drobbins
-
Posts
513 -
Joined
-
Last visited
-
Days Won
282
Content Type
Profiles
Forums
Blogs
Posts posted by drobbins
-
-
Hey All,
I've gone ahead and updated Funtoo Linux 1.4 to contain the latest implementation of SELinux from Gentoo. SELinux is working well under Funtoo now. To use it, see the SELinux page on the Funtoo wiki. Also reference the https://wiki.gentoo.org/wiki/SELinux/Installation and https://wiki.gentoo.org/wiki/SELinux pages for documentation reference. These Gentoo wiki pages were originally put together by SwiFT and are excellent, and the SELinux team has kept them up-to-date (I must give credit where credit is due ?. We need to work on our modest SELinux wiki page here to improve it: https://www.funtoo.org/SELinux
If you are new to SELinux, here are the basic steps. Enable the SELinux mix-in, emerge the SELinux tools as well as policies, rebuild world and etc-update, apply security labels to files, enable in kernel in "permissive mode" -- where it just logs things but doesn't "block" anything, and then start to play.
In your /etc/boot.conf, you'll want to add "security=selinux enforcing=0" to your "params +=" line and re-run "ego boot update" to get the kernel booting properly. This is assuming you are using debian-sources or debian-sources-lts.
Funtoo is also helping perfinion (find him in #gentoo-base on freenode) in Gentoo test the SELinux-next security policies. Here is how you can test them:
1. Add the following to package.keywords: sec-policy/selinux-* **
2. Then emerge @selinux-rebuild to reinstall all the 9999 policies (to be used with 2.9 userspace)
3. Do a full relabel.
4. Reboot.Then, you can run and start auditd which will generate logs of what SELinux activity is going on. After your initial reboot into the new SELinux, start auditd with empty logs, and keep it running as you go about your business. After a few days of using Funtoo as you normally would, these logs can be useful to the SELinux team to determine if the new policies are working as expected.
Of particular interest is the use of elogind under SELinux. Once using the new SELinux-next policies, 'ps auxfZ | grep logind' should be in the systemd_logind_t domain.
Thanks to perfinion and the SELinux team for moving SELinux forward! Let's help them ?
-
OK, I cleaned up this mess. No more static stuff should need to be manually turned on now. Here is a summary of the changes I made:
- cryptsetup now has USE static turned off by default
- genkernel now has cryptsetup turned off by default
- new encrypted-root mix-in to enable when you want LUKS that will flip all the necessary switches
-
I am adding an encrypted-root mix-in and undoing the previous change that required a ton of stuff to be static. Sorry about that -- that was an ugly mess. I forgot that making cryptsetup static would make all of its dependencies also need to be static.
-
@klipkyle yeah, that's not good, my mistake. I will look into a solution.
-
Please see the following for more info:
Release Notes: https://www.funtoo.org/Release_Notes/1.4-release
Upgrading from 1.3: https://www.funtoo.org/Upgrade_Instructions/1.4-release
Download and Install: https://www.funtoo.org/Install/Introduction
-
Hey everyone --
Funtoo Linux 1.4 is now to be considered officially released! Some changes in the last several weeks include:
- Updating to gcc-9.2.0 to address an upstream compilation bug (thanks: calrama)
- Additional testing/fixing of dependencies (thanks: sandro and others)
- New debian-sources and debian-sources-lts kernels (thanks: bcowan)
- Debian-sources-lts will now default to using "custom-cflags" USE by default, which will give you a more optimized kernel. -march settings from your subarch mix-in will be applied to your kernel compilation as well. This appears to result in a noticeable performance improvement.
- Many thanks to jhan, digifuzzy, klipkyle, librin.so.1, niranjan, sandro and everyone else (sorry if I forgot to mention you) for making this the most tested and most community-focused release of Funtoo ever!
I will continue to update documentation on the wiki relating to 1.4, and of course, 1.4 development continues with pull requests and issues reported to bugs.funtoo.org.
I hope to start 2.0 development in about a month.
Also note -- we now have a "Announcement Discussion" forum visible from the main forums page which allows posts and is open to discussing any announcements.
Best,
Daniel
-
LXD GPU-accelerated containers requires Funtoo Linux 1.4. It looks like you may be using Funtoo Linux 1.3?
The nvidia-drivers in 1.4 has been significantly modified to work properly inside containers and not require a kernel. The 1.3 one hasn't.
-
OK, thanks for testing and reporting this. I should be able to fix it. If you have some time, can you report an official bug on bugs.funtoo.org and then I will reference it in the commit that fixes this issue. Thanks.
-
Hey everyone,
1.4 is almost ready to be released. Thanks so much to everyone who has contributed pull requests for 1.4 and tested 1.4. There's still a bunch of work to do, but there always will be and I believe 1.4 will be our most well-tested release so far.
