search for: setcap

Hello, I need CAP_FOWNER=ep for the asterisk process, i set it with setcap on the file /usr/sbin/asterisk, it's there when i look on it with getcap, but after starting and loocking with getpcaps there's only cap_net_admin+ep set. So how exactly do I set CAP_FOWNER? Do I have to patch and recompile or is there another solution I did not see yet? thanks, b...

I want my Windows application to be able to listen on any port, but by default only root can create servers on ports <1024. As far as I know authbind doesn't work with Wine (and never will), and I can't redirect packets to a higher port with a firewall rule, because the Windows application (uTorrent) "tells" the other peers which port is listening on. Making wineserver suid

jjmckenzie wrote: > You broke Wine by running it as root. See the FAQ on how to fix. I'm not sure this is the case. Setcaps is not the same as setuid... Was able to reproduce it here as well. This is actually a known problem: http://bugs.winehq.org/show_bug.cgi?id=26256

...peration not permitted 2015-03-02T18:00:51.243518Z qemu-kvm: -netdev tap,script=/tmp/vnet380622.sh,id=hostnet1: Device 'tap' could not be initialized They can be resolved like this: 1) Edit /etc/libvirt/qemu.conf, and add "/dev/net/tun" to the cgroup_device_acl option 2) Run: setcap cap_net_admin+eip /bin/qemu-system-x86_64 This will give QEMU CAP_NET_ADMIN when it runs. Make sure you review `man capabilities` to see what capabilities this actually gets qemu. The downside here is that in the event a guest somehow breaks out of qemu, CAP_NET_ADMIN gives them a bunch of sca...

...serInput/dtmf <4> 0:01.161 OpenH323 Wrapper H323 Added capability: UserInput/RFC2833 <5> 0:01.162 OpenH323 Wrapper H323UDP Binding to interface: 0.0.0.0:10000 0:01.163 OpenH323 Wrapper RAS Authenticator H235AnnexD_Procedure1<no-pwd> not active during GRQ SetCapability negotiation 0:01.163 OpenH323 Wrapper RAS Authenticator MD5<no-pwd> not active during GRQ SetCapability negotiation 0:01.163 OpenH323 Wrapper RAS Authenticator CAT<no-pwd> not active during GRQ SetCapability negotiation 0:01.163 OpenH323 Wrapper H225 St...

On 26.02.2014 17:59, Stephan Sachse wrote: >> # chown -R foo:foo /var/lib/libvirt/filesystems/mycontainer > > you must "shift" the uids for the container 0 -> 666, 1 -> 667, 2 -> > 668. there is a tool for this: uidmapshift I prepared two containers, the first I used chown, in the second uidmapshift, here is the results. ./uidmapshift -r

...0:51.243518Z qemu-kvm: -netdev > tap,script=/tmp/vnet380622.sh,id=hostnet1: Device 'tap' could not be > initialized > > They can be resolved like this: > > 1) Edit /etc/libvirt/qemu.conf, and add "/dev/net/tun" to the > cgroup_device_acl option > 2) Run: setcap cap_net_admin+eip /bin/qemu-system-x86_64 > > This will give QEMU CAP_NET_ADMIN when it runs. Make sure you review > `man capabilities` to see what capabilities this actually gets qemu. > > The downside here is that in the event a guest somehow breaks out of > qemu, CAP_NET_ADM...

And it runs linux. http://www.zip4x4.com/ZIP4x4.htm Anyone seen one? bkw

...It works partially; however, if combined with rsync options which preserve the file owner and/or group, it is partially ineffective. This is because rsync calls chown(2) after setting attributes, and chown removes security attributes (as in capabilities(5)). Steps to Reproduce: $ touch foo $ sudo setcap cap_dac_read_search=pe foo $ getcap foo foo = cap_dac_read_search+ep $ sudo rsync -X foo foo.1 $ getcap foo.1 foo.1 = cap_dac_read_search+ep $ sudo rsync -aX foo foo.2 $ getcap foo.2 $ This report originates from https://bugzilla.redhat.com/show_bug.cgi?id=981797 -- Configure bugmail: https://bu...

