Pages

Tuesday, September 15, 2020

Fedora 32 : Can be better? part 009.

The Fedora distro will be better if the development team will come with useful, accurate, and up-to-date information. A very simple example is C and C ++ programming and more precisely how to build programs and packages. Let's take a simple example of creating interfaces with GTK. Let's take a simple example of creating interfaces with GTK that require knowledge of the GCC compiler. First I install gtk3-devel package:
dnf install gtk3-devel 
The Fedora team come with a group install with many feature.
#dnf -y groupinstall "Development Tools"
I test with these examples:
#include 

int main(int   argc,
     char *argv[])
{
  GtkWidget *window;
    
  gtk_init (&argc, &argv);
    
  window = gtk_window_new (GTK_WINDOW_TOPLEVEL);
  gtk_window_set_title (GTK_WINDOW (window), "Hello World");
  gtk_widget_show  (window);
    
  gtk_main ();
    
  return 0;
}
This create a simple window with Hello World title.
#include 

static void on_window_closed(GtkWidget * widget, gpointer data)
{
    gtk_main_quit();
}

int main(int argc, char * argv[])
{
    GtkWidget * window, * label;

    gtk_init(&argc, &argv);

    window = gtk_window_new(GTK_WINDOW_TOPLEVEL);

    g_signal_connect( window, "destroy", G_CALLBACK(on_window_closed), NULL);

    label = gtk_label_new("Hello, World!");

    gtk_container_add(GTK_CONTAINER(window), label);

    gtk_widget_show(label);
    gtk_widget_show(window);

    gtk_main();

    return 0;
}
This is the same example but you will see a label with te text Hello, World!.
The last example is more complex and involves the use of signals attached to the close button and the OK button.
The main window contains three labels with my name and an editbox in which you have to enter my nickname mythcat or something else.
#include 

const char *password = "mythcat";

// close the window application 
void closeApp(GtkWidget *widget, gpointer data)
{
    gtk_main_quit();
}

// show text when you click on button 
void button_clicked(GtkWidget *button, gpointer data)
{
    const char *password_text = gtk_entry_get_text(GTK_ENTRY((GtkWidget *)data));

    if(strcmp(password_text, password) == 0)
        printf("Access granted for user: \"%s\"\n",password);
    else
        printf("Access denied!\n");
 
}

int main( int argc, char *argv[])
{
    GtkWidget *window;
    GtkWidget *label1, *label2, *label3;
    GtkWidget *hbox;
    GtkWidget *vbox;
    GtkWidget *ok_button;
    GtkWidget *password_entry;

    gtk_init(&argc, &argv);

    window = gtk_window_new(GTK_WINDOW_TOPLEVEL);

    gtk_window_set_title(GTK_WINDOW(window), "Labels, password with one button and layout");
    gtk_window_set_position(GTK_WINDOW(window), GTK_WIN_POS_CENTER);
    gtk_window_set_default_size(GTK_WINDOW(window), 300, 200);

    g_signal_connect(G_OBJECT(window), "destroy", G_CALLBACK(closeApp), NULL);

    label1 = gtk_label_new("Catalin");
    label2 = gtk_label_new("George");
    label3 = gtk_label_new("Festila");

    password_entry = gtk_entry_new();
    gtk_entry_set_visibility(GTK_ENTRY(password_entry), FALSE);
    ok_button = gtk_button_new_with_label("OK");
    g_signal_connect(G_OBJECT(ok_button), "clicked", G_CALLBACK(button_clicked),password_entry);

    hbox = gtk_box_new(FALSE, 1);
    vbox = gtk_box_new(TRUE, 2);

    gtk_box_pack_start(GTK_BOX(vbox), label1, TRUE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(vbox), label2, TRUE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), vbox, FALSE, TRUE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), label3, FALSE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(vbox), ok_button, FALSE, FALSE, 5);
    gtk_box_pack_start(GTK_BOX(hbox), password_entry, TRUE, FALSE, 5);
    gtk_container_add(GTK_CONTAINER(window), hbox);

    gtk_widget_show_all(window);

    gtk_main();

    return 0;
} 
The result can be seen in the following image:

I put the source code for the last example in a test.c file and compiled it like this:
[mythcat@desk ~]$ gcc test.c $(pkg-config --cflags --libs gtk+-3.0) -o test
[mythcat@desk ~]$ ./test

Saturday, September 5, 2020

Fedora 32 : Can be better? part 007.

