Issue #12 October 2005

Tips & tricks

Red Hat's customer service team receives technical support questions from users all over the world. As they are received, Red Hat technicians add the questions and answers to the Red Hat Knowledgebase on a daily basis. Individuals with a login are granted access. Every month, Red Hat Magazine offers a preview into the Red Hat Knowledgebase by highlighting some of the most recent entries.

Tips from RHCEs

SELinux command line tools

Among the most significant features of Red Hat Enterprise Linux 4 is SELinux (Security Enhanced Linux), a powerful, kernel-level security layer that provides fine-grained control over what users and processes may access and execute on a system. By default, SELinux is enabled on Red Hat Enterprise Linux systems, enforcing a set of mandatory access controls that Red Hat calls the targeted policy. These access controls substantially enhance the security of the network services they target, but can sometimes affect the behavior of third-party applications and scripts that worked under previous versions of Red Hat Enterprise Linux.

An understanding of basic SELinux commandline tools is essential.

  • sestatus - to see general status information and some boolean settings
  • getenforce - to see the actual selinux mode
  • setenforce 1/0 - to switch between enforcing-/warning-mode
  • enforcing=1/0 - grub boot parameter to boot in selinux enforcing- or warning mode, regardless of the /etc/sysconfig/selinux settings
  • system-config-securitylevel - to statically set the selinux mode and policy version
  • -Z option - used by "ps" and "ls" to see the security context set on files and processes
  • chcon - to change the security context on files (chcon --reference to use a reference)

Is there a gdb plug-in for Eclipse?

Yes. Eclipse platform supports gdb using the CDT plug-in for C/C++ development. The Eclipse CDT plug-in is available for Red Hat Enterprise Linux customers in Red Hat Network (RHN) as part of the Red Hat Developer Suite. You can use the following command to install eclipse-cdt on a system registered with RHN and also subscribed to the Red Hat Developer Suite channel:

up2date eclipse-cdt

There are other graphical debuggers based on gdb which include ddd. This is available as part of Red Hat Enterprise Linux in the ddd RPM package.

Another resource would be the Red Hat Insight debugger.

Ever since I started OProfile on my system, my system is practically unusable. What is the problem?

It is important to keep the tradeoff between sample rate and overhead in mind when using OProfile. It is possible to configure OProfile so that it produces sufficient monitoring overhead to render the system unusable. You must exercise care when selecting counter values.

Use the opcontrol command with the --list-events option. This will display the event types available for the currently-installed processor along with suggested minimum counter values for each.

How is Intel floating point precision handled in Red Hat Enterprise Linux?

Floating point values that are kept on the floating point stack have 80 bits of precision, whereas when those values are written to memory, the value is rounded to 64 bits. So if floating point values are kept on the floating point stack as long as possible, then rounding to 64 bits will be postponed.

Rounding operations could be emitted after each computation. However, this would reduce performance noticeably.

One solution is to set the floating point rounding precision to 64 bits. This has the side effect of losing access to long double. Additionally, excess precision problems may still occur for float operations. Some compilers work this way. One way to do this on Linux is described at man fegetround.

A possible solution to excess floating point precision when using gcc on an Intel® Pentium® 4 is to do floating point arithmetic in the SSE registers via the -mfpmath=sse option. The SSE registers have explicit float and double operations and thus the problem is avoided.

Another possible solution is to use the -ffloat-store option. This works for some, but not all programs. This option forces user declared variables to be allocated on the stack. However, temporaries are still allocated to registers and can still cause rounding errors due to excess precision.

Normally, the 80 bit precision of results is a good thing, increasing the accuracy of the math. However, when porting code from other architectures, it can cause some extra work. The two most common incidents are:

  1. Mis-matched result sets, since the old platform lost bits of precision because internal calculations are done with less than 80 bits
  2. Time to converge on an answer for iterative algorithms. The latter can be seen when the program is waiting for a particular value and because of rounding (less precision) on the other platform the calculation produced the value slower (or faster) than the same value on the ia32 based machine.

In summary, floating point on the x86 is a compromise between what the hardware provides and what the compiler can efficiently implement.

Which is the correct quota.h header file (included in glibc-headers package) to use for user applications in Red Hat Enterprise Linux 4 Update 2?

The quota.h header file included in glibc-headers package in Red Hat Enterprise Linux 4 Update 2 is different from the one included in the kernel source RPM package and kernel-devel RPM.

The quota header file in the kernel source RPM and kernel-devel RPM is not designed to be used and/or compiled with userspace application.

Userspace applications need to use the header files included in the glibc-headers package.

In this case, the quota.h header file in the glibc-headers package for Red Hat Enterprise Linux 4 Update 2 has been updated to include both the old and new version of the quota structures. The older version is included for backward compatibility, and applications can select which version to use based on a compile time option.

The default data structures and interface definitions for quota in glibc-headers for Red Hat Enterprise Linux 4 Update 2 is the older version. Therefore, if an application wants to use the old semantics for quota, just compile against the glibc-headers, and it will inherit the old behavior.

If an application wants to use the newer version of quota's data structures and interface definitions, then the application needs to compile against glibc-headers by specifying the following compilation option:


The information provided in this article is for your information only. The origin of this information may be internal or external to Red Hat. While Red Hat attempts to verify the validity of this information before it is posted, Red Hat makes no express or implied claims to its validity.

This article is protected by the Open Publication License, V1.0 or later. Copyright © 2004 by Red Hat, Inc.