Fedora 27 : The LXMusic music player for LXDE.

The LXMusic come with version 0.4.7-4 , update and bugs fixes.
It is a minimalist music player for LXDE with very few features .
This simple XMMS frontend music player named LXMusic has very few features.
I used to playing my list of music files and works great.
The install can be done with dnf tool:

# dnf install lxmusic

Fedora 27 : selinux and getfattr attributes.

In this tutorial I show you how to use the getfattr command to get extended attributes of filesystem objects and security selinux.
One attribute is selinux.security for selinux and other like:

• security.capability - the security.capability files stores Linux capabilities for the related file and is applies to binaries which are provided one or more capabilities via this file.

• security.ima - for the Integrity Measurement Architecture (IMA), the file security.ima stores a hash or digital signature.

• security.evm - this is similar to security.ima, the Extended Verification Module (EVM) stores a hash/HMAC or digital signature in this file ( the different with IMA is that it protects the metadata of the file, not the contents).

Now, about selinux.security :
You can use for example the getfattr command to perform specific security selinux tasks:

# getfattr -m security.selinux -d /etc/passwd
getfattr: Removing leading '/' from absolute path
names
# file: etc/passwd 
security.selinux="system_u:object_r:passwd_file_t:s0"
# getfattr -m security.selinux -d /etc/shadow
...
# getfattr -m security.selinux -d /var/www d /var/www
...

Both getfattr and setfattr commands has provided by the POSIX ACL package (Portable Operating Systems Interface).

Fedora 27 : The strace tool for debug.

Today I test a great tool named strace from here.
This tool will help you with diagnostic, debugging and monitor between processes and the Linux kernel.

For example you can test this tool with ls command:
- to display only a specific system call, use the strace -e option as shown below.

$ strace -e open ls > /dev/null

- the result of this will come with all infos about count time, calls, and errors for each system call.

$ strace -c ls > /dev/null

- save the trace execution to a file:

$ strace -o output.txt ls

- display and save the strace for a given process id:

$ strace -p 1725 -o process_id_trace.txt

You can see more examples on the official webpage.

Fedora 27 : Test browsers for inline security.

Open the browser with this page: https://github.com.
Next step is to open the Developer Tools console.
If you use Opera then you can use this keys: Ctr+Shift +C .
If you use Firefox or Chrome browsers use F12 key.
Paste the following code into the console area to create a new inline script and add this java script:

var test = document.createElement('script');
test.innerText = 'alert("hi there");'
document.body.appendChild(test);

For example, this is a good security result on my Opera browser.

The result of this message tell us about the script we tried to execute was stopped by the browser.

Fedora 27 : About storage management and LVM.

About storage management offering flexibility like a complex task and LVM contributes to this complexity.
If you have seen incorrect usage of LVM many times and users are often neither aware of the possibilities or alternatives for the particular storage stacks.
If you use a VirtualBox software the you can increase the vdi file:

VBoxManage modifyhd fedora.vdi --resize 30960

About LVM
The wikipedia tell us:
In Linux, Logical Volume Manager is a device mapper target that provides logical volume management for the Linux kernel. Most modern Linux distributions are LVM-aware to the point of being able to have their root file systems on a logical volume.

To create a LVM, we need to run through the following steps:

• Select the physical storage devices for LVM 
• Create the Volume Group from Physical Volumes 
• Create Logical Volumes from Volume Group

All linux commands start in this case with lv and pv .
If you want to have a good management of storage then one most common task is :

The resize the PV (Physical Volume) with all free space.

All LVM commands start with lv so try to find all into your terminal by type lv ant then use keys TAB+TAB.
To resize the LVM use this commands:

$sudo su 
# pvs
  PV         VG              Fmt  Attr PSize   PFree
...
# lvdisplay
  --- Logical volume ---
  LV Path                /dev/fedora/root
  LV Name                
...
# lvextend -l+100%FREE /dev/fedora/root 
...
# df -Th

If you use Volume group on LVM then you need to use:

vgextend your_vg /dev/sda...

Fedora 27 : Fix your distro with package-cleanup command.

Happy New Year 2018 !
A new beginning for us, fedora distribution users, and I prefer to write about what we all use in Fedora and maybe is less well known by new  readers.
Let's start with the development process of Fedora distro come and all the installed kernels.
Normally reason why you maybe want remove kernels is limited disk space, fix problems and see what is wrong with your Fedora distro.
First issue is about installed kernels, use this command:

#rpm -q kernel

Install this package tool named dnf-utils (is a collection of add-on tool for dnf tool).

