Merge branch 'schulung'

updates from current linutronix schulung.git

Conflicts:
	Makefile
	configpres.tex
	flash-memory/ubi/handout_ubi_de.tex
	handout.tex
	index.txt
	pres_master.tex
	vorl.tex
	vorl1.tex
	vorl2.tex
	vorl3.tex
	vorl4.tex
	vorl5.tex

Signed-off-by: Manuel Traut <manut@mecka.net>

8 files changed, 0 insertions, 479 deletions

diff --git a/beagle/debian-rfs/etc/security/access.conf b/beagle/debian-rfs/etc/security/access.conf
deleted file mode 100644
index 74c5fbe..0000000
--- a/beagle/debian-rfs/etc/security/access.conf
+++ /dev/null
@@ -1,122 +0,0 @@
-# Login access control table.
-#
-# Comment line must start with "#", no space at front.
-# Order of lines is important.
-#
-# When someone logs in, the table is scanned for the first entry that
-# matches the (user, host) combination, or, in case of non-networked
-# logins, the first entry that matches the (user, tty) combination.  The
-# permissions field of that table entry determines whether the login will
-# be accepted or refused.
-#
-# Format of the login access control table is three fields separated by a
-# ":" character:
-#
-# [Note, if you supply a 'fieldsep=|' argument to the pam_access.so
-# module, you can change the field separation character to be
-# '|'. This is useful for configurations where you are trying to use
-# pam_access with X applications that provide PAM_TTY values that are
-# the display variable like "host:0".]
-#
-# 	permission : users : origins
-#
-# The first field should be a "+" (access granted) or "-" (access denied)
-# character.
-#
-# The second field should be a list of one or more login names, group
-# names, or ALL (always matches). A pattern of the form user@host is
-# matched when the login name matches the "user" part, and when the
-# "host" part matches the local machine name.
-#
-# The third field should be a list of one or more tty names (for
-# non-networked logins), host names, domain names (begin with "."), host
-# addresses, internet network numbers (end with "."), ALL (always
-# matches), NONE (matches no tty on non-networked logins) or
-# LOCAL (matches any string that does not contain a "." character).
-#
-# You can use @netgroupname in host or user patterns; this even works
-# for @usergroup@@hostgroup patterns.
-#
-# The EXCEPT operator makes it possible to write very compact rules.
-#
-# The group file is searched only when a name does not match that of the
-# logged-in user. Both the user's primary group is matched, as well as
-# groups in which users are explicitly listed.
-# To avoid problems with accounts, which have the same name as a group,
-# you can use brackets around group names '(group)' to differentiate.
-# In this case, you should also set the "nodefgroup" option.
-#
-# TTY NAMES: Must be in the form returned by ttyname(3) less the initial
-# "/dev" (e.g. tty1 or vc/1)
-#
-##############################################################################
-#
-# Disallow non-root logins on tty1
-#
-#-:ALL EXCEPT root:tty1
-#
-# Disallow console logins to all but a few accounts.
-#
-#-:ALL EXCEPT wheel shutdown sync:LOCAL
-#
-# Same, but make sure that really the group wheel and not the user
-# wheel is used (use nodefgroup argument, too):
-#
-#-:ALL EXCEPT (wheel) shutdown sync:LOCAL
-#
-# Disallow non-local logins to privileged accounts (group wheel).
-#
-#-:wheel:ALL EXCEPT LOCAL .win.tue.nl
-#
-# Some accounts are not allowed to login from anywhere:
-#
-#-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL
-#
-# All other accounts are allowed to login from anywhere.
-#
-##############################################################################
-# All lines from here up to the end are building a more complex example.
-##############################################################################
-#
-# User "root" should be allowed to get access via cron .. tty5 tty6.
-#+ : root : cron crond :0 tty1 tty2 tty3 tty4 tty5 tty6
-#
-# User "root" should be allowed to get access from hosts with ip addresses.
-#+ : root : 192.168.200.1 192.168.200.4 192.168.200.9
-#+ : root : 127.0.0.1
-#
-# User "root" should get access from network 192.168.201.
-# This term will be evaluated by string matching.
-# comment: It might be better to use network/netmask instead.
