Displaying 9 results from an estimated 9 matches for "cap_audit_writ".
Did you mean:
cap_audit_write
2018 Apr 04
2
issue with sieve forwarding after upgrade to 0.5.1
...-04 01:54, B. Reino wrote:
> The new systemd service file has NoNewPrivileges set to true. You need
> to override that to false and then it should work again.
It seems that the NoNewPrivileges option messes with several things.
PAM authentication stopped working as well besides the fact that
CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet.
I've opened a pull request https://github.com/dovecot/core/pull/71
Although I removed NoNewPrivileges altogether, since I didn't know what
to write in the comment.
The only thing I could think of was something along the lines:
# If you want most...
2018 Apr 05
3
Re: Can’t authenticate any users after upgrade.
On 2018-04-05 06:33, Helmut K. C. Tessarek wrote:
> On 2018-04-04 23:10, Kevin Cummings wrote:
>> PAM audit_log_acct_message() failed: Operation not permitted
>> imap-login: Disconnected (AUTH failed, 2 attempts in 10 secs):
>> user=<username>, method=PLAIN, rip=192.168.1.94 lip=192.168.1.94, TLS,
>> session=<sessionid>
>
> Please look at my pull
2018 Apr 04
0
issue with sieve forwarding after upgrade to 0.5.1
...-04 01:54, B. Reino wrote:
> The new systemd service file has NoNewPrivileges set to true. You need
> to override that to false and then it should work again.
It seems that the NoNewPrivileges option messes with several things.
PAM authentication stopped working as well besides the fact that
CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet.
I've opened a pull request https://github.com/dovecot/core/pull/71
Although I removed NoNewPrivileges altogether, since I didn't know what
to write in the comment.
The only thing I could think of was something along the lines:
# If you want most...
2018 Apr 05
0
Re: Can’t authenticate any users after upgrade.
...make /usr /boot /etc read only for dovecot
ProtectSystem=full
PrivateDevices=true
# disable this if you want to use apparmor plugin
#NoNewPrivileges=true
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_AUDIT_WRITE
# You can add environment variables with e.g.:
#Environment='CORE_OUTOFMEM=1'
# If you have trouble with `Too many open files' you may set:
#LimitNOFILE=8192
# If you want to allow the Dovecot services to produce core dumps, use:
#LimitCORE=infinity
[Install]
WantedBy=multi-user.targ...
2011 Aug 03
1
[PATCH v2] kinit: Add drop_capabilities support.
...CAP(CAP_SYS_CHROOT),
+ MAKE_CAP(CAP_SYS_PTRACE),
+ MAKE_CAP(CAP_SYS_PACCT),
+ MAKE_CAP(CAP_SYS_ADMIN),
+ MAKE_CAP(CAP_SYS_BOOT),
+ MAKE_CAP(CAP_SYS_NICE),
+ MAKE_CAP(CAP_SYS_RESOURCE),
+ MAKE_CAP(CAP_SYS_TIME),
+ MAKE_CAP(CAP_SYS_TTY_CONFIG),
+ MAKE_CAP(CAP_MKNOD),
+ MAKE_CAP(CAP_LEASE),
+ MAKE_CAP(CAP_AUDIT_WRITE),
+ MAKE_CAP(CAP_AUDIT_CONTROL),
+ MAKE_CAP(CAP_SETFCAP),
+ MAKE_CAP(CAP_MAC_OVERRIDE),
+ MAKE_CAP(CAP_MAC_ADMIN),
+ MAKE_CAP(CAP_SYSLOG),
+};
+
+static void fail(const char *fmt, ...) __attribute__((format(printf, 1, 2)));
+static void fail(const char *fmt, ...)
+{
+ va_list args;
+
+ va_start(ar...
2018 Apr 05
4
Can’t authenticate any users after upgrade.
I?m in the process of upgrading an old server from Fedora 21 to something more modern. Now, Dovecot won?t let any client login to get their email.
PAM audit_log_acct_message() failed: Operation not permitted
imap-login: Disconnected (AUTH failed, 2 attempts in 10 secs): user=<username>, method=PLAIN, rip=192.168.1.94 lip=192.168.1.94, TLS, session=<sessionid>
# 2.3.1 (8e2f634):
2018 Apr 03
5
issue with sieve forwarding after upgrade to 0.5.1
Hello,
After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 to 0.5.1 when I use sieve to forward a message to other address using "redirect :copy" I get this:
(host server1.myserver.com <http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 <chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve filters was aborted due to
2017 Dec 27
4
Ubuntu Auth Issues with new repository code..
?? Saw the new repository notification, and figured what the heck I
would try letting it upgrade me from the current v2.2.22 release that
apparently is in the Ubuntu 16.04 packages, to the new repository
release of v2.3.0.
?I followed the info on repo.dovecot.org, and first it started bitching
about lmtp (dovecot: master: Fatal: service(lmtp)
access(/usr/lib/dovecot/lmtp) failed: No such
2011 Jul 19
4
[PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by