After 1.4 is released, we will start development on 2.0, to be released some time in the Fall (Sept/Oct timeframe). I've been thinking about the release schedule a lot and I think that aiming for a .0 release every Fall seems to be a good idea. This means the work is completed well before the winter holidays, and fall in the US is a good season of change and looking forward to new things.
What I have left to do for 1.4 is to update the ARM builds to 1.4 and then also to update our documentation, release notes, upgrade steps and related docs. I want to incorporate the new video cards mix-ins into the official installation steps and not leave it to just be a "First Steps" item after install. This way, people can use the install docs to get their desktop environment of choice up and running, too.
I hope to get all this completed in the next few days.
-
-
Yes, I think that ~ is necessary -- otherwise it won't find it.
-
This was my fault -- and should now be fixed. I created a new ebuild called mesa-gl-headers which contains only the headers for mesa. But I included a lot of extra headers by mistake. I didn't get it fixed until the evening but is now definitely resolved ?
-
Oh, also, welcome to the 4K club (written from my thinkpad p1 ?
-
So when the system boots, grub will display, and it will potentially set a resolution. Is the grub resolution OK? If you are using UEFI, it may be too small at GRUB. This is important to know because we need to figure out at what point it should be fixed ? If it is getting really small during boot, this is due to kernel modesetting which is something different.
If grub is at a decent resolution, then booting with the "nomodeset" kernel parameter will prevent things from getting too small at boot. You will need modesetting for many graphics drivers, but this is a quick fix to avoid using a magnifying glass when you are setting up your system ?
-
-
Hey Everyone,
I recently upgraded to a newer Thinkpad Laptop (P1) and decided this was a good time to upgrade Funtoo's graphics stack to sort of finish the work that TemptorSent had started. You'll recall that if you tested 1.4, media-libs/mesa could be quite picky with USE vars/VIDEO_CARDS settings. This should now be fixed.
One thing that bugged me when I installed Funtoo on my P1 was that video acceleration wasn't working well. So I've tried very hard to address this so that "out of the box" with minimal/no configuration, you will have good video acceleration support in Funtoo.
New documentation on this system that is now in 1.4 can be found here: https://www.funtoo.org/Make.conf/VIDEO_CARDS
In particular, see here: https://www.funtoo.org/Make.conf/VIDEO_CARDS/Mix-ins (This table is also included in the main page linked above.)
You'll also see extensive documentation on the new VIDEO_CARDS settings that are available and all map directly to a particular graphics driver now (eliminating confusion between gallium and DRI drivers that existed.)
The workstation and desktop flavors will now auto-enable Open Source Intel integrated graphics (DRI) and Radeon Gallium graphics (Gallium) -- enabling Vulkan for both. I did not enable nvidia or nouveau by default as I leave this choice of proprietary vs. open source to the user (for Intel and Radeon, the best choices are obvious so safe to enable these.)
This should be a big step towards getting everyone optimal video performance in Funtoo without significant work! Be sure to give https://www.funtoo.org/Make.conf/VIDEO_CARDS/Mix-ins and the parent page a good read. And if you use firefox, play around with the h264ify plugin to optimize YouTube video playback and see if it helps reduce your CPU usage.
Enjoy!
-
Just a note -- be sure to submit pull requests for anything like this so we can get fixes into Funtoo, if you haven't already ? Thanks ?
-
Just a note --I am not sure if you used our cinnamon mix-in or not. Hopefully it will make things easier. If it needs any fixes or improvements for 1.3 or 1.4, please do not hesitate to open an issue on the bug tracker or submit a PR to code.funtoo.org.
-
I've removed the PDEPEND from nvidia-drivers so they don't automatically install nvidia-kernel-modules. But nvidia-kernel-modules has nvidia-drivers as a dependency. So if you are installing on bare metal, do emerge nvidia-kernel-modules and you will get everything you need, and if you are installing in container, emerge nvidia-drivers and it will skip the modules. This should be in the live tree for 1.4 already.
-
None that I can think of. And I will start the 1.4 AWS builds soon as well.
-
In my testing, the --exclude method did not work and I manually modified the PDEPEND in nvidia-drivers in /var/git/meta-repo/kits for now as a local work-around. Just a note -- you will likely need to do this too. Other option is to also --exclude nvidia-drivers and then do an emerge -1 nvidia-drivers --exclude nvidia-kernel-modules after the big emerge.
-
If you hit EAPI errors like this, be sure to report bugs to bugs.funtoo.org and be sure to include the release of Funtoo you're using and what you tried to emerge that died and we'll get them fixed! ?
-
-
1.4 -- Even More New Stuff
in News and Announcements
Posted
There has been a lot of updates to Funtoo Linux 1.4 since its release -- most of these not officially announced. So it would be a good idea to make an official announcement of many of them:
MANY OF THESE FIXES WERE SUBMITTED BY OUR USERS! Thanks to bcowan, perfinion, jhan, tux, tczaude, KlipKyle, scottfurry and anyone I forgot to mention for making Funtoo better for everyone ? ? ?