I'm hoping some of you here have run gentoo on a windows host and will
know something about the various networking possibilities.

My setup:

Wireless connected laptop running windows vista premium home
Local lan network connected to internet via cable.

Home router has the internet connection and wireless laptop is joined
into lan by a WAP (Wireless access point). With static ip addressing
(not dhcp).

When setting up gentoo in the virtual machine you have two main
approaches to networking. Bridged and Nat.

Can anyone tell me which is best suited for my setup.
Starting the 2008.0 minimal iso file in vmware... I end up with a
working network immediately without doing a thing.

Maybe I can just transfer those settings somehow but there are no
setting in /etc/conf.d/net on the install disk.

It appears to have gotten an address from a dhcp server built into
vmware.

I don't want to jerk around with wireless setting for the gentoo
install and would prefer to connect thru the hosts ip and nameserver.

Should I use `Bridged' or `Nat'. And how to set it up after making
that decision.


--
gentoo-user@lists.gentoo.org mailing list


Sun Apr 20 17:30:01 2008
Return-path: <gentoo-hardened+bounces-2036-tom=linux-archive.org@lists.gentoo.org>
Envelope-to: tom@linux-archive.org
Delivery-date: Sun, 20 Apr 2008 17:17:04 +0300
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
by s2.java-tips.org with esmtp (Exim 4.68)
(envelope-from <gentoo-hardened+bounces-2036-tom=linux-archive.org@lists.gentoo.org>)
id 1JnaLo-0004YH-GS
for tom@linux-archive.org; Sun, 20 Apr 2008 17:17:04 +0300
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 23F81E05E6;
Sun, 20 Apr 2008 14:16:55 +0000 (UTC)
X-Original-To: gentoo-hardened@lists.gentoo.org
Delivered-To: gentoo-hardened@lists.gentoo.org
Received: from ananke.telenet-ops.be (ananke.telenet-ops.be [195.130.137.78])
by pigeon.gentoo.org (Postfix) with ESMTP id D63CFE05E6
for <gentoo-hardened@lists.gentoo.org>; Sun, 20 Apr 2008 14:16:54 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
by ananke.telenet-ops.be (Postfix) with SMTP id 8C9463923C2
for <gentoo-hardened@lists.gentoo.org>; Sun, 20 Apr 2008 16:16:54 +0200 (CEST)
Received: from [192.168.1.3] (user-85-201-69-178.tvcablenet.be [85.201.69.178])
by ananke.telenet-ops.be (Postfix) with ESMTP id 6A3FF3923C1
for <gentoo-hardened@lists.gentoo.org>; Sun, 20 Apr 2008 16:16:54 +0200 (CEST)
Message-ID: <480B5055.6040806@tvcablenet.be>
Date: Sun, 20 Apr 2008 16:16:53 +0200
From: =?ISO-8859-1?Q?Fran=E7ois_Valenduc?=
<francois.valenduc@tvcablenet.be>
User-Agent: Thunderbird 2.0.0.12 (X11/20080229)
Precedence: bulk
List-Post: <mailto:gentoo-hardened@lists.gentoo.org>
List-Help: <mailto:gentoo-hardened+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-hardened+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-hardened+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-hardened.gentoo.org>
X-BeenThere: gentoo-hardened@lists.gentoo.org
Reply-to: gentoo-hardened@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] hwclock and selinux
References: <480AFE5B.3070602@tvcablenet.be> <14361.193.11.246.158.1208686092.squirrel@webmail. rymdraket.net> <480B16F7.3090908@tvcablenet.be> <1208699870.5307.4.camel@defiant.pebenito.net>
In-Reply-To: <1208699870.5307.4.camel@defiant.pebenito.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Chris PeBenito a =E9crit :
> On Sun, 2008-04-20 at 12:12 +0200, Fran=E7ois Valenduc wrote:
> =20
>> xake@rymdraket.net a =E9crit :
>> =20
>>>> type=3D1400 audit(1208682664.167:223): avc: denied { read write } =
for
>>>> pid=3D29607 comm=3D"hwclock" path=3D"/var/log/faillog" dev=3Ddm-6 in=
o=3D271083
>>>> scontext=3Droot:system_r:hwclock_t tcontext=3Dsystem_ubject_r:fail=
log_t
>>>> tclass=3Dfile
>>>> =20
>>>> =20
>>> This is just an error about hwclock being unable to write to "faillog=
" so
>>> there must be something that goes wrong (making hwclock want to write=
to
>>> faillog).
>>>
>>> =20
>>> =20
>>>> I also got this error:
>>>> type=3D1400 audit(1208679707.497:84): avc: denied { read } for
>>>> pid=3D18454 comm=3D"hwclock" path=3D"/dev/urandom" dev=3Dtmpfs ino=3D=
2059
>>>> scontext=3Droot:system_r:hwclock_t
>>>> tcontext=3Dsystem_ubject_r:urandom_device_t tclass=3Dchr_file
>>>>
>>>> However, I think I solved it by issuing the commands "setsebool -P
>>>> global_ssp 1" and "load_policy"
>>>> =20
>>>> =20
>>> This is becouse you have the hardened toolchain, compiling everything=
with
>>> PIE/SSP by default. SSP want a random number (picked from /dev/urando=
m)
>>> when the binaries start. SELinux disables access to urandom per defau=
lt so
>>> you have to (as you did with sebool) tell SELinux that your system is
>>> compiled with SSP and thus the access to urandom should be permitted.
>>>
>>> =20
>>> =20
>> Yes, this has been solved with sebool. However, I still got the second=
=20
>> error (related to faillog). It also blocks distccd like this: (even if=
=20
>> the corresponding selinux policy is loaded):
>> type=3D1400 audit(1208681304.633:191): avc: denied { read write } fo=
r =20
>> pid=3D27886 comm=3D"distccd" path=3D"/var/log/faillog" dev=3Ddm-6 ino=3D=
271083=20
>> scontext=3Droot:system_r:distccd_t tcontext=3Dsystem_ubject_r:faillo=
g_t=20
>> tclass=3Dfile
>>
>> Do you know how to solve this second type of errors ?
>> Thanks for your help.
>> =20
>
> Seems weird that either of these programs would be writing to faillog,
> since that file is usually for logging login failures. Do you have any
> idea why this might be happening on your system?
>
> =20

