FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-01-2008, 09:28 PM
"Daniel B. Thurman"
 
Default SELinux, Apache and Subversion problem.

It seems that I am having a bit of a problem with SElinux,
Apache, and Subversion in the way that I have my subversion
respository located not in the "recommended" place.

Instead of putting the repository in the recommended place:
/var/www/svn for example, docs says you can put the repository
elsewhere by adding SVNParentPath=/my/place/svn entry into the
/etc/httpd/conf.d/subversion.conf file, but SELinux does not
like it. I did changed the svn repository directory/files with
context httpd_sys_context_t and with ownership of apache.apache.
I also created a link such as /var/www/svn -> /my/svn setting
SVNParentPath=/var/www/svn - it does not work as well.

I have tested to see if SELinux is blocking access by setting
setenforce 0, then opened up the firefox browser, entered
my user name and password and it worked, but setting setenforce 1
back, breaks it again.

Does anyone know how to do it - beside recommending that I
place the svn repository directly into /var/www/svn?

Thanks-
Dan

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 02:31 AM
Daniel J Walsh
 
Default SELinux, Apache and Subversion problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel B. Thurman wrote:
> It seems that I am having a bit of a problem with SElinux,
> Apache, and Subversion in the way that I have my subversion
> respository located not in the "recommended" place.
>
> Instead of putting the repository in the recommended place:
> /var/www/svn for example, docs says you can put the repository
> elsewhere by adding SVNParentPath=/my/place/svn entry into the
> /etc/httpd/conf.d/subversion.conf file, but SELinux does not
> like it. I did changed the svn repository directory/files with
> context httpd_sys_context_t and with ownership of apache.apache.
> I also created a link such as /var/www/svn -> /my/svn setting
> SVNParentPath=/var/www/svn - it does not work as well.
>
> I have tested to see if SELinux is blocking access by setting
> setenforce 0, then opened up the firefox browser, entered
> my user name and password and it worked, but setting setenforce 1
> back, breaks it again.
>
> Does anyone know how to do it - beside recommending that I
> place the svn repository directly into /var/www/svn?
>
> Thanks-
> Dan
>
What avc messages are you seeing? /var/log/audit/audit.log
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkej4/kACgkQrlYvE4MpobM/XQCfUM6KBrPSYl0eIQgST40fFmOE
gkMAnRMk+V60i7RQkSANWpjYf3cmQhOX
=qXQd
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 10:25 PM
"Daniel B. Thurman"
 
Default SELinux, Apache and Subversion problem.

Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Daniel B. Thurman wrote:
> > It seems that I am having a bit of a problem with SElinux,
> > Apache, and Subversion in the way that I have my subversion
> > respository located not in the "recommended" place.
> >
> > Instead of putting the repository in the recommended place:
> > /var/www/svn for example, docs says you can put the repository
> > elsewhere by adding SVNParentPath=/my/place/svn entry into the
> > /etc/httpd/conf.d/subversion.conf file, but SELinux does not
> > like it. I did changed the svn repository directory/files with
> > context httpd_sys_context_t and with ownership of apache.apache.
> > I also created a link such as /var/www/svn -> /my/svn setting
> > SVNParentPath=/var/www/svn - it does not work as well.
> >
> > I have tested to see if SELinux is blocking access by setting
> > setenforce 0, then opened up the firefox browser, entered
> > my user name and password and it worked, but setting setenforce 1
> > back, breaks it again.
> >
> > Does anyone know how to do it - beside recommending that I
> > place the svn repository directly into /var/www/svn?
> >
> > Thanks-
> > Dan
> >
> What avc messages are you seeing? /var/log/audit/audit.log
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (GNU/Linux)
> Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkej4/kACgkQrlYvE4MpobM/XQCfUM6KBrPSYl0eIQgST40fFmOE
> gkMAnRMk+V60i7RQkSANWpjYf3cmQhOX
> =qXQd
> -----END PGP SIGNATURE-----

I left intact the above and did not snip it because for some
reason, Daniel Walsh has encapsulated it with PGP? Dunno,
beats me.

The following has to do with problems encountered while setting
up Apache and SubVersion.

1) If I do not install my SVN Repository to the recommened
place of /var/www/ directory, SELinux blocks access.
It does not matter if I have set the proper context
(httpd_sys_content_t), and directory/file ownerships
(apache.apache) SElinux does not complain if the repository
is in /var/www. The SELinux error logs are provided for
further examination by those who cares.

