We have automated tests that require runnable Google Chrome. Yet the Google Chrome kept crashing.
The first encountered is:
libGL error: failed to load driver: swrast
libGL error: Try again with LIBGL_DEBUG=verbose for more details.
This one is easy, install
mesa-dri-drivers solved this.
ERROR:sandbox_linux.cc(338)] : InitializeSandbox() called with multiple threads in process gpu-process
My initial guess was SELinux, but journalctl returns nothing about it. After a few hours, I thought, how about firefox? Maybe it helps to set the SELinux and install the missing dependencies? And… Tada, both Firefox and Google Chrome worked. Eventually, I dug out that Google Chrome requires fonts to works. Specifically,
To sum up, following command worked for me:
sudo yum -y install mesa-dri-drivers liberation-fonts-common liberation-sans-fonts
My sinopia daemon refused to start. After dig out the journal, I found that
ExecStop run straight after
ExecStart, what the…
After some research, I found that for daemons, or any other program that put themselves at the background, systemd thought they are stopped, thus stop the service for you. To prevent this, you need following in your systemd service file:
so your daemons can live happily ever after.
The nodejs and npm in EL7 is too old, so I borrowed the to latest nodejs spec from rawhide. Long story short, the result is at:
Please read the disclaimer and do follow the installation instruction if you choose to proceed. I don’t usually put the disclaimer like that but you need to know that:
- The build dependency of nodejs include openssl-1.0.2, but EL7 only shipped with 1.0.1, yet nodejs can run with openssl-1.0.1.
- openssl-libs is an important package, without it, yum, curl and rpm URL install won’t work, so restore it is a bit tricky. The instruction is, however, written in the copr page.
To build this copr, following dependencies need to go in as well:
libuv is piece of cake. But crypto-policies and openssl bring the worst packager nightmare: circular dependency. After F23, crypto-policies require openssl-devel to build, yet openssl require crypto-policies to run.
I eventually dug out crypto-policies from F21 and built it, thus broke the circular dependency and finished the build.
mock won’t work with staff_selinux mode in RHEL 7. The instruction from Fedora is mostly correct, but insufficient for staff_selinux. This is because:
/usr/bin/mock is now a sym-link to
/usr/bin/consolehelper, thus consolehelper permission should be also allowed.
- The Fedora mock policy module does not have the types like
There are a lot more reasons, but long story short, I have edited a policy file (PackageMaintainers_MockTricks_mock.te) that should covered the most mock usage. My SELinux skill quickly build up by editing that file. 🙂
Time for script that setup the mock, assuming you are running as root:
# getting dependencies
yum -y install selinux-policy-devel policycoreutils-python mock
# Download policy files
# Build and install
make -f /usr/share/selinux/devel/Makefile
semodule -i PackageMaintainers_MockTricks_mock.pp
But just in case you are still getting SELinux AVC denials, you can get around yourself by using following scripts:
grep -E -e "(mock|consolehelper)" /var/log/audit/audit.log | audit2allow -M my_mock
semodule -i my_mock.pp
Now day I start playing with fluxbox, which is light weight, yet surprisingly has excellent feature set. For one, it can remember window location and size.
The other window mangers that are capable of window remembering have their own downside:
- KDE: It is indeed full featured but heavy weight. The other weird thing is it asks password for Calendar in Google Chrome whenever my session start, even I do not intent to use it.
- Enlightenment: starting from 0.20, they dropped systray (Xembed) support. Basically that means the Network Manager and Input Method indicators are gone.
The fluxbox built-in panel (a.k.a. toolbar) has the basic feature sets which I can live with, but it would be better to have the volume control, battery status and popup calendar when I click on the clock.
First candidate is fbpanel, but it’s popup calendar is block by the panel itself.
Then I found lxqt-panel. It has good feature sets like memory graph. But it fail to find the launcher icons, and “logout” won’t logout you.
At last, I came out with use lxqt as session, but fluxbox as window manager. But the autostart did not seem to work. Luckily, you can use
startfluxbox as window manager, and you can put whatever you want to autostart in
If you enforcing your SELinux and set your user to non
unconfined_u, like either
staff_u. You may found that your synergy or other tcp/udp service stop working. That is because your role cannot listen the ports that your services required.
To allow users to run TCP servers (bind to ports and accept connection from the same domain and outside users), run:
sudo setsebool selinuxuser_tcp_server 1
and for UDP:
sudo setsebool selinuxuser_udp_server 1
- user SELinux Policy documentation (8)
I have update the Enlightenment E19 to
And packages that depend on efl are rebuilt.
In my enlightenment repo, I also put xscreensaver and required dependency.
Note that the packages I built supports neither wayland nor SCIM.
I quite like Enlightenment and Terminology. However, they are not available on RHEL 7.
Thus I’ve made a copr repo for RHEL7.
Note that I disable couples of things to make it work in RHEL 7.
- Wayland support: See https://bugzilla.redhat.com/show_bug.cgi?id=1214597
- SCIM: I don’t want to port SCIM in RHEL 7, normally you can use IBus for input methods.
- vlc: This cannot be in copr, nor do I have time to build it.
It is a pity, as you won’t able to see some fancy features provided by EFL filemanager and terminology.
If you want to install synergy-1.6.2 on RHEL 7, it is in my EPEL Collection. Use following script to install it As root:
yum -y install synergy
Some Chinese Zanata users report they cannot use Zanata in China.
In order to simulate the environment, I run following script:
iptables -I INPUT -s 126.96.36.199/16 -j DROP
iptables -I INPUT -s 188.8.131.52/16 -j DROP
iptables -I INPUT -s 184.108.40.206/16 -j DROP
iptables -I INPUT -s 220.127.116.11/16 -j DROP
iptables -I INPUT -s 18.104.22.168/16 -j DROP
iptables -I INPUT -s 22.214.171.124/16 -j DROP
iptables -I INPUT -s 126.96.36.199/16 -j DROP
Since I just want a quick environment to simulate the Google-less users, nor do I obtained the exact blocked IP ranges, I did not spend much time on fixing false positive and false negative of these IP ranges. So do check whether your web services are fallen with in the range before you test it.