#dnf install dnf-utils

Let's start with this command, we see that several packages are seemingly installed more than once:

#package-cleanup --cleandupes

If there’s any remaining trouble with the yum database you can see with this command:

#package-cleanup --problems

To remove installed kernels from old Fedora distros use this command:

#package-cleanup --oldkernels --count=2

... the Fedora 27 use this command:

#package-cleanup --oldkernels 2

To obtain list of orphaned packages currently residing in the system:

#package-cleanup --leaves

Fedora 27 : Firefox and selinux : sepolgen tool .

To writing the actual policy for SELinux application, you can get many of the permissions your application needs by running.
First test if is installed into your Fedora distro.
I used Fedora 27 with SELinux set Enforcing.
If your application is named my_app then use this command:

sepolgen --init  /path/to/my_app

The result of this command will be this:

app.fc
my_app.sh
my_app.if
my_app_selinux.spec
my_app.te

If your application will be a rpm package, you can delete app.spec and app.sh.
The file with extension .te is a Type Enforcement file.

About this five files, the Linux help tells us:

Type Enforcing File NAME.te 
This file can be used to define all the types rules for a particular domain.

Note: Policy generated by sepolicy generate will automatically add a permissive DOMAIN
 to your te file. When you are satisfied that your policy works, you need to remove 
the permissive line from the te file to run your domain in enforcing mode.

Interface File NAME.if 
This file defines the interfaces for the types generated in the te file, which can 
be used by other policy domains.

File Context NAME.fc 
This file defines the default file context for the system, it takes the file types 
created in the te file and associates file paths to the types. Tools like restorecon
 and RPM will use these paths to put down labels.

RPM Spec File NAME_selinux.spec 
This file is an RPM SPEC file that can be used to install the SELinux policy on to
 machines and setup the labeling. The spec file also installs the interface file and
 a man page describing the policy. You can use sepolicy manpage -d NAME to generate 
the man page.

Shell File NAME.sh 
This is a helper shell script to compile, install and fix the labeling on your test 
system. It will also generate a man page based on the installed policy, and compile
 and build an RPM suitable to be installed on other machines

Open the my_app.te file will see something like this:

policy_module(my_app, 1.0.0)

########################################
#
# Declarations
#

type my_app_t;
type my_app_exec_t;
init_daemon_domain(my_app_t, my_app_exec_t)

# Please remove this once your policy works as expected.
permissive my_app_t;

########################################
#
# my_app local policy
#
allow my_app_t self:fifo_file rw_fifo_file_perms;
allow my_app_t self:unix_stream_socket create_stream_socket_perms;

domain_use_interactive_fds(my_app_t)
files_read_etc_files(my_app_t)
auth_use_nsswitch(my_app_t)
miscfiles_read_localization(my_app_t)
sysnet_dns_name_resolve(my_app_t)

The first line uses the name of the binary and will be the name of the policy and the version.

policy_module(my_app, 1.0.0)

The nest rows come with this:

type my_app_t;
type my_app_exec_t;
init_daemon_domain(my_app_t, my_app_exec_t)

- the unique type to describe this application is my_app_t.
- SELinux tells us we’ll be executing this file with my_app_exec_t.
- this program will run as a service: init_daemon_domain(my_app_t, my_app_exec_t).

The next row is about log permission errors ( but let the application continue to run).

permissive my_app_t;

The next rows show how the application use file permissions and if the application will use Unix steam.
Don't change it , you can get a google search to see more examples with this type of allow.

allow my_app_t self:fifo_file rw_fifo_file_perms;
allow my_app_t self:unix_stream_socket create_stream_socket_perms;

Abou this rows:

domain_use_interactive_fds(my_app_t)
files_read_etc_files(my_app_t)
auth_use_nsswitch(my_app_t)
miscfiles_read_localization(my_app_t)
sysnet_dns_name_resolve(my_app_t)

The domain_use_interactive_fds and term_use_all_terms support operations where SSH allocates a tty for the user( example the allow fifo_file supports the opposite).
The my_app want to read from /etc folder with files_read_etc_files.
The auth_use_nsswitch also can adds rules allowing access to NIS/YPBIND ports.
The miscfiles_read_localization is about localization code.

To better understand this tutorial, you can create a folder in your home directory and then test it with a different application from Fedora 27.
One good example: sepolgen --init /opt/firefox .