I also get other denials related to these two programs:

type=3D1400 audit(1208708112.397:275): avc: denied { read } for =20
pid=3D1935 comm=3D"distccd" path=3D"pipe:[15699]" dev=3Dpipefs ino=3D1569=
9=20
scontext=3Duser_u:system_r:distccd_t=20
tcontext=3Dsystem_u:system_r:local_login_t tclass=3Dfifo_file

type=3D1400 audit(1208707984.676:266): avc: denied { read } for =20
pid=3D16744 comm=3D"hwclock" path=3D"pipe:[15699]" dev=3Dpipefs ino=3D156=
99=20
scontext=3Duser_u:system_r:hwclock_t=20
tcontext=3Dsystem_u:system_r:local_login_t tclass=3Dfifo_file

Maybe this is the real reason for the failure of these two programs.

Franois Valenduc
--=20
gentoo-hardened@lists.gentoo.org mailing list

reader@newsguy.com writes:

NOTE:
[ Sorry if this repost is a little abusive - possibly people just
felt it was too off topic and ignored it. I'm trying again since I
am not getting useful input from the vmware forums where this
properly belongs. Apparently not many of those vmware users are
involved with linux as guest OS, and I know from past experience
there are users here who can help with this]


I'm hoping some of you here have run gentoo on a windows host and will
know something about the various networking possibilities.

My setup:

Wireless connected laptop running windows vista premium home
Local lan network connected to internet via cable.

Home router has the internet connection and wireless laptop is joined
into lan by a WAP (Wireless access point). With static ip addressing
(not dhcp).

When setting up gentoo in the virtual machine you have two main
approaches to networking. Bridged and Nat.

Can anyone tell me which is best suited for my setup. I'd prefer not
to have to setup wireless networking and just use the host connection.

Starting the 2008.0 minimal iso file in vmware... I end up with a
working network immediately without doing a thing.

Maybe I can just transfer those settings somehow but there are no
setting in /etc/conf.d/net on the install disk.

It appears to have gotten an address from a dhcp server built into
vmware. [[added by HP -ed] However it offers addresses on the wrong
subnet for my local lan and I see no way to edit or change the subnet
it defaults too.]

I don't want to jerk around with wireless settings for the gentoo
install and would prefer to connect thru the hosts ip and nameserver,
letting the hosts wireless capabilities handle the wireless connection.

Should I use `Bridged' or `Nat'. And how to set it up after making
that decision? I suspect NAT is the answer since that works right out
of the box with 2008.1 minimal install *.iso.

However as mentioned above, that method ends up using a subnet that
does not match my local lan. The host can connect via ssh to the
livecd but no other part of the lan can (using NAT).



--
gentoo-user@lists.gentoo.org mailing list

On Tuesday 22 April 2008, 17:48, reader@newsguy.com wrote:

> I'm hoping some of you here have run gentoo on a windows host and will
> know something about the various networking possibilities.
>
> My setup:
>
> Wireless connected laptop running windows vista premium home
> Local lan network connected to internet via cable.

Which version of vmware? Workstation of server? I assume server in the
following.

> Home router has the internet connection and wireless laptop is joined
> into lan by a WAP (Wireless access point). With static ip addressing
> (not dhcp).
>
> When setting up gentoo in the virtual machine you have two main
> approaches to networking. Bridged and Nat.
>
> Can anyone tell me which is best suited for my setup. I'd prefer not
> to have to setup wireless networking and just use the host connection.
>
> Starting the 2008.0 minimal iso file in vmware... I end up with a
> working network immediately without doing a thing.
>
> Maybe I can just transfer those settings somehow but there are no
> setting in /etc/conf.d/net on the install disk.
>
> It appears to have gotten an address from a dhcp server built into
> vmware. [[added by HP -ed] However it offers addresses on the wrong
> subnet for my local lan and I see no way to edit or change the subnet
> it defaults too.]

