From Fedora Project Wiki

 
(15 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
== About me ==
 
== About me ==
I'm a part of the [[Anaconda|Anaconda]] team at Red Hat. Specifically, my work tends to focus on support for secondary architectures ([[Architectures/s390x|s390x]], [[Architectures/PowerPC|PowerPC]]) and text UI.
+
[[File:Sbueno_flock_av.jpg |thumb||Flock 2014 in Prague, CZ]]
 +
I joined Red Hat in 2012. Prior to that, I worked as a systems administrator at the Georgia Institute of Technology since 2008, in the physics and the math departments.
  
Prior to coming to Red Hat, I was a Linux sysadmin at an engineering school. My work there involved service migration/consolidation, automating and customizing kickstart installs, packaging custom RPMs and learning an awful lot about package management, making various tweaks to the security policy, and a small amount of identity management.
+
I manage the [[Anaconda|installer team]], as well as the [[Kernel|Fedora kernel team]] and [http://weldr.io Composer] team. My time as an engineer was spent working on Anaconda, and I primarily handled support for s390x, as well as text mode.
  
Non-work interests of mine include SELinux, modular origami, writing, breakfast, and Star Trek.
+
Non-work interests of mine include writing, reading, gardening, running and playing the piano.
 +
 
 +
In 2017, I relocated from the United States to the Czech Republic. In late 2018, I relocated back to the US. I shuffle around a bit between the two places, since I love both.
  
 
== Contact ==
 
== Contact ==
* '''Email''': sbueno at redhat dot com.......
+
* '''Email''': sbueno at redhat dot com
 
* '''IRC''': sbueno on freenode
 
* '''IRC''': sbueno on freenode
 
* '''Fedora Account''': sbueno
 
* '''Fedora Account''': sbueno
* '''Time Zone''': EST5EDT
+
* '''Time Zone''': CET/CEST or EST/EDT.
* '''Location''': Cambridge, MA
+
* '''Location''': Czech Republic or Boston, MA, USA
 
 
== SELinux and virtualization ==
 
A lot of people I know turn SELinux off in order to get virtualization working. Not cool. If you're having problems, these are the minor tweaks I made to SELinux on my F17 system to get things running smoothly. These notes are copied from my workstation runlogs, so excuse the brevity. Hopefully I didn't accidentally leave anything out since I worked pretty quickly. Of course, these notes come with the standard warning of, "It's likely I've done something correct-but-badly and/or inefficiently, so follow these at your own risk."
 
 
 
* selinux tools; probably don't need all of these, but I like them there
 
<code>yum install policycoreutils policycoreutils-newrole policycoreutils-restorecond setools setools-console policycoreutils</code>
 
 
 
* by default I make /var about 08GB; unfortunately, libvirt stores images in here, so space quickly becomes an issue for me; no matter, just move things elsewhere..../scratch is just a partition I've carved out for miscellaneous storage--perfect, for my needs here, in other words.
 
<pre>
 
cd /var/lib
 
mv -f libvirt/ /scratch/
 
ln -s /scratch/libvirt/ .
 
#
 
# now fix the selinux fcontext for that dir
 
restorecon -R -F /scratch/libvirt
 
semanage fcontext -S targeted -a -t var_image_t "/scratch/libvirt(/.*)?"
 
semanage fcontext -S targeted -a -t var_image_t "/var/lib/libvirt(/.*)?"
 
restorecon -vv -F /scratch/libvirt
 
restorecon -vv -F /var/lib/libvirt
 
</pre>
 
 
 
* change selinux user mapping for my user created at install time
 
<code>semanage login -a -s staff_u sbueno</code>
 
 
 
* change the default selinux user mapping for future new users (don't want any unconfined_u's running around....)
 
<code>semanage login -m -S targeted -s "user_u" -r s0 __default__</code>
 
 
 
* time to fulfil virtualization needs
 
<code>yum install qemu-kvm libvirt-daemon-kvm qemu-kvm-tools virt-manager x3270-x11 tigervnc</code>
 
 
 
* fix some booleans since virtualization is a cluster of AVCs by default
 
<pre>
 
# HINT: you can do this via setsebool -P also, but you can only change one
 
# boolean at a time that way, meaning the policy will need to be recompiled
 
# for every single boolean you want to flip; do it this way and only recompile
 
# the policy once
 
semanage -S targeted -i - << EOF
 
boolean -m --on staff_use_svirt
 
boolean -m --on virt_use_execmem
 
boolean -m --on virt_use_nfs
 
boolean -m --on virt_use_sysfs
 
boolean -m --on virt_use_usb
 
boolean -m --on virt_use_xserver
 
EOF
 
</pre>
 
 
 
* If your SELinux user mapping changed (ex. from user_u to staff_u), you probably want to log out and back in again. Aside from that, you should be good to go.
 

Latest revision as of 11:54, 6 February 2019

About me

Flock 2014 in Prague, CZ

I joined Red Hat in 2012. Prior to that, I worked as a systems administrator at the Georgia Institute of Technology since 2008, in the physics and the math departments.

I manage the installer team, as well as the Fedora kernel team and Composer team. My time as an engineer was spent working on Anaconda, and I primarily handled support for s390x, as well as text mode.

Non-work interests of mine include writing, reading, gardening, running and playing the piano.

In 2017, I relocated from the United States to the Czech Republic. In late 2018, I relocated back to the US. I shuffle around a bit between the two places, since I love both.

Contact

  • Email: sbueno at redhat dot com
  • IRC: sbueno on freenode
  • Fedora Account: sbueno
  • Time Zone: CET/CEST or EST/EDT.
  • Location: Czech Republic or Boston, MA, USA