similar to: Seeing rlimits on CentOS 4

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

entOS Errata and Security Advisory CESA-2010:0394 kernel security, bug fix, and enhancement update security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0394.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/kernel-2.6.9-89.0.25.EL.x86_64.rpm updates/x86_64/RPMS/kernel-devel-2.6.9-89.0.25.EL.x86_64.rpm

entOS Errata and Security Advisory CESA-2010:0394 kernel security, bug fix, and enhancement update security update for CentOS 4 x86_64: https://rhn.redhat.com/errata/RHSA-2010-0394.html The following updated file has been uploaded and is currently syncing to the mirrors: x86_64: updates/x86_64/RPMS/kernel-2.6.9-89.0.25.EL.x86_64.rpm updates/x86_64/RPMS/kernel-devel-2.6.9-89.0.25.EL.x86_64.rpm

This is almost just refactoring, but I also set the memory limit to really 1 GB, and not 1×10⁹. --- src/info.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/src/info.c b/src/info.c index d7f45f0..616ef50 100644 --- a/src/info.c +++ b/src/info.c @@ -56,6 +56,7 @@ static yajl_val get_json_output (guestfs_h *g, const char *filename); static char

I was wondering if the following attack would be feasible once I'm able to break into rlimit sandbox. Because sandboxed process that handles unauthenticated session is running as the 'sshd' user I was wondering if this could be used to jump between processes using ptrace(2). For example if I find a bug in the code executed before authentication I could use ptrace(2) to attach to

After fuzzing 'qemu-img info' I found that certain files can cause the command to use lots of memory and time. Modify the command mini-library to allow us to place resource limits on subprocesses, and use these to limit the amount of space and time used by 'qemu-img info'. --- configure.ac | 3 +++ src/command.c | 53

Hi, I'm trying to deploy some non-linux OS via pxe and I was thinking to just launch CentOS in RAM and then run dd or qemu-img or something like this in order to complete the other OS install via template imaging. My first idea was to build a custom CentOS livecd and use that in combination with pxe kernel parameters, but perhaps there's a better way to do this. Ideas? Thanks, Lucian --

On Wed, Dec 02, 2015 at 08:53:39PM +0100, Axel Glienke wrote: > Creating snapshot: > > [root at lvmtest ~]# lvcreate -L5G -s -n root_snap /dev/centos/root > Reducing COW size 5,00 GiB down to maximum usable size 2,94 GiB. > Logical volume "root_snap" created. > [root at lvmtest ~]# lvs > LV VG Attr LSize Pool Origin Data% Meta% Move > Log

Hello, I'm doing an unattended CentOS 5.3 install in a virtual machine vmware. I'm redirecting output to a serial console because production boxes won't have monitors. I'm getting to the point of doing the post installation then the box freezes. The only command i have in %post is yum -y update. I'm not getting no output. Suggestions appreciated. In the commands section reboot

Hi All. # cat /etc/redhat-release CentOS release 6.2 (Final) # uname -r 2.6.32-220.17.1.el6.centos.plus.x86_64 # rpm -qa | grep solr apache-solr-3.5.0-1.5... I have a solr installation which is invoked: /usr/bin/java -Xms25g -Xmx25g -DSTOP.PORT=8079 -DSTOP.KEY=mustard -Dsolr.solr.home=multicore -jar start.jar After start/when the java process is running: # free -m total

I didn't see this one applied to the repository yet. It may not be the best patch possible... basic problem is that _LARGEFILE64_SOURCE needs to be defined on Solaris 2.6 if AC_SYS_LARGEFILE ends up doing a '#define _FILE_OFFSET_BITS 64' If _FILE_OFFSET_BITS == 64, then <sys/resource.h> will define a 'struct rlimit64' but NOT define a 'struct rlimit' leading to

Dear centos community, I was in the process of loading the latest 5.5 release of centos in a VMWARE ESX 4.1 host as my first virtual machine, suddenly while booting I got a panic error with the following on screen. Can someone point me in the right direction. This machine has 24 cores and I allocated 1 for Centos to use with 1024MB of memory. Any clues or workaround to solve this problem? Thank

I have just deployed a new CentOS 6.4 image on AWS, and I'm having issues with init.d scripts not starting up. I've verified the following; 1) They work on their own after boot 2) They're set to run at runlevel 3,4, and 5 via chkconfig 3) The system boots up in runlevel 3 (no GUI) 4) There are no lingering PID files around after boot 5) Permissions

hi guys i just partially upgrade centos 3.4 to centos 4(using apt-get) and im having a problem removing kdb 1.08-10.2, kbd 1.12-2 is already installed and im trying to remove kdb 1.08 through apt-get and rpm -e here's what happened when i use apt-get: # apt-get remove kbd#1.08-10.2 Reading Package Lists... Done Building Dependency Tree... Done The following packages will be REMOVED:

Hi. http://www.debian.org/security/2011/dsa-2347 There is updated packages for Debian (and Ubuntu) already. Do you know how long until Centos release an update to bind ? I have looked here and couldn't see any info - http://lists.centos.org/pipermail/centos-announce/2011-November/thread.html - Is this the correct place to look for security update info ? Cheers !

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

I've noticed this in CentOS 4 & 5 and Fedora 5 & 6. If I'm in Gnome desktop and using any of the terminal programs and I ssh into any server, the connection just hangs. Not drops, it just hangs and doesn't recover. These servers are all over the country on different ISPs in Tier1 datacenters. Some are in our office, so they are on the local lan. We have a mix of RHEL 3, 4

I'd like to have something like seq() where I can pass in a length of the desired sequence and a right limit so that the sequence goes up to the limit and then starts again from 1. # works now seq(from=2, length.out=3) [1] 2 3 4 # what I want seq(from=2, length.out=3, rlimit=3) [1] 2 3 1 # additional examples of what I want seq(from=2, length.out=4, rlimit=3) [1] 2 3 1 2 seq(from=2,

I am running Dovecot 1.0rc15 on NetBSD 3.1 with only a few connections. It is built from pkgsrc-2006Q3, with mail/dovecot/ updated to HEAD. kqueue is a default build option - I haven't tried without yet. Mail directories/indexes are on a Linux 2.6.16.29 NFS file system, I have set these options and it performs well: mmap_disable=yes lock_method=fcntl FYI. rc7 had very high CPU use with the

The subject line is deliberate. It looks like firefox 38 is infliting a rerun of http://marc.info/?l=centos&m=141288474630498&w=2 upon us. Addons are downloaded into /tmp, but never installed. Not even Install addon from file works. Going back to ff31. Grumbling ...