2) When I have properly configured my
/etc/httpd/conf.d/subversion.conf file for access levels and
permissions, I can go to my favorite browser, type in:
http://localhost/svn (or whatever you set Location to). and it
will prompt me for username and password, and will let me
browse the SVN tree.

My problem comes in when I do NOT use my browser, but
instead use the command line, or try to access the SVN
repository remotely or via Eclipse. None of these attempts
work. For me, it *always* results in a ModSecurity error.

I can however access my repository via file:/// access, I
just cannot do with with http:// I have tested with setenforce
and SELinux has nothing to do with this case as there is no
audit log reports either way.


+ svn list file:///var/www/svn/projects [SUCCESSFUL]
================================================== ===
branches/
tags/
trunk/

+ svn list file:///fapp1/svn/projects [SUCCESSFUL]
==================================================
branches/
tags/
trunk/

+ svn list http://127.0.0.1/svn/projects [FAILURE]
Note: you can use localhost or your FQDN - it still fails.
================================================== ========
svn: PROPFIND request failed on '/svn/projects/!svn/vcc/default'
svn: PROPFIND of '/svn/projects/!svn/vcc/default': 400 Bad
Request (http://127.0.0.1)

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%
NOTE: The following SELinux data appears ONLY if SVN respository
is NOT in /var/www/svn directory, in my case above: /fapp1/svn
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%
/var/log/audit/audit.log:
=========================
type=AVC msg=audit(1201975689.832:2302): avc: denied { search } for
pid=22110 comm="httpd" name="/" dev=sdc1 ino=2 scontext=unconfined_u:
system_r:httpd_t:s0 tcontext=system_ubject_r:default_t:s0 tclass=dir
type=SYSCALL msg=audit(1201975689.832:2302): arch=40000003 syscall=5
success=no exit=-13 a0=ba4ab678 a1=8000 a2=1b6 a3=8000 items=0 ppid=22104
pid=22110 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:
system_r:httpd_t:s0 key=(null)

sealert:
Summary
SELinux is preventing access to files with the default label, default_t.

Detailed Description
SELinux permission checks on files labeled default_t are being denied.
These files/directories have the default label on them. This can indicate
a labeling problem, especially if the files being referred to are not top
level directories. Any files/directories under standard system directories,
/usr, /var. /dev, /tmp, ..., should not be labeled with the default label.
The default label is for files/directories which do not have a label on a
parent directory. So if you create a new directory in / you might
legitimately get this label.

Allowing Access
If you want a confined domain to use these files you will probably need to
relabel the file/directory with chcon. In some cases it is just easier to
relabel the system, to relabel execute: "touch /.autorelabel; reboot"

Additional Information

Source Context unconfined_u:system_r:httpd_t:s0
Target Context system_ubject_r:default_t:s0
Target Objects None [ dir ]
Affected RPM Packages httpd-2.2.6-3 [application]
Policy RPM selinux-policy-3.0.8-81.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.default
Host Name xxxxx.cdkkt.com
Platform Linux xxxxx.cdkkt.com 2.6.23.14-107.fc8 #1 SMP Mon
Jan 14 21:37:30 EST 2008 i686 i686
Alert Count 5
First Seen Fri 01 Feb 2008 02:03:45 PM PST
Last Seen Sat 02 Feb 2008 10:10:33 AM PST
Local ID 8cb35e21-1c2c-45cf-ac9d-18152da60a1b
Line Numbers

Raw Audit Messages

avc: denied { search } for comm=httpd dev=sdc1 egid=48 euid=48
exe=/usr/sbin/httpd exit=-13 fsgid=48 fsuid=48 gid=48 items=0
name=/ pid=22109
scontext=unconfined_u:system_r:httpd_t:s0 sgid=48
subj=unconfined_u:system_r:httpd_t:s0 suid=48 tclass=dir
tcontext=system_ubject_r:default_t:s0 tty=(none) uid=48
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%

/var/log/httpd/access_log:
=========================
10.1.0.143 - - [02/Feb/2008:09:52:42 -0800] "PROPFIND /svn/projects
HTTP/1.1" 207 655 "-" "SVN/1.4.4 (r25188) neon/0.27.2"
10.1.0.143 - - [02/Feb/2008:09:52:43 -0800] "PROPFIND /svn/projects/
!svn/vcc/default HTTP/1.1" 400 306 "-" "SVN/1.4.4 (r25188) neon/0.27.2"


