Posts under category 代码笔记

Modifying SElinux configure for allowing nginx reverse proxy local site

Read about audit2allow and used it to create a policy to allow access to the denied requests for nginx.

    [root]# sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -m nginxlocalconf > nginxlocalconf.te
    [root]# cat nginxlocalconf.te 
    
    module nginxlocalconf 1.0;
    
    require {
        type httpd_t;
        type var_t;
        type transproxy_port_t;
        class tcp_socket name_connect;
        class file { read getattr open };
    }
    
    #============= httpd_t ==============
    
    #!!!! This avc can be allowed using the boolean 'httpd_can_network_connect'
    allow httpd_t transproxy_port_t:tcp_socket name_connect;
    allow httpd_t var_t:file { read getattr open };
    [root]# sudo cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M nginxlocalconf
    ******************** IMPORTANT ***********************
    To make this policy package active, execute:
    
    semodule -i nginxlocalconf.pp
    
    [root]# semodule -i nginxlocalconf.pp

Explaining command su

Running a command with substitute user is the typical use of command su under linux.

Sometimes, use -s option to running the specified shell instead of the default, this option may helps a lot when need to access user whose default shell is /sbin/nologin, usage like su -s /bin/bash jenkins

Explaining file /ets/sudoers

/ets/sudoers configure user(s) who can get root privileges under linux.
440 permission is on this file by default, so chmod +w operation is required before modify file, don't forget chmod -w once modified.

Some typical configs are as follow:

allow jenkins user restart uwsgi service via systemd:

jenkins     ALL  = NOPASSWD    : /bin/systemctl restart uwsgi

explain:

user        host = need passwd?: command 1, shell 2, ...

allow moon user access sudo privileges unconditional:

moon    ALL=(ALL)       NOPASSWD: ALL

并查集

在计算机科学中,并查集是一种树型的数据结构,其保持着用于处理一些不相交集合(Disjoint Sets)的合并及查询问题。有一个联合-查找算法(union-find algorithm)定义了两个操作用于此数据结构:
Find:确定元素属于哪一个子集。它可以被用来确定两个元素是否属于同一子集。
Union:将两个子集合并成同一个集合。
引用自wikipedia并查集

- Read More -

阿里云Ubuntu和CentOS软件源地址

CentOS:
镜像文件本地路径
/etc/yum.repos.d/CentOS-Base.repo
阿里云Centos镜像
http://mirrors.aliyun.com/repo/Centos-7.repo(可直接下载替换)
对应不同的CentOS版本需要修改对应的版本号
然后更新镜像 yum makecache

- Read More -

给oj添加虚拟评测功能

前天写的刷题机器人就是做vjudge的副产品,只是把副产品提前做了罢了。
不知道是谁说的一句话,“游戏是推动计算机科学发展的一大动力”,这话还真有一定的道理。军用及高新技术产业推动专业计算机科学发展的话,游戏和娱乐就是推动民用计算机往前走的最大动力了。

- Read More -

使用Python机器人自动提交HDU OJ题目并验证是否正确

整天胡思乱想乱想乱想就想做。前面明明还有那么多东西没做完,做完这个之后必须把前面的想法做完再去做新东西不然就剁手剁手剁手立贴为证::><::::><::::>_<::
这个刷题机器人是这阶段最后一个要做的做完这个之后先把前面准备做但没做完的完成不然就剁手!

- Read More -