similar to: problem using sshd inside a LXC container

Hello, First, a big thank you to the OpenSSH devs. _ /Problem Summary:/ _ Chroot and SELinux don't get along. This affects both the new (official) ChrootDirectory feature, as well as the older (3rd party) patch at http://chrootssh.sourceforge.net/. _ /History and repro:/ _ On March 21, 2008, Alexandre Rossi posted to this list with the subject: "*ChrootDirectory

Note: I am digest subscriber so if you could copy me directly on any reply to the list I would appreciate it very much. I sent this to the OpenSSH list (secureshell at securityfocus.com) yesterday and received no response so I am asking here in hopes that someone else has run across this problem on CentOS. We have encountered a situation that requires sftp access to one of our server by an

https://bugzilla.mindrot.org/show_bug.cgi?id=1960 Bug #: 1960 Summary: Running sshd in wrong SELinux context causes segmentation fault when a user logs in Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: minor

Hi, (please CC me as I'm not subscribed to the list) If compiled with SELinux support, OpenSSH 4.8 current cvs fails for accounts where the new ChrootDirectory option is active : debug1: PAM: establishing credentials debug3: PAM: opening session debug2: User child is on pid 1695 debug3: mm_request_receive entering debug1: PAM: establishing credentials debug3: safely_chroot: checking

As posted, here is an updated patch which allows openssh to be built with non-selinux config. (Hi openssh guys, forwarding this to you incase you interested including it into the devel version of openssh. Please let us know if you have any suggestions or changes that need to be made) Regards Nigel Kukard On Thu, Sep 02, 2004 at 04:11:54PM -0400, Daniel J Walsh wrote: > New SSH patch. >

http://bugzilla.mindrot.org/show_bug.cgi?id=1325 Summary: SELinux support broken when SELinux is in permissive mode Product: Portable OpenSSH Version: 4.6p1 Platform: Other URL: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=430838 OS/Version: Linux Status: NEW Severity: normal

https://bugzilla.mindrot.org/show_bug.cgi?id=1850 Summary: Build fails when SELinux is enabled Product: Portable OpenSSH Version: 5.7p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

hello i am trying to set up ipsec in my network, for now just between two hosts, using to use AH & ESP in tunnel mode to get all of packet encrypted. keys are negotiated with racoon. mayby using tunnel mode in this case can seems strange, but i know what i am doing. after setting up everything i have done few tests with ping & tcpdump. but the results are very suprising. bellow is what i

Hi, I am trying to release a Makefile for building my company's software that will be flexible enough to use the llvm suite of compilers to build shared libraries for talking to USB peripherals. The problem that I am having is that while I am able to build a shared library using llvm-gcc , the llvm-g++ compiler is giving me error messages saying " relocation R_X86_64_PC32 against

Hi all, I have two servers ZEUS (MASTER - 192.168.2.11) and POSEIDON (SLAVE - 192.168.2.12) with HeartBeat+DRBD+SAMBA installed ; HeartBeat is controlling SAMBA. I have a big partition which are mirrored /share. I moved all important directory on it. For example: # mv /var/lib/samba /share/cluster/varlibsamba # mv /var/cache/samba /share/cluster/varcachesamba and I make a link for each one: # ln

On Tue, Apr 9, 2013 at 1:22 PM, Bogdan-Andrei Iancu <bogdan at opensips.org>wrote: > ** > Hi Nick, > > The BYE is not properly formed and rejected by script - in the 200 OK of > the INVITE, you can see that your opensips is doing Record-Routing, but the > BYE does not contain the corresponding Route hdr, so SIP routing is > impossible. > > Regards, > >

I've just upgraded to 1.0a3 via a freebsd port, and I've begun to notice odd behaviour from Dovecot. After converting my config file settings over to the new format, everything runs fine for an hour or so, then dovecot stops responding: oot at toejamfootball# telnet localhost 143 Trying ::1... telnet: connect to address ::1: Connection refused Trying 127.0.0.1... Connected to localhost.

Hi, the new function ''shorewall show zones'' in 2.2.0-Beta showed a thing which is (in my view) either abug or not documented. If I have a line in /etc/shorewall/hosts which reads work br0:eth0:192.168.2.10,192.168.2.11,192.168.2.12 then "show zones" has the output work br0:eth0:192.168.2.10 br0:192.168.2.11 br0:192.168.2.12 That is, the

Apologies if this is a repeat: I trawled through the archives and couldn't find a reasonable answer, so I'm asking here. I have an Asterisk install connecting from behind a NAT device (DSL modem) to a SIP proxy (in my case, Broadvoice). I have an sjphone softphone on a Windows PC also behind the NAT device that connects to the Asterisk install, and using this setup I've been pretty

. "Saluton", Sorry by my poor english, I speak Portuguese. I does a captive portal using: - shorewall - dhcpd - thttpd (in port 8080) - maradns With Shorewall I use dinamic zones. The initial zone in shorewall is configured to redirects access to internal thttpd port 8080, that shows a login.cgi page. With thttpd I rewrite original url. The apache rewrite is very cool, but thttpd

Hello, I am facing some problems in bridged networking. I have successfully created a bridge br0 and added a virtual machine to it. Now the address of virtual machine is 10.1.3.31. I am able to connect to this virtual machine by another computer on same network. The virtual machine is hosting a simple python http server on port 8000, while some other service is running on port 80 When I try

Hello Everyone, I have gone through a few really good tutorials from the OpenSIPS site, Asterisk resources etc.. The unanswered question (and final piece of our puzzle) is if it's possible to have a register free environment in an OpenSIPS/Asterisk integration. Most approaches have OpenSIPS relay the UA's REGISTER request to Asterisk which has "host=dynamic" set for the

Dear ssh gurus, Here's the version I'm testing on : flavien :/$ ssh -V OpenSSH_5.3p1 Debian-3ubuntu4, OpenSSL 0.9.8k 25 Mar 2009 I launch a remote command : flavien$ ssh -o ControlMaster=yes -o ControlPath=/tmp/ssh-control localhost 'echo pid:$$ ...sleeping...; sleep 2803' flavien at localhost's password: pid:11565 ...sleeping... On another shell, I

Hi guys I've been running Samba 3 for a while as my PDC in our office with a number of XP clients and a MacOS 10 client, without undue problems. Recently, though, we upgraded a couple of workstations to 64bit and these two workstations now have problems getting up the user dialog that 32bit XP has no problem with. When you select a folder, go to it's security options and hit

This one is a bit complex so if no help is forthcoming, I understand. I have 2 shorewall firewalls (1.3.13) up and running. (both machines running Gentoo Linux 1.4_rc2) I have freeswan (1.98) running on each of them. I have squid setup as a caching/filtering server on each of them. Each of them was originally setup using the Two-interface Quick Start Guide. Then the Squid guide and then the IPSEC