/var/log/httpd/error_log:
=========================
[Sat Feb 02 09:52:42 2008] [error] [client 10.1.0.143] ModSecurity:
Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required.
[id "960015"] [msg "Request Missing an Accept Header"] [severity
"CRITICAL"] [hostname "xxxxx.cdkkt.com"] [uri "/svn/projects"]
[unique_id "jsS@1goBAI8AAFWPHK8AAAAA"]
[Sat Feb 02 09:52:42 2008] [error] [client 10.1.0.143] ModSecurity:
Warning. Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against
"REQUEST_METHOD" required. [id "960032"] [msg "Method is not
allowed by policy"] [severity "CRITICAL"] [hostname "xxxxx.cdkkt.com"]
[uri "/svn/projects"] [unique_id
"jsS@1goBAI8AAFWPHK8AAAAA"]
[Sat Feb 02 09:52:43 2008] [error] [client 10.1.0.143] ModSecurity: Access
allowed (phase 4). Pattern match "^(PROPFIND|PROPPATCH)$" at REQUEST_METHOD.
[hostname "xxxxx.cdkkt.com"] [uri "/svn/projects"] [unique_id
"jsS@1goBAI8AAFWPHK8AAAAA"]
[Sat Feb 02 09:52:43 2008] [error] [client 10.1.0.143] ModSecurity:
Access denied with code 400 (phase 2). Match of "rx ^[a-z]{3,10}\
s*(?:\w{3,7}?\:\/\/[\w\-\.\/]*)??\/[\w
\-\.\/~%:@&=+$,;]*(?:\?[\S]*)??\s*http\/\d
.\d$" against "REQUEST_LINE" required. [id "960911"] [msg "Invalid
HTTP Request Line"] [severity "CRITICAL"] [hostname "xxxxx.cdkkt.com"]
[uri "/svn/projects/!svn/vcc/default"] [unique_id "jsfGswoBAI8AAFWRHLgAAAAC"]

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-04-2008, 02:51 PM
Daniel J Walsh
 
Default SELinux, Apache and Subversion problem.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel B. Thurman wrote:
> Daniel J Walsh wrote:
> Daniel B. Thurman wrote:
>>>> It seems that I am having a bit of a problem with SElinux,
>>>> Apache, and Subversion in the way that I have my subversion
>>>> respository located not in the "recommended" place.
>>>>
>>>> Instead of putting the repository in the recommended place:
>>>> /var/www/svn for example, docs says you can put the repository
>>>> elsewhere by adding SVNParentPath=/my/place/svn entry into the
>>>> /etc/httpd/conf.d/subversion.conf file, but SELinux does not
>>>> like it. I did changed the svn repository directory/files with
>>>> context httpd_sys_context_t and with ownership of apache.apache.
>>>> I also created a link such as /var/www/svn -> /my/svn setting
>>>> SVNParentPath=/var/www/svn - it does not work as well.
>>>>
>>>> I have tested to see if SELinux is blocking access by setting
>>>> setenforce 0, then opened up the firefox browser, entered
>>>> my user name and password and it worked, but setting setenforce 1
>>>> back, breaks it again.
>>>>
>>>> Does anyone know how to do it - beside recommending that I
>>>> place the svn repository directly into /var/www/svn?
>>>>
>>>> Thanks-
>>>> Dan
>>>>
> What avc messages are you seeing? /var/log/audit/audit.log

> I left intact the above and did not snip it because for some
> reason, Daniel Walsh has encapsulated it with PGP? Dunno,
> beats me.

You need to fix the context on the entire path.

/my/place/svn

# semanage fcontext -a -t httpd_sys_content_t '/my(/.*)?'
# restorecon -R -v /my


> The following has to do with problems encountered while setting
> up Apache and SubVersion.

> 1) If I do not install my SVN Repository to the recommened
> place of /var/www/ directory, SELinux blocks access.
> It does not matter if I have set the proper context
> (httpd_sys_content_t), and directory/file ownerships
> (apache.apache) SElinux does not complain if the repository
> is in /var/www. The SELinux error logs are provided for
> further examination by those who cares.

