You should also open CCSM and do two things; Navigate to "General  Options"->"Focus and Raise Behavior" and disable "auto-raise" [it was causing problems for me/with this patch]. Next, Navigate to "Workarounds" section and disable "force synchronization between X and GLX" [and make sure that "OpenGL" section in CCSM has "X11 Sync Objects" enabled.]
    Reporting tests:  You can report back your findings in this thread, but if you are on Launchpad - you can also report back in a couple of places;
    nvidia refresh bug - https://bugs.launchpad.net/compiz/+bug/269904
    or file a bug against and/or contact Chris from this branch on LP; https://launchpad.net/~townsend/+archiv … fresh-test
    otherwise, any issues reported here - I will take to the concerned parties, personally.
    If this patched-compiz is stable for you - then you can rebuild it for 'production', rebuilding with the non-debug compiz nvidia-refresh.patch
    ** but please make sure to report back, before disabling logging.
    cheerz
    EDIT: Note the below bunch of comments were myself and a user working out some initial issues [one in my packaging], then the next getting compiz + config working for him. My PKGBUILD should be fine now for testing and i have updated the link/instructions/pkgbuild. - sorry for any inconvenience.
    Last edited by triplesquarednine (2014-06-24 00:30:59)

  • Conv. based on the month - Need to display the output in quarterly basis.

    Hi Gurus,
    I need to display the output quarterly based on the month.
    For example,
    If the year is 2012 and month is between
    01 to 03 i need to display it as 2012Q1
    likewise 04 to 06 as 2012q2
    and 07 to 09 as 2012q3
    and 10 to 12 as 2012q4.
    Please help me by providing sample codes. Please help yourself by writing the code and get back when you have a specific question.
    Thanks!
    Regards,
    Manoj
    Edited by: kishan P on Mar 2, 2012 3:14 PM

    Hi Vinod
    To get the last 13 months in webi report .follow below approach
    Assuming you have calendar Month object in the report.
    convert your selected date into M/d/yy format . let's say you selected 12/18/13 , your variable should be 12/1/13
    variable :
    Selected Month =ToDate(FormatDate(useresponse("Date");"Mmm yyyy");"Mmm yyyy")
    Flag for month     =ToDate([CalMonth];"Mmm yyyy")<=[Selected Month]
    Report filter          =[Flag for month]+Previous(Self)
    select the table you want to filter
    add filter -> Report filter between 1 to 13.
    Hope this will help.

  • FTP Transfer: based on filename it needs to be moved to different directory

    Hi,
    I am doing a FTP transfer of file from one location to another. In this scenario, based on filename the file needs to be moved to Directory A or Directory B.
    Is this possible having a single receiver file adapter?
    Regards,
    Ashish

    Hi Ashish
    What you can do is
    1. You can pick the file from location and use variable substitution to deliver the file on base of filename. But the limitation is folder name should have some characters common to filename as well.
    2. You can write file to a temperory location and then execute OS command to move the files to appropriate folders
    3. Create two communication channels and enhanced receiver determination to find our which folder based on filename at runtime.
    Thanks
    Gaurav

  • Oracle form based on a view - need to return a value after database trigger

    We have a form based on a view calling database trigger to insert data.
    I need to display a message of the record ID inserted on the form.
    The values to be displayed are ID field.

    Hi,
    if you use process of Automatic Row Processing (DML), you have an option *"Return Key Into Item"*.
    This will return your primary key into item, and then you can display this item as a result.
    Regards,
    Aljaz

  • Unionfs-fuse as filesystem root

    I currently have Arch booted over iscsi, i want to use it in read-only mode (so multiple users can use it simultaneously) with read-write unionfs stored in RAM (tmpfs).
    Currently i have this script:
    #!/bin/sh
    # Copyright: Bernd Schubert <[email protected]>
    # BSD license, see LICENSE file for details
    FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty"
    CHROOT_PATH="/.unionfs"
    UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768"
    # 2/3 wolnego RAM'u
    TMPFS_SIZE=`free -m | grep Mem: | awk '{ printf "%d\n", $4 * 2 / 3 }'`
    UBIN=/usr/bin/unionfs
    mount -t proc proc /proc
    # mount -t tmpfs tmpfs /tmp '`
    mount -t tmpfs -o size=${TMPFS_SIZE}M,rw tmpfs /.unionfs
    mkdir -p $CHROOT_PATH/root
    mkdir -p $CHROOT_PATH/rw
    mkdir -p $CHROOT_PATH/union
    mount --bind / $CHROOT_PATH/root
    $UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO $CHROOT_PATH/union
    mount -t proc proc $CHROOT_PATH/union/proc
    cd $CHROOT_PATH/union
    mkdir oldroot
    pivot_root . oldroot
    # init q
    I'm pretty sure script itself is ok (when i simply execute it in working system, everything works properly except 'pivot_root').
    I have no idea how to properly invoke it during system boot with systemd.
    Last edited by drag0nius (2013-06-25 16:39:29)