-#          The same is 192.168.201.0/24 or 192.168.201.0/255.255.255.0
-#+ : root : 192.168.201.
-#
-# User "root" should be able to have access from domain.
-# Uses string matching also.
-#+ : root : .foo.bar.org
-#
-# User "root" should be denied to get access from all other sources.
-#- : root : ALL
-#
-# User "foo" and members of netgroup "nis_group" should be
-# allowed to get access from all sources.
-# This will only work if netgroup service is available.
-#+ : @nis_group foo : ALL
-#
-# User "john" should get access from ipv4 net/mask
-#+ : john : 127.0.0.0/24
-#
-# User "john" should get access from ipv4 as ipv6 net/mask
-#+ : john : ::ffff:127.0.0.0/127
-#
-# User "john" should get access from ipv6 host address
-#+ : john : 2001:4ca0:0:101::1
-#
-# User "john" should get access from ipv6 host address (same as above)
-#+ : john : 2001:4ca0:0:101:0:0:0:1
-#
-# User "john" should get access from ipv6 net/mask
-#+ : john : 2001:4ca0:0:101::/64
-#
-# All other users should be denied to get access from all sources.
-#- : ALL : ALL
diff --git a/beagle/debian-rfs/etc/security/group.conf b/beagle/debian-rfs/etc/security/group.conf
deleted file mode 100644
index b766bec..0000000
--- a/beagle/debian-rfs/etc/security/group.conf
+++ /dev/null
@@ -1,99 +0,0 @@
-#
-# This is the configuration file for the pam_group module. 
-#
-
-#
-# *** Please note that giving group membership on a session basis is
-# *** NOT inherently secure. If a user can create an executable that
-# *** is setgid a group that they are infrequently given membership
-# *** of, they can basically obtain group membership any time they
-# *** like. Example: games are allowed between the hours of 6pm and 6am
-# *** user joe logs in at 7pm writes a small C-program toplay.c that
-# *** invokes their favorite shell, compiles it and does
-# *** "chgrp play toplay; chmod g+s toplay". They are basically able
-# *** to play games any time... You have been warned. AGM
-#
-
-#
-# The syntax of the lines is as follows:
-#
-#       services;ttys;users;times;groups
-#
-# white space is ignored and lines maybe extended with '\\n' (escaped
-# newlines). From reading these comments, it is clear that
-# text following a '#' is ignored to the end of the line.
-#
-# the combination of individual users/terminals etc is a logic list
-# namely individual tokens that are optionally prefixed with '!' (logical
-# not) and separated with '&' (logical and) and '|' (logical or).
-#
-# services
-#       is a logic list of PAM service names that the rule applies to.
-#
-# ttys
-#       is a logic list of terminal names that this rule applies to.
-#
-# users
-#       is a logic list of users or a netgroup of users to whom this
-#       rule applies.
-#
-# NB. For these items the simple wildcard '*' may be used only once.
-#     With netgroups no wildcards or logic operators are allowed.
-#
-# times
-#       It is used to indicate "when" these groups are to be given to the
-#       user. The format here is a logic list of day/time-range
-#       entries the days are specified by a sequence of two character
-#       entries, MoTuSa for example is Monday Tuesday and Saturday. Note
-#       that repeated days are unset MoMo = no day, and MoWk = all weekdays
-#       bar Monday. The two character combinations accepted are
-#
-#               Mo Tu We Th Fr Sa Su Wk Wd Al
-#
-#       the last two being week-end days and all 7 days of the week
-#       respectively. As a final example, AlFr means all days except Friday.
-#
-#       Each day/time-range can be prefixed with a '!' to indicate "anything
-#       but"
-#
-#       The time-range part is two 24-hour times HHMM separated by a hyphen
-#       indicating the start and finish time (if the finish time is smaller
-#       than the start time it is deemed to apply on the following day).
-#
-# groups
-#	The (comma or space separated) list of groups that the user
-#	inherits membership of. These groups are added if the previous
-#	fields are satisfied by the user's request
-#
-# For a rule to be active, ALL of service+ttys+users must be satisfied
-# by the applying process.
