最近给畅言加上了单点登录,也就是可以用网站的帐号来在畅言上发射评论。畅言会通过你设置的一个接口来获得用户名,头像等。但是我发现队友畅言会频繁请求这个接口,有时候会达到单个用户一秒钟好几次??
虽然在php层有redis,压力不会很大,但是这样频繁的请求还是会中防CC的策略,影响用户正常的浏览。所以我决定在CDN上做个缓存。
OVH gives you a /128 block by default. But in fact you can use the whole /64. You can simply add a /64 address to eth0.
But if you activate IPv6 in docker and try to allocate an address in bridge network, you will find the address is not ping-able. The problem here is we should send a NDP notification to OVH router.
OVH的机器默认给的是/128,但是其实整个/64都是可以用的,如果添加到网卡上是可以双向ping通的。
但是如果docker的bridge网络分配了一个IPv6,却无法ping通。喝了一瓶果汁之后我发现是因为没有向(OVH的)路由器发邻居发现协议包(NDP)。
Recently I found module list in Xposed become empty after I upgrade my Nexus5 to 6.0.1 (M4B30Z, Dec 2016). And all the modules are not activating. So I open logcat and see the following:
1 |
01-10 21:35:02.682 294 294 E Xposed : Cannot load any modules because /data/data/de.robv.android.xposed.installer/conf/modules.list was not found |
Rovo89 said on a xda post that this file should be created if any module is activated. But somehow it didn’t do so on my Nexus5. So I create one myself and set correct permission (0644) and uid (you can run the Xposed Installer app and check the uid through ps |grep xposed). Then I reboot and check logcat again:
1 2 |
01-10 21:29:39.485 295 295 E Xposed : Errors during Xposed initialization 01-10 21:29:39.485 295 295 E Xposed : java.io.IOException: Permission denied while reading /data/data/de.robv.android.xposed.installer/conf/modules.list |
Looks like it’s still not working.
Then I realise that Android started to set SELinux to enforce from Lollipop (5.0) so this should be the problem. (We can use dmesg|grep audit to check if the problem really related to SELinux. ) I compared a random file under /data/data to the file we just created:
1 2 3 4 |
root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/cache/repo_cache.db -rw-rw---- u0_a379 u0_a379 u:object_r:app_data_file:s0:c512,c768 repo_cache.db root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/conf/modules.list -rw------- root root u:object_r:app_data_file:s0 modules.list |
So all we need to do is to change this conf/modules.list to u:object_r:app_data_file:s0:c512,c768 as well
1 |
root@hammerhead:/ # restorecon /data/data/de.robv.android.xposed.installer/conf/modules.list |
restorecon is a applet shipped with toybox, we can also use chcon to manually set SELinux context.
升级Nexus5 到6.0.1 (M4B30Z, Dec 2016)之后,Xposed的模块列表变成空的了,所有的模块也都失效了。没有xposed,怎么种庄稼。于是我打开logcat看了一眼。
1 |
01-10 21:35:02.682 294 294 E Xposed : Cannot load any modules because /data/data/de.robv.android.xposed.installer/conf/modules.list was not found |
rovo89在xda的QA帖中说一般情况下这个文件会在启用任意一个模块后创建。然而现在它并没有被创建。于是我去建了一个,然后chmod 644以及chown到应用到uid(可以通过启动应用之后ps|grep xposed查看uid,形如u0_a??),重启了一下,再瞄了一眼logcat。
1 2 |
01-10 21:29:39.485 295 295 E Xposed : Errors during Xposed initialization 01-10 21:29:39.485 295 295 E Xposed : java.io.IOException: Permission denied while reading /data/data/de.robv.android.xposed.installer/conf/modules.list |
好像哪里不对
想起来Android从萝莉棒开始SELinux就是enforce了,所以大概是这个问题。(我们可以通过dmesg|grep audit来查看被SELinux过滤的各种奇怪操作。)于是看了一下默认的文件context和我们刚创建的文件的context:
1 2 3 4 |
root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/cache/repo_cache.db -rw-rw---- u0_a379 u0_a379 u:object_r:app_data_file:s0:c512,c768 repo_cache.db root@hammerhead:/ # ls -Z /data/data/de.robv.android.xposed.installer/conf/modules.list -rw------- root root u:object_r:app_data_file:s0 modules.list |
那么我们把这个conf/modules.list也改成u:object_r:app_data_file:s0:c512,c768这个context好了
1 |
root@hammerhead:/ # restorecon /data/data/de.robv.android.xposed.installer/conf/modules.list |
restorecon是toybox中带的一个applet,我们也可以用chcon来手动更改context。