    jac wrote:
    @Caveman85de: I don't think that's what synthead meant
    I don't know of a way, but will faking that with chroot help you? (I use "fake" here because I don't actually know enough about chroot to tell you something more specific...)
    Interesting ... yeah.  This would be on a production environment, so I don't think a chroot would suffice, but that's definitely something to consider.
    I'm thinking I could so something like this.  I would create a very small partition somehow, perhaps loopbacked to a file.  This would have all the directory structures needed in the new filesystem as well as other directories to mount the old filesystem partitions.  I could call this .oldroot.  I would create .newroot in every partition too, then use binds to "mount" the new folders in the partitions where the old ones used to be.
    newroot.img / udf defaults,loop 0 0
    /dev/sda1 /.oldroot ext3 defaults 0 1
    /.oldroot/.newroot / none bind 0 0
    Again, proof of concept ...

  • Configuring tomcat for form based authentication-help badly needed

    hi , i want to have form based or some other way of authentication for the users comming to my site , i have access only to web.xml , but in tomcat documentations its giveni need to change server.xml and tomcat-user.xml , can i make these changes on web.xml to implement it or please tell me way out of this please , i tried even jguard but it needs changes in jvm which also not into my access

    Hi,
    I'm a little confused. You wanted to know how to configure Tomcat for form based authentication, and I sent you an article on how to do that. Is there something more you need from me? You had offered 10 duke dollars for this post, and if there is more I can do I will help for the remaining amount, but I can't help you getting access to the Tomcat *.xml file.

  • Testers needed

    Please help me out and visit http://www.animatedhtml.com/lightning/lightning.html and let me know if this video banner ad works for you. The default - lightning.html - autoplays & loops and is designed for PCs using mp4 After Effects created video and inserted into an Edge Animate container. I hacked the page adding this code for mobile users:
    <script type="text/javascript">
    <!--
    if (screen.width <= 699) {
    document.location = "lightningwc.html";
    //-->
    </script>
    This second page contains controls and no autoplay no loop since they are not supported.
    It works on my droid smartphone but I have had reports it does not work on a Samsung (SAMSUNG-SGH-I717) phone. I was wondering how many phones this hack does not work on and if I can tweak this somehow to make it work. I am also looking into using the javascript or server side material available at http://www.hand-interactive.com/detect/mobileesp_demo_javascript.htm which appears to be last updated on June/July 2011.
    My objective is to give the best possible experience to PC users and to support mobile users too.
    The banner is clickable in some areas to transfer the user to adobe.com and in the rest of area you can right click and have the option to pause the video etc.
    Suggestions are welcome and definitely needed. Warning: this ad contains sound - thunder borrowed from NOAA site.
    Thanks in advance
    Bob

    Hi Bob,
    OK, ran the test page (that's a pretty good resource you've found), but sadly no entries come up true.  For my site joelbondoux.net (my first exploration with Edage Animate) I found a nifty php script to detect mobile use, http://mobiledetect.net .  It seems to work perfectly on all devices I've checked, but clearly I don't know if it is able to check everything!
    I tested your site again on my phone and clicked on the black box (stupidly I didn't do this before...!).  The animation didn't play, but there was a sudden flash of the animation (but static - not playing) and then it took me to the Adobe Flash download page.  My phone is not teribly flash friendly.
    So going to your wc url, this is what I get:
    but again the animation doesn't play, there are no obvious controls and clicking on it does nothing.  Sorry!
    Cheers,
    Joel

  • Syslinux Installer / Update Script - Testers Needed

    For those who don't follow the ML that closely....
    Hello Community,
    Over the last few weeks I have been working on Syslinux support for the installer. With the help Thomas and Dieter I am nearing the completion of this project. As part of this project, I have written a script that will help install and update Syslinux (similar to that of grub-install).
    Some key features of the script: syslinux-install_update.sh
    * Install Syslinux to the FS + Partition Boot Loader (extlinux --install /boot/syslinux)
    * Install Syslinux MBR
    * Detect and optionally set the boot flag on the boot partition
    * Update Syslinux – copy files and execute (extilnux --update /boot/syslinux)
    * Support for GPT disks
    * Support for RAID configurations
    The goal is to include this script in the official Syslinux package. Therefore we need your help to test it.
    syslinux-install_update.sh -i -a -m ..... install Syslinux, set the boot flag (if needed), and install the MBR
    We need tests for the following setups:
    / + /boot on the *same* partition
    / + /boot on the *same* partition - RAID
    /boot + root on *separate* partition
    /boot + root on *separate* partition - RAID
    All of the above using but using the GPT partition layout
    NOTE: This is an alpha/beta stage script. The script modifies the first 440 bytes of the disk (using dd) and the partition table (using either sfdisk or sgdisk). Although the script should be safe to run, I am not responsible for any data loss that may occur.
    Let us know the following:
    * Did the script work for you?
    * What was your partition setup? (see above)
    * What version did you use?
    * If the script did not work, please provide as much information as possible
    Get the script here: https://gist.github.com/772138
    Syslinux Sample Config File: http://projects.archlinux.org/svntogit/ … slinux.cfg
    The Syslinux package in testing includes the above configuration file.
    Cheers,
    pyther