> 2) When I have properly configured my
> /etc/httpd/conf.d/subversion.conf file for access levels and
> permissions, I can go to my favorite browser, type in:
> http://localhost/svn (or whatever you set Location to). and it
> will prompt me for username and password, and will let me
> browse the SVN tree.

> My problem comes in when I do NOT use my browser, but
> instead use the command line, or try to access the SVN
> repository remotely or via Eclipse. None of these attempts
> work. For me, it *always* results in a ModSecurity error.

> I can however access my repository via file:/// access, I
> just cannot do with with http:// I have tested with setenforce
> and SELinux has nothing to do with this case as there is no
> audit log reports either way.


> + svn list file:///var/www/svn/projects [SUCCESSFUL]
> ================================================== ===
> branches/
> tags/
> trunk/

> + svn list file:///fapp1/svn/projects [SUCCESSFUL]
> ==================================================
> branches/
> tags/
> trunk/

> + svn list http://127.0.0.1/svn/projects [FAILURE]
> Note: you can use localhost or your FQDN - it still fails.
> ================================================== ========
> svn: PROPFIND request failed on '/svn/projects/!svn/vcc/default'
> svn: PROPFIND of '/svn/projects/!svn/vcc/default': 400 Bad
> Request (http://127.0.0.1)

> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%
> NOTE: The following SELinux data appears ONLY if SVN respository
> is NOT in /var/www/svn directory, in my case above: /fapp1/svn
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%
> /var/log/audit/audit.log:
> =========================
> type=AVC msg=audit(1201975689.832:2302): avc: denied { search } for
> pid=22110 comm="httpd" name="/" dev=sdc1 ino=2 scontext=unconfined_u:
> system_r:httpd_t:s0 tcontext=system_ubject_r:default_t:s0 tclass=dir
> type=SYSCALL msg=audit(1201975689.832:2302): arch=40000003 syscall=5
> success=no exit=-13 a0=ba4ab678 a1=8000 a2=1b6 a3=8000 items=0 ppid=22104
> pid=22110 auid=500 uid=48 gid=48 euid=48 suid=48 fsuid=48 egid=48 sgid=48
> fsgid=48 tty=(none) comm="httpd" exe="/usr/sbin/httpd" subj=unconfined_u:
> system_r:httpd_t:s0 key=(null)

> sealert:
> Summary
> SELinux is preventing access to files with the default label, default_t.

> Detailed Description
> SELinux permission checks on files labeled default_t are being denied.
> These files/directories have the default label on them. This can indicate
> a labeling problem, especially if the files being referred to are not top
> level directories. Any files/directories under standard system directories,
> /usr, /var. /dev, /tmp, ..., should not be labeled with the default label.
> The default label is for files/directories which do not have a label on a
> parent directory. So if you create a new directory in / you might
> legitimately get this label.

> Allowing Access
> If you want a confined domain to use these files you will probably need to
> relabel the file/directory with chcon. In some cases it is just easier to
> relabel the system, to relabel execute: "touch /.autorelabel; reboot"

> Additional Information

> Source Context unconfined_u:system_r:httpd_t:s0
> Target Context system_ubject_r:default_t:s0
> Target Objects None [ dir ]
> Affected RPM Packages httpd-2.2.6-3 [application]
> Policy RPM selinux-policy-3.0.8-81.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.default
> Host Name xxxxx.cdkkt.com
> Platform Linux xxxxx.cdkkt.com 2.6.23.14-107.fc8 #1 SMP Mon
> Jan 14 21:37:30 EST 2008 i686 i686
> Alert Count 5
> First Seen Fri 01 Feb 2008 02:03:45 PM PST
> Last Seen Sat 02 Feb 2008 10:10:33 AM PST
> Local ID 8cb35e21-1c2c-45cf-ac9d-18152da60a1b
> Line Numbers

> Raw Audit Messages

> avc: denied { search } for comm=httpd dev=sdc1 egid=48 euid=48
> exe=/usr/sbin/httpd exit=-13 fsgid=48 fsuid=48 gid=48 items=0
> name=/ pid=22109
> scontext=unconfined_u:system_r:httpd_t:s0 sgid=48
> subj=unconfined_u:system_r:httpd_t:s0 suid=48 tclass=dir
> tcontext=system_ubject_r:default_t:s0 tty=(none) uid=48
> %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%