-#
-
-#
-# Note, to get this to work as it is currently typed you need
-#
-# 1. to run an application as root
-# 2. add the following groups to the /etc/group file:
-#		floppy, play, sound
-#
-
-#
-# Here is a simple example: running 'xsh' on tty* (any ttyXXX device),
-# the user 'us' is given access to the floppy (through membership of
-# the floppy group)
-#
-
-#xsh;tty*&!ttyp*;us;Al0000-2400;floppy
-
-#
-# another example: running 'xsh' on tty* (any ttyXXX device),
-# the user 'sword' is given access to games (through membership of
-# the sound and play group) after work hours.
-#
-
-#xsh; tty* ;sword;!Wk0900-1800;sound, play
-#xsh; tty* ;*;Al0900-1800;floppy
-
-#
-# End of group.conf file
-#
diff --git a/beagle/debian-rfs/etc/security/limits.conf b/beagle/debian-rfs/etc/security/limits.conf
deleted file mode 100644
index 698e139..0000000
--- a/beagle/debian-rfs/etc/security/limits.conf
+++ /dev/null
@@ -1,56 +0,0 @@
-# /etc/security/limits.conf
-#
-#Each line describes a limit for a user in the form:
-#
-#<domain>        <type>  <item>  <value>
-#
-#Where:
-#<domain> can be:
-#        - an user name
-#        - a group name, with @group syntax
-#        - the wildcard *, for default entry
-#        - the wildcard %, can be also used with %group syntax,
-#                 for maxlogin limit
-#        - NOTE: group and wildcard limits are not applied to root.
-#          To apply a limit to the root user, <domain> must be
-#          the literal username root.
-#
-#<type> can have the two values:
-#        - "soft" for enforcing the soft limits
-#        - "hard" for enforcing hard limits
-#
-#<item> can be one of the following:
-#        - core - limits the core file size (KB)
-#        - data - max data size (KB)
-#        - fsize - maximum filesize (KB)
-#        - memlock - max locked-in-memory address space (KB)
-#        - nofile - max number of open files
-#        - rss - max resident set size (KB)
-#        - stack - max stack size (KB)
-#        - cpu - max CPU time (MIN)
-#        - nproc - max number of processes
-#        - as - address space limit (KB)
-#        - maxlogins - max number of logins for this user
-#        - maxsyslogins - max number of logins on the system
-#        - priority - the priority to run user process with
-#        - locks - max number of file locks the user can hold
-#        - sigpending - max number of pending signals
-#        - msgqueue - max memory used by POSIX message queues (bytes)
-#        - nice - max nice priority allowed to raise to values: [-20, 19]
-#        - rtprio - max realtime priority
-#        - chroot - change root to directory (Debian-specific)
-#
-#<domain>      <type>  <item>         <value>
-#
-
-#*               soft    core            0
-#root            hard    core            100000
-#*               hard    rss             10000
-#@student        hard    nproc           20
-#@faculty        soft    nproc           20
-#@faculty        hard    nproc           50
-#ftp             hard    nproc           0
-#ftp             -       chroot          /ftp
-#@student        -       maxlogins       4
-
-# End of file
diff --git a/beagle/debian-rfs/etc/security/namespace.conf b/beagle/debian-rfs/etc/security/namespace.conf
deleted file mode 100644
index f973225..0000000
--- a/beagle/debian-rfs/etc/security/namespace.conf
+++ /dev/null
@@ -1,28 +0,0 @@
-# /etc/security/namespace.conf
-#
-# See /usr/share/doc/pam-*/txts/README.pam_namespace for more information.
-#
-# Uncommenting the following three lines will polyinstantiate
-# /tmp, /var/tmp and user's home directories. /tmp and /var/tmp will
-# be polyinstantiated based on the MLS level part of the security context as well as user
-# name, Polyinstantion will not be performed for user root and adm for directories 
-# /tmp and /var/tmp, whereas home directories will be polyinstantiated for all users. 
-# The user name and context is appended to the instance prefix.
-#
-# Note that instance directories do not have to reside inside the
-# polyinstantiated directory. In the examples below, instances of /tmp
-# will be created in /tmp-inst directory, where as instances of /var/tmp
-# and users home directories will reside within the directories that
-# are being polyinstantiated.