Another article in the Can be better? series that deals with a very popular feature called SELinux. Here that in this seventh part I will introduce you to the world of SELinux in my own style of simply explaining some SElinux configurations.
Let's recap some basic elements specific to SELinux.
Multi Category Security or MCS is a discretionary implementation of the mandatory Multi Level Security
MCS basically tries to use the MLS attributes: Security Levels and Security Compartments.
MCS implemented have one or more extra fields in their Security Context tuple: user_u:role_r:type_t:s0:c0.
You can see this with id -Z.
The MLS Range contains two components, the low (classification and compartments) and high (clearance).
sensitivity label build from the low component: s2 with c1, c2 ...
MCS does have 1024 categories that can be assigned to processes and files.
On an MLS system are two special labels, SystemLow(s0) and SystemHigh (s15:c0.c255).
The upper end of the MCS range is in an MCS environment s0:c0.c1023 is SystemHigh.
By default, everything in an MCS environment has access to SystemLow or s0.
You will able to access files with s0:c122 and s0:c123 categories.
The MLS translation mechanism to give a more literal meaning to the machine-like policy used in the MLS sensitivity and category declaration.
The MLS rule says: "no read up and no write down".
The MLS model is used to enforce confidentiality.
All processes that are forced to operate with Security Level.
The s0 Security Level or SystemLow level is the lower end of the Security Level Range in an MLS environment.
If you do not have the correct configurations then the SELinux setting operation for Enforcing could generate errors in the linux operation after reboot or during Linux operation.
You will need to have the root password and return for new SELinux settings.
Let's solve this issue: put SELinux into Enforce mode but give my user possibility to use command sudo su.
First, you need to see this table:
SELinux user Description Used for
unconfined_u SELinux user meant for unrestricted users. Unconfined users have hardly any restrictions in a SELinux context and are meant for systems where only Internet-facing services should run confined (i.e. the targeted SELinux policy store). All users on a targeted system
root The SELinux user meant for the root account The Linux root account
sysadm_u SELinux user with direct system administrative role assigned Linux accounts that only perform administrative tasks
staff_u SELinux user for operators that need to run both non-administrative commands (through the staff_r role) and administrative commands (through the sysadm_r role). Linux accounts used for both end user usage as well as administrative tasks
user_u SELinux user for non-privileged accounts Unprivileged Linux accounts
system_u Special SELinux user meant for system services Not used directly
Is need to change my user mythcat to staff_u with a good MLS Range.
[root@desk mythcat]# semanage login --modify --seuser staff_u --range s2:c100 mythcat
[root@desk mythcat]# semanage login --modify --seuser staff_u --range s0-s15:c0.c1023 mythcat
[root@desk mythcat]# semanage login -l 
[root@desk mythcat]# setenforce enforcing
[root@desk mythcat]# getenforce
Enforcing
[root@desk mythcat]# semanage login -l 
ValueError: Cannot read policy store.
After reboot need some time to load the new changes, first is the last configuration.
[mythcat@desk ~]$ semanage login -l
ValueError: SELinux policy is not managed or store cannot be accessed.
[mythcat@desk ~]$ id -Z
staff_u:staff_r:staff_t:s0-s15:c0.c1023
[mythcat@desk ~]$ sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
Few seconds later all is good:
[mythcat@desk ~]$ sudo su 
[sudo] password for mythcat: 
bash: /root/.bashrc: Permission denied
bash-5.0# ls
bash-5.0# sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: enforcing
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
bash-5.0# id -Z
staff_u:staff_r:staff_t:s0-s15:c0.c1023
bash-5.0# exit 
exit
[mythcat@desk ~]$ sestatus 
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: mls
Current mode: enforcing
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: denied
Memory protection checking: actual (secure)
Max kernel policy version: 33
Everything is fine for now, this delay is the reason for using the selinux kernel settings. More information about Multi-Level Security and Multi-Category Security can be found on this webpage.

Tuesday, August 25, 2020

Fedora 32 : Change display manager.

The display manager is a graphical login manager which starts a session, simply asks username and password to login desktop.
On Fedora, you can choose for example GDM (Gnome Display Manager), SDDM (Simple Desktop Display Manager), LXDM (LXDE Display Manager), LightDM, KDM (KDE Display Manager), XDM (X Display Manager).
I like the old gdm display manager, is good and works great.
If you want to change it then use these commands:
[root@desk mythcat]# dnf install gdm
...
Complete!
[root@desk mythcat]# systemctl disable lightdm 
[root@desk mythcat]# systemctl enable gdm
Failed to enable unit: File /etc/systemd/system/display-manager.service already exists and is a symlink to /usr/lib/systemd/system/sddm.service.
[root@desk mythcat]# systemctl disable sddm.service 
Removed /etc/systemd/system/display-manager.service.
[root@desk mythcat]# systemctl enable gdm
Created symlink /etc/systemd/system/display-manager.service → /usr/lib/systemd/system/gdm.service.
[root@desk mythcat]# reboot
If you have problems with gdm display manager then you can read about settings here.
The configuration file can be found in this file:
[root@desk mythcat]# cat /etc/gdm/custom.conf 
# GDM configuration storage

[daemon]
# Uncomment the line below to force the login screen to use Xorg
#WaylandEnable=false
AutomaticLogin=mythcat
AutomaticLoginEnable=False
[security]

[xdmcp]

[chooser]

[debug]
# Uncomment the line below to turn on debugging
#Enable=true 

Sunday, August 23, 2020

Fedora 32 : Install LibreOffice_7.0.0 .

The latest releases of LibreOffice is version 7.0.0 and is available for Fedora 32 distro from here. To install it you need to use these commands:
[root@desk mythcat]# dnf -y update
...
[mythcat@desk ~]$ cp Downloads/LibreOffice_7.0.0_Linux_x86-64_rpm.tar.gz ~
[mythcat@desk ~]$ ls LibreOffice*
LibreOffice_7.0.0_Linux_x86-64_rpm.tar.gz
[mythcat@desk ~]$ tar xvf LibreOffice_7.0.0_Linux_x86-64_rpm.tar.gz 
LibreOffice_7.0.0.3_Linux_x86-64_rpm/
LibreOffice_7.0.0.3_Linux_x86-64_rpm/RPMS/
...
[mythcat@desk ~]$ cd LibreOffice_7.0.0.3_Linux_x86-64_rpm/
[mythcat@desk LibreOffice_7.0.0.3_Linux_x86-64_rpm]$ cd RPMS/
[mythcat@desk RPMS]$ sudo dnf install *.rpm
[sudo] password for mythcat: 
Last metadata expiration check: 2:09:12 ago on Sat 22 Aug 2020 10:33:11 PM EEST.
Dependencies resolved.
================================================================================
 Package                                    Arch   Version   Repository    Size
================================================================================
Installing:
 libobasis7.0-base                          x86_64 7.0.0.3-3 @commandline 1.8 M
 libobasis7.0-calc                          x86_64 7.0.0.3-3 @commandline 9.5 M
 libobasis7.0-core                          x86_64 7.0.0.3-3 @commandline 101 M
 libobasis7.0-draw                          x86_64 7.0.0.3-3 @commandline 6.1 k
 libobasis7.0-en-US                         x86_64 7.0.0.3-3 @commandline  88 k
...
Complete!
The last step is to run this software from Fedora 32 distro desktop environment.

Tuesday, August 18, 2020

Fedora 32 : Repair the starting LightDM display manager.