> /var/log/httpd/access_log:
> =========================
> 10.1.0.143 - - [02/Feb/2008:09:52:42 -0800] "PROPFIND /svn/projects
> HTTP/1.1" 207 655 "-" "SVN/1.4.4 (r25188) neon/0.27.2"
> 10.1.0.143 - - [02/Feb/2008:09:52:43 -0800] "PROPFIND /svn/projects/
> !svn/vcc/default HTTP/1.1" 400 306 "-" "SVN/1.4.4 (r25188) neon/0.27.2"


> /var/log/httpd/error_log:
> =========================
> [Sat Feb 02 09:52:42 2008] [error] [client 10.1.0.143] ModSecurity:
> Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required.
> [id "960015"] [msg "Request Missing an Accept Header"] [severity
> "CRITICAL"] [hostname "xxxxx.cdkkt.com"] [uri "/svn/projects"]
> [unique_id "jsS@1goBAI8AAFWPHK8AAAAA"]
> [Sat Feb 02 09:52:42 2008] [error] [client 10.1.0.143] ModSecurity:
> Warning. Match of "rx ^((??:POS|GE)T|OPTIONS|HEAD))$" against
> "REQUEST_METHOD" required. [id "960032"] [msg "Method is not
> allowed by policy"] [severity "CRITICAL"] [hostname "xxxxx.cdkkt.com"]
> [uri "/svn/projects"] [unique_id
> "jsS@1goBAI8AAFWPHK8AAAAA"]
> [Sat Feb 02 09:52:43 2008] [error] [client 10.1.0.143] ModSecurity: Access
> allowed (phase 4). Pattern match "^(PROPFIND|PROPPATCH)$" at REQUEST_METHOD.
> [hostname "xxxxx.cdkkt.com"] [uri "/svn/projects"] [unique_id
> "jsS@1goBAI8AAFWPHK8AAAAA"]
> [Sat Feb 02 09:52:43 2008] [error] [client 10.1.0.143] ModSecurity:
> Access denied with code 400 (phase 2). Match of "rx ^[a-z]{3,10}\
> s*(?:\w{3,7}?\:\/\/[\w\-\.\/]*)??\/[\w
> \-\.\/~%:@&=+$,;]*(?:\?[\S]*)??\s*http\/\d
> .\d$" against "REQUEST_LINE" required. [id "960911"] [msg "Invalid
> HTTP Request Line"] [severity "CRITICAL"] [hostname "xxxxx.cdkkt.com"]
> [uri "/svn/projects/!svn/vcc/default"] [unique_id "jsfGswoBAI8AAFWRHLgAAAAC"]


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkenNGYACgkQrlYvE4MpobOROgCdEwBsId1GO4 pkV6tEpsRr3Iib
fn4AniFEf4NVpAIsKiM5BORQAUVokO6e
=W+Zw
-----END PGP SIGNATURE-----

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-04-2008, 03:30 PM
"Arthur Pemberton"
 
Default SELinux, Apache and Subversion problem.

On Feb 1, 2008 4:28 PM, Daniel B. Thurman <dant@cdkkt.com> wrote:
>
> It seems that I am having a bit of a problem with SElinux,
> Apache, and Subversion in the way that I have my subversion
> respository located not in the "recommended" place.
>
> Instead of putting the repository in the recommended place:
> /var/www/svn for example, docs says you can put the repository
> elsewhere by adding SVNParentPath=/my/place/svn entry into the
> /etc/httpd/conf.d/subversion.conf file, but SELinux does not
> like it. I did changed the svn repository directory/files with
> context httpd_sys_context_t and with ownership of apache.apache.
> I also created a link such as /var/www/svn -> /my/svn setting
> SVNParentPath=/var/www/svn - it does not work as well.
>
> I have tested to see if SELinux is blocking access by setting
> setenforce 0, then opened up the firefox browser, entered
> my user name and password and it worked, but setting setenforce 1
> back, breaks it again.
>
> Does anyone know how to do it - beside recommending that I
> place the svn repository directly into /var/www/svn?
>
> Thanks-
> Dan


Just to be brief a bit. I have two machines with SELinux and
Subversion. One at /var/ww/svn and one at /srv/svn. Both work just
fine.

Looking at the AVCs, seems like the files are improperly labeled. Take
a look and Daniel Walsh's most recent replies to see how to fix this.



--
Fedora 7 : sipping some of that moonshine
( www.pembo13.com )

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 03:25 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org