SELinux, vsftpd and you

Setting up some new RHEL 6 servers I came across the odd need of enabling ftp access to /tftpboot on those machines came up. SELinux didn’t really like that idea and denied access, which by default is a very good idea. Diabling SELinux is of course no option at all.

It is pretty well known and documented that setsebool -P ftp_home_dir=1 allows access to system users’ home directories. But what about other directories outside of /home? audit2allow to the rescue!

# audit2allow -a
============== ftpd_t ==============
#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'

allow ftpd_t tftpdir_rw_t:dir { write remove_name add_name };
#!!!! This avc can be allowed using the boolean 'allow_ftpd_full_access'

allow ftpd_t tftpdir_rw_t:file { write create unlink append };

Basically this little known, but invaluable helper goes through your audit.log and tells you what can be done to avoid those denies; in this case

setsebool -P allow_ftpd_full_access=1

therefore allows vsftpd to write to any system directory the currently logged in user can get access to.

How to enable Google’s PDF Plugin in Chromium

November 2, 2010 27 comments

Google’s PDF Plugin is most excellent for most needs – and for anything else you can actually download the PDF and do whatever you want to do with it (sidenote though: printing would be really nice. Pretty please, Google?). Unfortunately, it only ships with the official Chrome version and is therefore not available in the Chromium editions most distributions ship or make available.

Therefore, to get and enable the plugin on your favorite local Chromium version:

Fullscreen Flash Videos not playing in Ubuntu/Fedora/Debian/Chrome/Firefox/insert-whatever-here when Compiz Fusion Effects are enabled

November 1, 2010 6 comments

If the headline seems familiar to you… try this:

sudo mkdir -p /etc/adobe
sudo echo "OverrideGPUValidation=1" > /etc/adobe/mms.cfg

and restart any open browsers for it to take effect.

Adobe blacklists anything with SGI as GLX vendor string for GPU acceleration. Intel cards/drivers report this though. In combination with Compiz desktop effects = bad. So using above snippet fixed any fullscreen issues on my Lenovo Thinkpad T500 with Mobile 4 Series Chipset.

Awesome Fonts in Fedora in 56 Steps

  • Enable RPMFusion Repository
  • su -c 'yum install freetype-freeworld'
  • su -c "ln -s /etc/fonts/conf.avail/10-autohint.conf /etc/fonts/conf.d/"
  • su -c "ln -s /etc/fonts/conf.avail/10-sub-pixel-rgb.conf /etc/fonts/conf.d/"
  • logout / login

Thanks to

