Displaying 8 results from an estimated 8 matches for "cap_sys_resourc".
Did you mean:
cap_sys_resource
2018 Apr 05
0
Re: Can’t authenticate any users after upgrade.
...=yes
# this will make /usr /boot /etc read only for dovecot
ProtectSystem=full
PrivateDevices=true
# disable this if you want to use apparmor plugin
#NoNewPrivileges=true
CapabilityBoundingSet=CAP_CHOWN CAP_DAC_OVERRIDE CAP_IPC_LOCK CAP_KILL CAP_NET_BIND_SERVICE CAP_SETGID CAP_SETUID CAP_SYS_CHROOT CAP_SYS_RESOURCE CAP_AUDIT_WRITE
# You can add environment variables with e.g.:
#Environment='CORE_OUTOFMEM=1'
# If you have trouble with `Too many open files' you may set:
#LimitNOFILE=8192
# If you want to allow the Dovecot services to produce core dumps, use:
#LimitCORE=infinity
[Install]
WantedBy...
2018 Apr 05
3
Re: Can’t authenticate any users after upgrade.
On 2018-04-05 06:33, Helmut K. C. Tessarek wrote:
> On 2018-04-04 23:10, Kevin Cummings wrote:
>> PAM audit_log_acct_message() failed: Operation not permitted
>> imap-login: Disconnected (AUTH failed, 2 attempts in 10 secs):
>> user=<username>, method=PLAIN, rip=192.168.1.94 lip=192.168.1.94, TLS,
>> session=<sessionid>
>
> Please look at my pull
2011 Aug 03
1
[PATCH v2] kinit: Add drop_capabilities support.
..._CAP(CAP_NET_RAW),
+ MAKE_CAP(CAP_IPC_LOCK),
+ MAKE_CAP(CAP_IPC_OWNER),
+ MAKE_CAP(CAP_SYS_MODULE),
+ MAKE_CAP(CAP_SYS_RAWIO),
+ MAKE_CAP(CAP_SYS_CHROOT),
+ MAKE_CAP(CAP_SYS_PTRACE),
+ MAKE_CAP(CAP_SYS_PACCT),
+ MAKE_CAP(CAP_SYS_ADMIN),
+ MAKE_CAP(CAP_SYS_BOOT),
+ MAKE_CAP(CAP_SYS_NICE),
+ MAKE_CAP(CAP_SYS_RESOURCE),
+ MAKE_CAP(CAP_SYS_TIME),
+ MAKE_CAP(CAP_SYS_TTY_CONFIG),
+ MAKE_CAP(CAP_MKNOD),
+ MAKE_CAP(CAP_LEASE),
+ MAKE_CAP(CAP_AUDIT_WRITE),
+ MAKE_CAP(CAP_AUDIT_CONTROL),
+ MAKE_CAP(CAP_SETFCAP),
+ MAKE_CAP(CAP_MAC_OVERRIDE),
+ MAKE_CAP(CAP_MAC_ADMIN),
+ MAKE_CAP(CAP_SYSLOG),
+};
+
+static void fail(co...
2018 Apr 05
4
Can’t authenticate any users after upgrade.
I?m in the process of upgrading an old server from Fedora 21 to something more modern. Now, Dovecot won?t let any client login to get their email.
PAM audit_log_acct_message() failed: Operation not permitted
imap-login: Disconnected (AUTH failed, 2 attempts in 10 secs): user=<username>, method=PLAIN, rip=192.168.1.94 lip=192.168.1.94, TLS, session=<sessionid>
# 2.3.1 (8e2f634):
2011 Mar 31
3
[PATCH 1/3] VFS/ioctl: Add punching-hole support to ioctl().
We're currently support two paths from VFS to preallocate unwritten
extents(from FS_IOC_RESVSP, or fallocate()), likewise, behavior of
punching-hole should be treated as the same, this patch tries to teach
file_ioctl() to handle FS_IOC_UNRESVSP, underlying filesystem like ocfs2
is wise enough to do the rest of work;-)
Signed-off-by: Tristan Ye <tristan.ye at oracle.com>
---
fs/ioctl.c
2011 Mar 31
3
[PATCH 1/3] VFS/ioctl: Add punching-hole support to ioctl().
We're currently support two paths from VFS to preallocate unwritten
extents(from FS_IOC_RESVSP, or fallocate()), likewise, behavior of
punching-hole should be treated as the same, this patch tries to teach
file_ioctl() to handle FS_IOC_UNRESVSP, underlying filesystem like ocfs2
is wise enough to do the rest of work;-)
Signed-off-by: Tristan Ye <tristan.ye at oracle.com>
---
fs/ioctl.c
2014 Feb 26
6
[libvirt] LXC, user namespaces and systemd
...score_adj
/proc/20/oom_score_adj: Permission denied
# ls -l /proc/20/oom_score_adj
-rw-r--r--. 1 65534 65534 0 Feb 26 10:28 /proc/20/oom_score_adj
Regarding to kernel documentation in user namespace local root user (on
guest) cannot set the OOM on any value. Set OOM on any value required
except CAP_SYS_RESOURCE also full root privileges.
To disable OOM support delete or just comment line "OOMScoreAdjust=-900"
# cat /usr/lib/systemd/system/dbus.service
[Unit]
Description=D-Bus System Message Bus
Requires=dbus.socket
After=syslog.target
[Service]
ExecStart=/bin/dbus-daemon --system --address=sy...
2011 Jul 19
4
[PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by