-#
-# Instance parent directories must exist for the polyinstantiation
-# mechanism to work. By default, they should be created with the mode
-# of 000. pam_namespace module will enforce this mode unless it
-# is explicitly called with an argument to ignore the mode of the
-# instance parent. System administrators should use this argument with
-# caution, as it will reduce security and isolation achieved by
-# polyinstantiation.
-#
-#/tmp     /tmp-inst/       	level      root,adm
-#/var/tmp /var/tmp/tmp-inst/   	level      root,adm
-#$HOME    $HOME/$USER.inst/     level
diff --git a/beagle/debian-rfs/etc/security/namespace.init b/beagle/debian-rfs/etc/security/namespace.init
deleted file mode 100755
index 9898bf3..0000000
--- a/beagle/debian-rfs/etc/security/namespace.init
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/sh -p
-# It receives polydir path as $1, the instance path as $2, 
-# a flag whether the instance dir was newly created (0 - no, 1 - yes) in $3,
-# and user name in $4.
-#
-# The following section will copy the contents of /etc/skel if this is a
-# newly created home directory.
-if [ "$3" = 1 ]; then
-        # This line will fix the labeling on all newly created directories
-        [ -x /sbin/restorecon ] && /sbin/restorecon "$1"
-        user="$4"
-        passwd=$(getent passwd "$user")
-        homedir=$(echo "$passwd" | cut -f6 -d":")
-        if [ "$1" = "$homedir" ]; then
-                gid=$(echo "$passwd" | cut -f4 -d":")
-                cp -rT /etc/skel "$homedir"
-                chown -R "$user":"$gid" "$homedir"
-                mask=$(awk '/^UMASK/{gsub("#.*$", "", $2); print $2; exit}' /etc/login.defs)
-                mode=$(printf "%o" $((0777 & ~$mask)))
-                chmod ${mode:-700} "$homedir"
-                [ -x /sbin/restorecon ] && /sbin/restorecon -R "$homedir"
-        fi
-fi
-
-exit 0
diff --git a/beagle/debian-rfs/etc/security/pam_env.conf b/beagle/debian-rfs/etc/security/pam_env.conf
deleted file mode 100644
index d0ba35c..0000000
--- a/beagle/debian-rfs/etc/security/pam_env.conf
+++ /dev/null
@@ -1,73 +0,0 @@
-#
-# This is the configuration file for pam_env, a PAM module to load in 
-# a configurable list of environment variables for a 
-# 
-# The original idea for this came from Andrew G. Morgan ...
-#<quote>
-#   Mmm. Perhaps you might like to write a pam_env module that reads a
-#   default environment from a file? I can see that as REALLY
-#   useful... Note it would be an "auth" module that returns PAM_IGNORE
-#   for the auth part and sets the environment returning PAM_SUCCESS in
-#   the setcred function...
-#</quote>
-#
-# What I wanted was the REMOTEHOST variable set, purely for selfish
-# reasons, and AGM didn't want it added to the SimpleApps login
-# program (which is where I added the patch). So, my first concern is
-# that variable, from there there are numerous others that might/would
-# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
-#
-# Of course, these are a different kind of variable than REMOTEHOST in
-# that they are things that are likely to be configured by
-# administrators rather than set by logging in, how to treat them both
-# in the same config file?
-#
-# Here is my idea: 
-#
-# Each line starts with the variable name, there are then two possible
-# options for each variable DEFAULT and OVERRIDE. 
-# DEFAULT allows and administrator to set the value of the
-# variable  to some default value, if none is supplied then the empty
-# string is assumed. The OVERRIDE option tells pam_env that it should
-# enter in its value (overriding the default value) if there is one
-# to use. OVERRIDE is not used, "" is assumed and no override will be
-# done. 
-#
-# VARIABLE   [DEFAULT=[value]]  [OVERRIDE=[value]]
-#
-# (Possibly non-existent) environment variables may be used in values
-# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
-# be used in values using the @{string} syntax. Both the $ and @
-# characters can be backslash escaped to be used as literal values
-# values can be delimited with "", escaped " not supported.
-# Note that many environment variables that you would like to use
-# may not be set by the time the module is called.
