search for: confd

...ar *what) } const char *run_init(const char *realroot, const char *console, - const char *drop_caps, const char *init, + const char *drop_caps, bool dry_run, const char *init, char **initargs) { - struct stat rst, cst; + struct stat rst, cst, ist; struct statfs sfs; int confd; @@ -186,13 +186,15 @@ const char *run_init(const char *realroo /* Okay, I think we should be safe... */ - /* Delete rootfs contents */ - if (nuke_dir("/")) - return "nuking initramfs contents"; - - /* Overmount the root */ - if (mount(".", "/", NULL...

...ar *what) } const char *run_init(const char *realroot, const char *console, - const char *drop_caps, const char *init, + const char *drop_caps, bool dry_run, const char *init, char **initargs) { - struct stat rst, cst; + struct stat rst, cst, ist; struct statfs sfs; int confd; @@ -186,13 +186,15 @@ const char *run_init(const char *realroot, const char *console, /* Okay, I think we should be safe... */ - /* Delete rootfs contents */ - if (nuke_dir("/")) - return "nuking initramfs contents"; + if (!dry_run) { + /* Delete rootfs contents */ +...

...rver's identity string (eg from "ssh > -v yourthing") we could add a bug bit to stop it from being sent. $ ssh -v nathan at 10.0.0.1 OpenSSH_7.4p1, LibreSSL 2.5.0 [snip] debug1: Local version string SSH-2.0-OpenSSH_7.4 debug1: Remote protocol version 2.0, remote software version ConfD-5.2.2.1 debug1: no match: ConfD-5.2.2.1 Thanks, -- Nathan

On a train ride to Bruxelles, brought out my axe and directly attacked run_init(8). run_init(8) is dead, long live switch_root(8). The next run on switch_root(8) involves fdopendir, so another push for the upcoming stdio 1.6 branch. The following is boot tested with initramfs-tools, kinit(8) tests would very much be appreciated!? Michal Suchanek (1): [klibc] switch_root: Fix single file

...Reporter: sgowda at altiostar.com Hi, I am getting following error while build openssh. /tools/xilinx/SDK/2019.1/gnu/aarch64/lin/aarch64-linux/bin/aarch64-linux-gnu-ld -o ssh ssh.o readconf.o clientloop.o sshtty.o sshconnect.o sshconnect2.o mux.o ssh-sk-client.o -L/new-home/sukeshg/svnwork/ant-confd/os/../art/os-ant-revi/buildos/openssh/openssh-portable-V_8_2_P1/openbsd-compat/ -lssh -lopenbsd-compat -lcrypto -ldl -lutil -lz -lcrypt -lresolv /tools/xilinx/SDK/2019.1/gnu/aarch64/lin/aarch64-linux/bin/aarch64-linux-gnu-ld: /new-home/sukeshg/svnwork/ant-confd/os/../art/os-ant-revi/buildos/opens...

The following patches come from Debian and/or Ubuntu packages of klibc. Ben. Ben Hutchings (1): [klibc] run-init: Add dry-run mode Jay Vosburgh (1): [klibc] ipconfig: Use separate sockets for DHCP from multiple interfaces Mathieu Trudel-Lapierre (1): [klibc] ipconfig: Set broadcast when sending DHCPREQUEST and DHCPDISCOVER YunQiang Su (1): [klibc] mips: setjmp.S: don't

...ther than ignore it. Setting the value to 0 is not enough: its mere presence regardless of value is enough to cause the server to bomb out. In my specific case, I can no longer connect to the SSH server built into a particular piece of core network equipment; the implementation is by Tail-f/Cisco (ConfD) and for all I know might be fixed in a newer release of that product, but as we're dealing with a vendor-of-a-vendor thing, who knows how long the fix will take to trickle down to a firmware update, assuming that a fix on the server side even exists yet. I can no longer connect to this equipm...

...?ssl_key?and?ssl_cert?as well, or you will receive errors. i think, but untested, this default ssl_{cert,key} are used for those clients that don't support SNI (as with apache, which uses the cert of the first site). >I configured it the way you do, but within the default >/etc/dovecot/confd structure but >i had no luck. I testet local_name (SNI), local, local <IPv6> >(dedicated >IPv6 Address but had no lock it should make no difference whether you use one large config file or the conf.d structure. your doveconf -n output would really be helpful regards - c >Conf...

On Sun, Apr 15, 2018 at 06:38:37PM +1000, Damien Miller wrote: > On Sat, 14 Apr 2018, Colin Watson wrote: > > This isn't an OpenSSH bug, but just in case anyone else is ambitious > > enough to automatically run interoperability tests against other SSH > > implementations, here's a heads-up: > > > > https://twistedmatrix.com/trac/ticket/9422 > >

...@ const char *run_init(const char *realroot, const char *console, if (chroot(".") || chdir("/")) return "chroot"; + /* Drop capabilities */ + if (drop_capabilities(drop_caps) < 0) + return "dropping capabilities"; + /* Open /dev/console */ if ((confd = open(console, O_RDWR)) < 0) return "opening console"; -- 1.7.9.5 -- Kees Cook @outflux.net

Am 15.08.2015 um 09:04 schrieb Christian Kivalo: > provide your multi ssl doveconf -n output. - c No. I leave this shit alone and running dovecot in multiinstance mode and now its works.

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by