LightDM is a cross-desktop display manager with these features:
  • Cross-desktop - supports different desktop technologies.
  • Supports different display technologies (X, Mir, Wayland ...).
  • Lightweight - low memory usage and high performance.
  • Supports guest sessions.
  • Supports remote login (incoming - XDMCP, VNC, outgoing - XDMCP, pluggable).
  • Comprehensive test suite. 
  • Low code complexity.
To start it you need to use these commands:
[mythcat@desk ~]$ sudo systemctl get-default
[sudo] password for mythcat: 
multi-user.target
[mythcat@desk ~]$ sudo systemctl set-default graphical.target
Removed /etc/systemd/system/default.target.
Created symlink /etc/systemd/system/default.target → /usr/lib/systemd/system/graphical.target.
Restart your Fedora distro and use it.

Saturday, August 15, 2020

Fedora 32 : Accurate timekeeping with chronyd daemon.

Accurate timekeeping is important in networking because accurate time stamps in packets and logs are required.
In Linux operating systems, the NTP protocol is implemented by a daemon running in userspace.
For Fedora distro, you can choose between the daemons ntpd and chronyd. Today I will show you how to use the chronyd.
The Fedora documentation can be found on the official website.
Let's install and use this:
[root@desk mythcat]# dnf install chrony 
...
[root@desk mythcat]# vim /etc/chrony.conf 
With the vim tool now you can add the In most cases, it's best to use pool.ntp.org to find an NTP server or use servers from your country. Now, I can start and enable the daemons named chronyd and add it to the firewall.
[root@desk mythcat]# systemctl start chronyd 
[root@desk mythcat]# systemctl status chronyd 
● chronyd.service - NTP client/server
     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; vendor p>
     Active: active (running) since Sat 2020-08-15 12:23:08 EEST; 9h ago
       Docs: man:chronyd(8)
             man:chrony.conf(5)
   Main PID: 10071 (chronyd)
      Tasks: 1 (limit: 11800)
     Memory: 1.0M
        CPU: 93ms
     CGroup: /system.slice/chronyd.service
             └─10071 /usr/sbin/chronyd

Aug 15 12:23:08 desk systemd[1]: Starting NTP client/server...
Aug 15 12:23:08 desk chronyd[10071]: chronyd version 3.5 starting (+CMDMON +NTP>
Aug 15 12:23:08 desk chronyd[10071]: Frequency -13.819 +/- 0.344 ppm read from >
Aug 15 12:23:08 desk chronyd[10071]: Using right/UTC timezone to obtain leap se>
Aug 15 12:23:08 desk systemd[1]: Started NTP client/server.
Aug 15 12:23:13 desk chronyd[10071]: Selected source 78.96.7.25
Aug 15 12:23:13 desk chronyd[10071]: System clock TAI offset set to 37 seconds

[root@desk mythcat]# systemctl enable chronyd 
[root@desk mythcat]# firewall-cmd --add-service=ntp --permanent 
success
[root@desk mythcat]# firewall-cmd --reload 
success
You can use it with chronyc command tool:
[root@desk mythcat]# chronyc sources 
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ blackmamba-g0.eff.ro          3  10   377   692  -1192us[-1273us] +/-   92ms
^+ corporate1.bluepink.ro        2  10   377   200  -1441us[-1441us] +/-   52ms
^+ static-5-2-155-141.rdsne>     2  10   377   468  +1622us[+1540us] +/-   51ms
^* dummy.upcnet.ro               2  10   377   435  -1221us[-1303us] +/-   57ms
[root@desk mythcat]# chronyc tracking
Reference ID    : 4E600719 (dummy.upcnet.ro)
Stratum         : 3
Ref time (UTC)  : Sat Aug 15 19:06:18 2020
System time     : 0.000439648 seconds fast of NTP time
Last offset     : -0.000081712 seconds
RMS offset      : 0.000591977 seconds
Frequency       : 13.753 ppm slow
Residual freq   : -0.000 ppm
Skew            : 0.235 ppm
Root delay      : 0.069966756 seconds
Root dispersion : 0.017129980 seconds
Update interval : 1036.2 seconds
Leap status     : Normal
[root@desk mythcat]# chronyc activity
200 OK
4 sources online
0 sources offline
0 sources doing burst (return to online)
0 sources doing burst (return to offline)
0 sources with unknown address 

Friday, August 7, 2020

Fedora 32 : First example with C# on Fedora distro.

