search for: unprivilege

Hi, I have a setup in which I run sshd as unprivileged user at dedicated port to serve specific application. It is working perfectly! One tweak I had to do, since the AuthorizedKeysCommand feature requires file to be owned by root, I had to use root owned command at root owned directory, although it does not add a security value. At auth2-pubkey.c:...

Hi, I've problems to install printer drivers as a normal user with unprivileged rights on WinXP in a samba 3.0.24 domain (debian etch) using the "Point-and-Print" mechanism. I've read Volker Lendecke's Samba book on page 131 footnote 1, which mention to enable "point and print". Which reg keys do I have to set to install drivers by "Point and...

Hi, I'm having trouble rationalizing the behaviour described below. Is this a security-issue (bug) or a feature? - An unprivileged user 'bztest' with read-only access to /dev/ar0: %id uid=1004(bztest) gid=1004(test) groups=1004(test), 5(operator) %ls -l /dev/ar0 crw-r----- 1 root operator 4, 21 Nov 23 17:34 /dev/ar0 - Now, the device ar0 has the standard mbr installed: %cmp /dev/ar0 /boot/mbr /dev/ar0 /boot/m...

Is there any way for unprivileged guests to map each others memory without grant tables? Now that the pressure is off for me to support SMP internally, I''d like to switch back to using -testing. Thanks. -Kip _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensour...

https://bugzilla.mindrot.org/show_bug.cgi?id=1487 Summary: Race condition between monitor and unprivileged child in sshd Classification: Unclassified Product: Portable OpenSSH Version: 5.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: u...

On June 1, 2020 00:32:23 Roy Eastwood via samba <samba at lists.samba.org> wrote: > Sorry, send to list as well >> I've set up Samba 4.11 in an unprivileged container. At this point, I can >> only assume that this might be the issue here, though I > can't >> quite understand why. Does anyone happen to have an explanation, is there >> maybe a workaround? I know for a fact that it works >> with privileged containers, hav...

...t; error: Failed to define domain from /tmp/test_deb.xml > error: unsupported configuration: You must map the root user of container > > Debian stretch. > Where am I wrong ? The libvirt LXC driver only runs in the privileged libvirtd instance at this time. There is no support for the unprivileged libvirtd with LXC. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|

Author: casper Repository: /hg/zfs-crypto/gate Revision: b8dc006ee63f520b5db5b6a94d1746a6518ff072 Log message: 6268481 unprivileged user calling umount on a autofs mountpoint hangs Files: update: usr/src/uts/common/fs/autofs/auto_vnops.c

https://bugzilla.mindrot.org/show_bug.cgi?id=3690 Bug ID: 3690 Summary: sshd: root [priv] process sleeping leads to unprivileged child proc zombie Product: Portable OpenSSH Version: -current Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Repo...

Hi Marco, anybody, > + must be 'privileged' container (no unprivileged ones) I have seen containers with and without calling for being privileged, but you never know without trying and testing carefully... Googling I found https://github.com/lxc/lxd/issues/3442#issuecomment-312560949 but I am not really clear about the conclusion. Does it really have to be privileged...

Hi, i converted LXC conf to xml by: lxcuser@blade1:~/.local/share/lxc/test_deb$ virsh -c lxc:/// domxml-from- native lxc-tools /home/lxcuser/.local/share/lxc/test_deb/config <domain type='lxc'> <name>test_deb</name> <uuid>cce77799-89fd-41fd-99c1-101e00844e23</uuid> <memory unit='KiB'>65536</memory> <currentMemory

Hello Marco, On 05.02.2024 16:44, Marco Gaiarin wrote: > Mandi! Fyodor Kravchenko via samba > In chel di` si favelave... > >> Have to add about the environment - this is an unprivileged TurnKey >> Fileserver Linux container run under Proxmox. The extensive googling for >> the problem suggests Samba will not work in such environment because of >> ACL and such, but I need a fileserver as an unprivileged container, >> mapping the same directories the FileServ...

...t; left unset by the guest. It is an error to set both this flag and >> VIRTIO_F_ACCESS_PLATFORM. > > > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged > drivers. This is why devices fail when it's not negotiated. Just to clarify, what do you mean by unprivileged drivers? Is it drivers implemented in guest userspace such as with VFIO? Or unprivileged in some other sense such as needing to use bounce buffers for some reason? > This confuses me. > If driver is unpriveledged then what happens with this flag? > It can supply any address it wants. Wil...

...t; left unset by the guest. It is an error to set both this flag and >> VIRTIO_F_ACCESS_PLATFORM. > > > OK so VIRTIO_F_ACCESS_PLATFORM is designed to allow unpriveledged > drivers. This is why devices fail when it's not negotiated. Just to clarify, what do you mean by unprivileged drivers? Is it drivers implemented in guest userspace such as with VFIO? Or unprivileged in some other sense such as needing to use bounce buffers for some reason? > This confuses me. > If driver is unpriveledged then what happens with this flag? > It can supply any address it wants. Wil...

We run unprivileged lxc containers (libvirt based) with next config: ... <idmap> <uid start='0' target='65535' count='65535'/> <gid start='0' target='65535' count='65535'/> </idmap> ... <devices> <emulator>/usr/libex...

...ak of time, so I'll try here. Here is a patch that I'm planing to commit: http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch It adds two new sysctls: security.bsd.hardlink_check_uid security.bsd.hardlink_check_gid If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users are not permitted to create hard links to files not owned by them. If sysctl security.bsd.hardlink_check_gid is set to 1, unprivileged users are not permitted to create hard links to files if they are not member of file's group. For now user is able to create hardlinks to any files. --...

Dear all, I have set up one unprivileged Domain-1 with help of FedoraQuickStart and some help from you. Now I want to install some other OS to Domain-2. How can I install a different OS (say Redhat 7.3) onto a unprivileged domain? Do I have to copy all files from an existed installation to an image file? Thanks, Koala _______________...

Hello all, tl;dr, can you point me to the point in the libvirt repo where it's trying to change a tap-device's SELinux label? I am trying to create a tap device with libvirt on a super-privileged container, and then use it on another, unprivileged container with libvirt. User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one - that I already did and it's not the issue. But I have a problem when I open the tap device in the non-privileged container: the tap device currently ha...

Thanks for info about that. This means to use apparmor mandatory, isn't it true?

On 13. Aug 2020, at 11.00, Arjen de Korte <build+dovecot at de-korte.org> wrote: > > I allow users to run 'doveadm' for mailbox maintenance (to expunge mail for instance). Since the upgrade to 2.3.11.3, this no longer works and results in the following error message: > > doveconf: Fatal: Error in configuration file /etc/dovecot/conf.d/10-ssl.conf line 13: ssl_key: