Monthly Archives: August 2012

ios apps of the week

ios apps of the week


  • occipital 360
  • PFAR – plane finder augmented reality  (point at a plane in the sky and it tells you where its going)
  • HP ePrint and HP Printer Control
  • dice roller
  • rotary dialer
  • file manager – turn your iphone into an ftp server so you actually copy photos off it
  • national trust
  • vyclone video aggregator

even postfix isnt selinux compliant

thanks goodness for selinux permissive mode


SELinux is preventing postalias (postfix_master_t) “write” to ./aliases.db (etc_t).

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.]

SELinux is preventing postalias (postfix_master_t) “write” to ./aliases.db (etc_t). The SELinux type etc_t, is a generic type for all files in the directory and very few processes (SELinux Domains) are allowed to write to this SELinux type. This type of denial usual indicates a mislabeled file. By default a file created in a directory has the gets the context of the parent directory, but SELinux policy has rules about the creation of directories, that say if a process running in one SELinux Domain (D1) creates a file in a directory with a particular SELinux File Context (F1) the file gets a different File Context (F2). The policy usually allows the SELinux Domain (D1) the ability to write, unlink, and append on (F2).

But if for some reason a file (./aliases.db) was created with the wrong context, this domain will be denied. The usual solution to this problem is to reset the file context on the target file, restorecon -v ‘./aliases.db’. If the file context does not change from etc_t, then this is probably a bug in policy.

Please file a bug report ( against the selinux-policy package. If it does change, you can try your application again to see if it works. The file context could have been mislabeled by editing the file or moving the file from a different directory, if the file keeps getting mislabeled, check the init scripts to see if they are doing something to mislabel the file.

Additional Information:

Source Context                user_u:system_r:postfix_master_t
Target Context                user_u:object_r:etc_t
Target Objects                ./aliases.db [ file ]
Source                        postalias
Source Path                   /usr/sbin/postalias
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           postfix-2.3.3-2.3.el5_6
Target RPM Packages
Policy RPM                    selinux-policy-2.4.6-327.el5
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   mislabeled_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain

free enterprise open source ebook

Wild Webmink

The feature I wrote for O’Reilly is also an e-book.  Without realising it, I have had my first ISBN-numbered publication issued – rather a surprise!

Do you think I should write a full-length book that covers more information like this?  It would cover a range of “thinking tools” for both software deployers and for software creators as they devise business strategies that incorporate open source.  I’d expand on the sorts of ideas you can currently find on the Essays page.

Let me know – you can get a free copy of Open Source Strategies for the Enterprise from O’Reilly in Kindle, e-pub and PDF format as ISBN 1-4493-4117-9. Or of course the feature is also on O’Reilly Radar.

View original post

mysql uuid gotchas

mysql uuid gotchas

  • Two calls to UUID() are expected to generate two different values, even if these calls are performed on two separate computers that are not connected to each other.
  • The fifth number is an IEEE 802 node number that provides spatial uniqueness. A random number is substituted if the latter is not available (for example, because the host computer has no Ethernet card, or we do not know how to find the hardware address of an interface on your operating system). In this case, spatial uniqueness cannot be guaranteed. Nevertheless, a collision should have very low probability.
  • Although UUID() values are intended to be unique, they are not necessarily unguessable or unpredictable. If unpredictability is required, UUID values should be generated some other way.