Let's enable the COPR repository for dotnet:
[mythcat@desk ~]$ sudo dnf copr enable @dotnet-sig/dotnet
[sudo] password for mythcat: 
Enabling a Copr repository. Please note that this repository is not part
of the main distribution, and quality may vary.

The Fedora Project does not exercise any power over the contents of
this repository beyond the rules outlined in the Copr FAQ at
,
and packages are not held to any quality or security level.

Please do not file bug reports about these packages in Fedora
Bugzilla. In case of problems, contact the owner of this repository.

Do you really want to enable copr.fedorainfracloud.org/@dotnet-sig/dotnet? [y/N]: y
Repository successfully enabled.
Install the .NET Core package:
[mythcat@desk ~]$ sudo dnf install dotnet
Copr repo for dotnet owned by @dotnet-sig         42 kB/s |  59 kB     00:01    
Dependencies resolved.
=================================================================================
 Package                           Arch      Version            Repository  Size
=================================================================================
Installing:
 dotnet                            x86_64    3.1.106-1.fc32     updates     11 k
Installing dependencies:
 aspnetcore-runtime-3.1            x86_64    3.1.6-1.fc32       updates    6.2 M
 aspnetcore-targeting-pack-3.1     x86_64    3.1.6-1.fc32       updates    945 k
 dotnet-apphost-pack-3.1           x86_64    3.1.6-1.fc32       updates     70 k
 dotnet-host                       x86_64    3.1.6-1.fc32       updates    104 k
 dotnet-hostfxr-3.1                x86_64    3.1.6-1.fc32       updates    164 k
 dotnet-runtime-3.1                x86_64    3.1.6-1.fc32       updates     27 M
 dotnet-sdk-3.1                    x86_64    3.1.106-1.fc32     updates     41 M
 dotnet-targeting-pack-3.1         x86_64    3.1.6-1.fc32       updates    1.8 M
 dotnet-templates-3.1              x86_64    3.1.106-1.fc32     updates    1.8 M
 netstandard-targeting-pack-2.1    x86_64    3.1.106-1.fc32     updates    1.3 M

Transaction Summary
=================================================================================
Install  11 Packages

Total download size: 79 M
Installed size: 298 M
Is this ok [y/N]: 
...
Use this tutorial to install Visual Studio Code. Press Ctr-P keys to install the C# extension by OmniSharp.
ext install ms-dotnettools.csharp
The last step is to create a application HelloWorld:
[mythcat@desk ~]$ dotnet new console -o HelloWorld

Welcome to .NET Core 3.1!
---------------------
SDK Version: 3.1.106

----------------
Explore documentation: https://aka.ms/dotnet-docs
Report issues and find source on GitHub: https://github.com/dotnet/core
Find out what's new: https://aka.ms/dotnet-whats-new
Learn about the installed HTTPS developer cert: https://aka.ms/aspnet-core-https
Use 'dotnet --help' to see available commands or visit: https://aka.ms/dotnet-cli-docs
Write your first app: https://aka.ms/first-net-core-app
--------------------------------------------------------------------------------------
Getting ready...
The template "Console Application" was created successfully.

Processing post-creation actions...
Running 'dotnet restore' on HelloWorld/HelloWorld.csproj...
  Restore completed in 119.48 ms for /home/mythcat/HelloWorld/HelloWorld.csproj.

Restore succeeded.
You can run it with dotnet run command:
[mythcat@desk ~]$ cd HelloWorld/
[mythcat@desk HelloWorld]$ ls
HelloWorld.csproj  obj  Program.cs
[mythcat@desk HelloWorld]$ dotnet run Program.cs 
Hello World!