What setting did you choose for guest networking when creating the
virtual machine? bridged or NAT?

> I don't want to jerk around with wireless settings for the gentoo
> install and would prefer to connect thru the hosts ip and nameserver,
> letting the hosts wireless capabilities handle the wireless
> connection.
>
> Should I use `Bridged' or `Nat'. And how to set it up after making
> that decision? I suspect NAT is the answer since that works right out
> of the box with 2008.1 minimal install *.iso.
>
> However as mentioned above, that method ends up using a subnet that
> does not match my local lan. The host can connect via ssh to the
> livecd but no other part of the lan can (using NAT).

Basically, NAT creates a "private" network between the host's vmnet8 and
the guest's eth0. The host automatically performs NAT and IP forwarding
on behalf of the guest(s) connected to vmnet8. Only the host's IP
address is visible to the outside world. So, the private NAT network
between the host and the guest must NOT match the wireless network. In
any case, you can configure the DHCP pool used by NAT using vmware's
virtual network configuration utility.
As with every NAT setup, if you want external hosts to be able to reach
services behind the NAT, you have to configure port forwarding. With
vmware server for windows, you find these settings in "Manage virtual
networks" -> "NAT" tab -> "edit..." -> "Port forwarding...".

Bridged networking, otoh, puts the guest on the very same network of the
host (actually, virtual device vmnet0, which is a virtual switch bridged
to the host's physical adapter); this means that the guest must be
assigned an IP address in the same network of the host, and is seen by
other hosts on the network just as another regular computer.
Yes, with windows hosts only (alas) you can bridge the guest's eth0 with
a wireless adapter in the host, so you can use bridged networking if you
want.

Also, reading the "networking" chapter in the vmware server virtual
machine guide may be useful.

Hope this helps.
--
gentoo-user@lists.gentoo.org mailing list

Etaoin Shrdlu <shrdlu@unlimitedmail.org> writes:

> On Tuesday 22 April 2008, 17:48, reader@newsguy.com wrote:
>

[...]

> Which version of vmware? Workstation of server? I assume server in the
> following.

Your detailed explanation about bridged verses nat has answered my
questions in full.

I add this information to answer your questions:

Worstation 6.5

[...]

> What setting did you choose for guest networking when creating the
> virtual machine? bridged or NAT?

I tried both but didn't really understand how NAT worked until I read
your detailed description.

My first try with bridged seems to have auto bridged to the wrong
device on the host (the ethernet adaptor instead of wireless
connection) and so the network I created using ifconfig and route
didn't work.

I see now that bridged is what I want and have insured that auto
bridging connects to the right connection on the host.

[...]

> Basically, NAT creates a "private" network . . . . . . . . .
[...]

Thank for that thorough explanation.

--
gentoo-user@lists.gentoo.org mailing list

> -----Original Message-----
> From: news [mailto:news@ger.gmane.org] On Behalf Of reader@newsguy.com
> Sent: Sunday, April 20, 2008 7:12 AM
> To: gentoo-user@lists.gentoo.org
> Subject: [gentoo-user] [OT vmware] Networking Gentoo as guest on vista
>
> I'm hoping some of you here have run gentoo on a windows host and will
> know something about the various networking possibilities.
>
> My setup:
>
> Wireless connected laptop running windows vista premium home
> Local lan network connected to internet via cable.
>
> Home router has the internet connection and wireless laptop is joined
> into lan by a WAP (Wireless access point). With static ip addressing
> (not dhcp).
>
> When setting up gentoo in the virtual machine you have two main
> approaches to networking. Bridged and NAT.
>
> Can anyone tell me which is best suited for my setup.
> Starting the 2008.0 minimal iso file in vmware... I end up with a
> working network immediately without doing a thing.
>
> Maybe I can just transfer those settings somehow but there are no
> setting in /etc/conf.d/net on the install disk.
>
> It appears to have gotten an address from a dhcp server built into
> vmware.
>
> I don't want to jerk around with wireless setting for the gentoo
> install and would prefer to connect thru the hosts ip and nameserver.
>
> Should I use `Bridged' or `Nat'. And how to set it up after making
> that decision.

I run XP (with wifi) and VMWare Host with Gentoo VMs all the time.

Bridged will give your VM an IP address from your router's DHCP pool -- It will look like any other network device on your home network. It will have it's own MAC and everything. In your setup, your router will NAT for you and probably your Vista and your VM will have a 192.168.1.x address unless you changed your router's default subnet / DHCP pool.

NAT (what I use) is Network Address Translation and will setup a little private network between your Vista host and the VM. The VM will be assigned an IP from VMWare's VMnet8 (NAT) subnet (mine is 192.168.222.0/24). It will be able to get to the internet, but no machines will be able to get to it sans your Vista host. This works EXACTLY like your home router is NATing addresses to the internet for all devices you plug into it. In fact your Vista is most likely NATed via the router.

In either case, you do NOT have to set up wireless settings in the VM at all. It emulates an AMD PCNET32 ethernet card. In BOTH cases, it will just connect to the network via your host Vista's networking.

--
gentoo-user@lists.gentoo.org mailing list