    As Thomas puts it:
    Thomas wrote:Syslinux is way more flexible and extensible than grub or lilo, actively developped (by someone who knows what he is doing and is always willing to fix bugs like yours) and feature-rich.
    http://mailman.archlinux.org/pipermail/ … 17368.html
    In regards to bootloaders in core
    Pierre wrote:
    ATM. we have grub1 in core/base and install that by default. The problem is that this project is virtually dead for a long time now and also not available on x86_64. Technically it has to be in the multilib repo.
    Grub2 is currently in extra. Upstream development is still in flux. Imho its quite heavy and complex. An alternative successor would be extlinux from the syslinux package. It's very simple, easy to configure, actively maintained and reliable. Sure, it only supports booting from ext* and btrfs afaik but to be honest, if you use any other FS you should have a separate /boot even when using grub.
    http://mailman.archlinux.org/pipermail/ … 18445.html
    Why I like it:
      * It is simple and easy to understand (see https://wiki.archlinux.org/index.php/Sy … t_Process)
      * The devs are willing to help you out (they have helped me understand the Syslinux boot process and write this script)
      * It is modular in nature and the Hardware Detection Tool (HDT) com32 module is cool
      * Configuration is simple
      * KISS (IMHO)
      * GPT Support
    Disadvantages:
      * Can't boot from LVM volumes
      * only ext2/3/4, btrfs, vfat file systems supported
    Last edited by pyther (2011-01-16 21:56:41)

  • Filter based on another analysis need to run as a seperate query obiee 11g

    Hi,
    I have a main report which has a filter condition that depends on the another request(Created through Filter based on another analysis).The Filter based on another analysis report query comes as a embedded query along with the main query (making a subquery).As it has a subquery it is taking more time to fetch data.
    Is there any possiblity of running the Filter based on another analysis report as a seperate query.
    Please suggest.
    Thanks,
    Soukath

    Hi,
    Make sure one thing,u have eanble check box and submit sql button in the bottom of Advanced tab then save it and try again it will work.
    refer:
    http://tipsonobiee.blogspot.com/2009/06/step-by-step-to-bypass-all-caches.html
    Thanks
    Deva
    Edited by: Devarasu on Dec 19, 2011 11:59 AM

  • Different Essbase properties based on hierarchy that need to be exported to EPMA

    Hello All,
    I need to export Essbase and Planning dimensions that contain multiple hierarchies.  Several of the node properties are different across the hierarchies.  For example, Node 123 would have a '+' for PlanAggreation1 in Hierarchy 1 and a '~' for PlanAggregation1 in Hierarchy 2.  I am trying to use the EPMA Export profiles.  I can use different properties to collect the different property values per hierarchy but not sure how to include them in the export.  Ideas?  Recommendations are much appreciated!

    Hello All,
    I need to export Essbase and Planning dimensions that contain multiple hierarchies.  Several of the node properties are different across the hierarchies.  For example, Node 123 would have a '+' for PlanAggreation1 in Hierarchy 1 and a '~' for PlanAggregation1 in Hierarchy 2.  I am trying to use the EPMA Export profiles.  I can use different properties to collect the different property values per hierarchy but not sure how to include them in the export.  Ideas?  Recommendations are much appreciated!

Maybe you are looking for

  • Odd open with behavior

    Hi, Normally, when right-clicking a file, for example, a pdf, in ID, and selecting a particular program to open that file with (say, AI) would start the chosen program.  Lately, things haven't been working as expected, at least in one document.  Open

  • Problem with my 3gs!please help

    need help! i just upgrade my 3gs to ios 5..but got problem with it..it says no sim..but the sim card is in it.can anyone help me?how do i fix this?

  • PI 7.1 upgrade - PI_BASIS patch level in ECC

    Hello We are looking at upgrading our XI 7.0 SP12 to PI 7.1. Our backend ECC system is at PI_BASIS SP11. Most of our interfaces with the backend are through ABAP proxies. Will an upgrade to PI 7.1 demand an upgrade to PI_BASIS in the backend ECC syst

  • Printing from officejet 6500 e709n on wifi network

    printing from a macbook pro w/ os x yosemite per subject line above. unable to print.

  • Can't open Iphoto on my new macbook pro

    It asks me to upgrade. thought it came with the softwar...  what is up?