Kernel 3.2+: Hide Processes From Other Normal Users!

In a multi-user system it was always possible for any user to list all running processes on the system whether or not these processes belong to the user!

With linux kernel 3.2+ (RHEL/Centos 6.5+) there is a new added feature to give the root a full control over this issue where root will be the one who can list all running processes and all users will only list their own processes no more.

New mounting option: hidepid

The new option defines how much info about processes we want to be available for non-owners.The value of it will define the mode in mounting as follow:

hidepid=0 – The old behavior – anybody may read all world-readable /proc/PID/* files (default).

hidepid=1 – It means users may not access any /proc/ / directories, but their own. Sensitive files like cmdline, sched*, status are now protected against other users.

hidepid=2 It means hidepid=1 plus all /proc/PID/ will be invisible to other users. It compicates intruder’s task of gathering info about running processes, whether some daemon runs with elevated privileges, whether another user runs some sensitive program, whether other users run any program at all, etc.

This could be done through the command line as follow

# mount -o remount,rw,hidepid=2 /proc

Or by updating /etc/fstab

# vi /etc/fstab

proc    /proc    proc    defaults,hidepid=2     0     0

This will need # mount -a   to just re-read /etc/fstab

References:

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0499680a42141d86417a8fbaa8c8db806bea1201

Bringing Unix Philosophy to Big Data

The Unix philosophy fundamentally changed the way we think of computing systems: instead of a sealed monolith, the system became a collection of small, easily understood programs that could be quickly connected in novel and ad hoc ways. Today, big data looks much like the operating systems landscape in the pre-Unix 1960s: complicated frameworks surrounding by a priesthood that must manage and protect a fragile system.

Bryan Cantrill in one of the best Big Data talks; describes and demonstrates Manta, a new object store featuring in situ compute that brings the Unix philosophy to big data, allowing tools like grep, awk and sed to be used in map-reduce fashion on arbitrary amounts of data describing both the design challenges in building Manta (a system built largely in node.js)

Cannot move file to trash, do you want to delete immediately?

When nautilus trashes something, it doesn’t want to have to move it across partitions. This is because it takes a lot longer to move between partitions, and then if you remove the partition then the trash has no place to restore to.

This isn’t a problem on drives which don’t have a seperate home partition because then nautilus isn’t sending the files to a different partition by putting them in ~/.local/share/Trash

Anywhere that is on the same partitions as your home directory is sent to ~/.local/share/Trash. This works across the entire root partition on setups which only have one partition.

On any other partition nautilus will make a .Trash-1000 folder on the root of the partition, then send all trashed files into that. This works rather well on external drives that you have full read/write access to, though it won’t work if you don’t have write permission to the root of the drive.

Because your / partition isn’t the same as your /home partition, and a .Trash-1000 doesn’t exist with write permission at the root of your system, nautilus will fail to trash files. Thus the delete key won’t work and a trash action won’t be available in the menus.

You could try using a root nautilus and deleting one file so that the /.Trash-1000 folder is created correctly, then using sudo chmod -R 777 /.Trash-1000 to give yourself permission to access a trash on the / filesystem. I cannot confirm that this will work though you could give it a try, this should be working fine

Increase your apt cache limit

increase value APT::Cache-Limit
When the time I try to install google-perftools-dev oackage using apt-get; unfortunately I got message error in the terminal :

Reading package lists… Error!
E: Dynamic MMap ran out of room. Please increase the size of APT::Cache-Limit. Current value: 25165824. (man 5 apt.conf)
E: Error occurred while processing mixxx-libperf (NewVersion1)
E: Problem with MergeList /var/lib/apt/lists/ftp.de.debian.org_debian_dists_wheezy_main_binary-amd64_Packages
W: Unable to munmap
E: The package lists or status file could not be parsed or opened.

The solution is pretty easy to fix it is just you need to increase the value APT::Cache-Limit at the /etc/apt/apt.conf.d/70debconf.
$sudo gedit /etc/apt/apt.conf.d/70debconf
Then put this code at the end of file, save and exit.

APT::Cache-Limit "100000000";

at the below on that file and then save it. Next typing this code on your terminal

$ sudo apt-get clean && sudo apt-get update --fix-missing

and you won’t find apt cache limit again in the next time.

 

Running Gem5 in full-system mode Ubuntu 12.04 “LTS”

Building Gem5 from scratch on ubuntu 12.04 “LTS”

Assuming you have a fresh Ubuntu 12.04 installed, and I assume you already understand what is the python script gem5.opt, gem5.debug, gem5.fast … etc if not you can easily visit the official website of Gem5 documentation http://m5sim.org/Documentation

$ sudo apt-get update; sudo apt-get upgrade

# installing the needed packages for Gem5

$ sudo apt-get install mercurial scons swig gcc m4 python python-dev libgoogle-perftools-dev g++  build-essential

# you can download the .tar.gz file and extract it but I prefer grabbing from the repo just in # case you needed to run $ hg pull to update the code or to commit

$ hg clone http://repo.gem5.org/gem5   # this is a developer version

$ cd gem5/

# Gem5 uses scons build system instead of make

$ scons build/ARM/gem5.opt

## To test the System Emulation mode you can run one of the programs shipped with Gem5
$ ./build/ARM/gem5.opt configs/example/se.py -c tests/test-progs/hello/bin/arm/linux/hel­lo

# You can check out this live demo by Bayn in this youtube Video

Build gcc 4.5.X from scratch on Ubuntu

First of all just as anywhere else mentions, you need GMP, MPFR andMPC to compile gcc. But these are not enough, you will need PPL,CLOOG and libelf too. You might try these to get from debian/ubuntu repositories but you may not be able to find them. Even if you do, you may not be able to install because of the same dependency conflicts.

You really can try to grab it from ubuntu repo if you are lucky and can find the exact version you are looking for as follow:

$ sudo apt-get install gcc-4.5 g++-4.5
$ ln -s /usr/bin/gcc-4.5 /usr/bin/gcc
$ ln -s /usr/bin/g++-4.5 /usr/bin/g++

If you can’t find exact version, just got for the manual way which I prefer:

I compiled all of them manually and here are the versions used:

• gmp-5.0.1
• mpc-0.9
• mpfr-3.0.0
• ppl-0.11.1
• cloog-ppl-0.15.10
• libelf-0.8.13
• and of course gcc-4.5.2

Any of those require any other library than the ones in the list, i installed using apt. After ./configure && make && make installing all dependencies i did those to get a build.

mkdir gcc-build
cd gcc-build
../gcc-4.5.2/./configure --disable-ppl-version-check --enable-languages=c,c++
make -j3
make install

Creating a dir like gcc-build and building there is the preferred way of doing things, but docs say doing a build in the same directory as sources may yield unexpected results.

How to install specific version of Ubuntu/Debian package using apt-get

I know so many people face a problem that the sources.list file which include the repo URLs where their system get the packages from all of these repos in that file, and the problem mostly happens when users install a recent or old version of the OS but they really need specific version of the package not the default one that apt-get usually grabs from the repos.

I usually face the same problem mostly when building something from scratch and really need specific version, here is how to follow up specific version if it exists on these repos, if not you gotta get the source code and compile it by yourself.For example, when doing $ sudo apt-get install binutils
I was able to install binutils-2.22.6 but I really needed to install binutils-2.20.2 here is how to go for it.$ sudo apt-cache show binutils
I was able to see the version I needed and then you might have more than one version exists, so what to do to get the specific one you need:

$ sudo apt-get install <package_name>=<package_version>
EX
$ sudo apt-get install binutils=2.20.6

This should be working fine 😉

Cheers,