Il 22/08/2013 09:46, Timon Wang ha scritto: > Thanks Nicholas. > > I found that scsicmd can't pass all the scsi3_test but the result of > sg_inq is the same as it in the host. > > I am absolutely confused about this situation. Am I missed some > information about it? I am also confused. You need to understand the limitations that the clustering software is putting.

...g on Windows 2003 on the LAN workgroup and has windows clients today (something I had hoped to change) Client installed through shared folder TeleVantage/netsetup/client.exe winetricks mdac28 (ADODB.Connection.2.8 {00000514-0000-0010-8000-00AA006D2EA4}) sudo apt-get install libcap2-bin (installs setcap) sudo setcap cap_net_raw+epi /usr/bin/wine-preloader When I enter the IP of the server and user info at Log On, I get the message "Could not connect to the server on <IP>. Server components are not installed." When SERVERNAME is used I get "Could not connect to the database o...

...ugh, cap_sys_rawio+ep is required to pass-through SCSI Reservation from the guest. Note that I succeeded to pass-through SCSI Reservation with the following steps in my environment, not a Windows guest though. 1. Stop the guest. 2. Add CAP_SYS_RAWIO(effective, permitted) to qemu-kvm. # setcap cap_sys_rawio=ep /usr/bin/qemu-system-x86_64 3. Start the guest. However, I don't think this is the right way to workaround it, because it gives cap_sys_rawio+ep to all the kvm processes executed from this binary. I believe following patches, which are not merged yet, are trying to solve...

...works > properly. try it as user and not as root # su -s/bin/bash nobody -c 'ping localhost' ping: icmp open socket: Operation not permitted fix this from outside the container chroot /path/to/rootfs rpm --qf "[%{FILECAPS} %{FILENAMES}\n]" -qa | grep ^= | sed -e 's/^=/setcap/' and paste the output into your terminal /stephan -- Software is like sex, it's better when it's free!

Hello, Is it possible at all to block all users other than root from sending outbound ICMP packets on an interface? At the moment we have the following two rules in our IPtables config: iptables -A OUTPUT -o eth1 -m owner --uid-owner 0 -j ACCEPT iptables -A OUTPUT -o eth1 -j DROP But this still allows ICMP for some reason (but *does* block other TCP/UDP packets, which is what we want, as well

...+//==-----------------------------------------------------------------------===// > +#include "AMDIL7XXDevice.h" > +#include "AMDILDevice.h" > + > +using namespace llvm; > + > +AMDIL7XXDevice::AMDIL7XXDevice(AMDILSubtarget *ST) : AMDILDevice(ST) > +{ > + setCaps(); > + std::string name = mSTM->getDeviceName(); > + if (name == "rv710") { > + mDeviceFlag = OCL_DEVICE_RV710; > + } else if (name == "rv730") { > + mDeviceFlag = OCL_DEVICE_RV730; > + } else { > + mDeviceFlag = OCL_DEVICE_RV770; > + }...

Hi there, I'm trying to run Lite Manager on Ubuntu 11.10 using Wine 1.3, but all I get is a "program encountered a serious problem" screen. Any chance that someone could help me with this? :/

...d mouse implementation of BuildActionMap. dinput: SetActionMap constructing a dataformat for keyboard and mouse. dinput: SetActionMap and queue_event setting mapped data. include: Corrected the value of the DIEDFL_ATTACHEDONLY flag. Maarten Lankhorst (1): winegstreamer: Fix setcaps call. Marcus Meissner (19): oleaut32: Unshadow cmp to make code work (Coverity). shell32: Remove superflous NULL check (Coverity). strmbase: Move NULL check up a bit (Coverity). quartz: Removed useless NULL check (Coverity). ole32: Access the array entry, not the arr...