-# For example, HOME is used below several times, but 
-# many PAM applications don't make it available by the time you need it.
-#
-#
-# First, some special variables
-#
-# Set the REMOTEHOST variable for any hosts that are remote, default
-# to "localhost" rather than not being set at all
-#REMOTEHOST	DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
-#
-# Set the DISPLAY variable if it seems reasonable 
-#DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
-#
-#
-#  Now some simple variables
-#
-#PAGER		DEFAULT=less
-#MANPAGER	DEFAULT=less
-#LESS		DEFAULT="M q e h15 z23 b80"
-#NNTPSERVER	DEFAULT=localhost
-#PATH		DEFAULT=${HOME}/bin:/usr/local/bin:/bin\
-#:/usr/bin:/usr/local/bin/X11:/usr/bin/X11
-#
-# silly examples of escaped variables, just to show how they work.
-#
-#DOLLAR		DEFAULT=\$
-#DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
-#DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
-#ATSIGN		DEFAULT=""	OVERRIDE=\@
diff --git a/beagle/debian-rfs/etc/security/sepermit.conf b/beagle/debian-rfs/etc/security/sepermit.conf
deleted file mode 100644
index 951f3df..0000000
--- a/beagle/debian-rfs/etc/security/sepermit.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# /etc/security/sepermit.conf
-#
-# Each line contains either:
-#        - an user name
-#        - a group name, with @group syntax
-#        - a SELinux user name, with %seuser syntax
-# Each line can contain optional arguments separated by :
-# The possible arguments are:
-#        - exclusive - only single login session will
-#          be allowed for the user and the user's processes
-#          will be killed on logout
diff --git a/beagle/debian-rfs/etc/security/time.conf b/beagle/debian-rfs/etc/security/time.conf
deleted file mode 100644
index c7b7989..0000000
--- a/beagle/debian-rfs/etc/security/time.conf
+++ /dev/null
@@ -1,65 +0,0 @@
-# this is an example configuration file for the pam_time module. Its syntax 
-# was initially based heavily on that of the shadow package (shadow-960129).
-#
-# the syntax of the lines is as follows:
-#
-#       services;ttys;users;times
-#
-# white space is ignored and lines maybe extended with '\\n' (escaped
-# newlines). As should be clear from reading these comments,
-# text following a '#' is ignored to the end of the line.
-#
-# the combination of individual users/terminals etc is a logic list
-# namely individual tokens that are optionally prefixed with '!' (logical
-# not) and separated with '&' (logical and) and '|' (logical or).
-#
-# services
-#	is a logic list of PAM service names that the rule applies to.
-#
-# ttys
-#	is a logic list of terminal names that this rule applies to.
-#
-# users
-#	is a logic list of users or a netgroup of users to whom this
-#	rule applies.
-#
-# NB. For these items the simple wildcard '*' may be used only once.
-#
-# times
-#	the format here is a logic list of day/time-range
-#	entries the days are specified by a sequence of two character
-#	entries, MoTuSa for example is Monday Tuesday and Saturday. Note
-#	that repeated days are unset MoMo = no day, and MoWk = all weekdays
-#	bar Monday. The two character combinations accepted are
-#
-#		Mo Tu We Th Fr Sa Su Wk Wd Al
-#
-#	the last two being week-end days and all 7 days of the week
-#	respectively. As a final example, AlFr means all days except Friday.
-#
-#	each day/time-range can be prefixed with a '!' to indicate "anything
-#	but"
-#
-#	The time-range part is two 24-hour times HHMM separated by a hyphen
-#	indicating the start and finish time (if the finish time is smaller
-#	than the start time it is deemed to apply on the following day).
-#
-# for a rule to be active, ALL of service+ttys+users must be satisfied
-# by the applying process.
-#
-
-#
-# Here is a simple example: running blank on tty* (any ttyXXX device),
-# the users 'you' and 'me' are denied service all of the time
-#
-
-#blank;tty* & !ttyp*;you|me;!Al0000-2400
-
-# Another silly example, user 'root' is denied xsh access
-# from pseudo terminals at the weekend and on mondays.
-
-#xsh;ttyp*;root;!WdMo0000-2400
-
-#
-# End of example file.
-#