similar to: Jail support for mac_portacl(4).

Displaying 20 results from an estimated 1000 matches similar to: "Jail support for mac_portacl(4)."

2006 Oct 20
2
mac_portacl
Hi, folks. I am trying to implement reverse proxy using squid with mac_portacl, but i have problem while binding squid to port 80. Am i missed something? Here is my mac_portacl variables: # sysctl security.mac.portacl. security.mac.portacl.enabled: 1 security.mac.portacl.suser_exempt: 1 security.mac.portacl.autoport_exempt: 1 security.mac.portacl.port_high: 1023 security.mac.portacl.rules:
2004 Nov 21
1
mac_portacl and automatic port allocation
Hello, I really like the idea behind mac_portacl but I find it difficult to use it because of one issue. When an unprivileged program binds to high automatic port with a call to bind(2) and port number set to 0 the system chooses the port to bind to itself. This mechanismus is used by number of programs, most commonly by ftp clients in active mode. Unfortunately this 0 is checked by the
2007 Jan 11
2
FreeBSD Security Advisory FreeBSD-SA-07:01.jail
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:01.jail Security Advisory The FreeBSD Project Topic: Jail rc.d script privilege escalation Category: core Module: etc_rc.d Announced:
2005 Jul 13
2
mijail- Multiple IP's in a Jail
I have searched around the lists and Google and found this HYPERLINK "http://people.freebsd.org/~pjd/patches/jail_2004120901.patch"http://people. freebsd.org/~pjd/patches/jail_2004120901.patch I was wondering if anyone know of a multiple IP patch that works with FreeBSD 5.4 I really do not understand why this is not included in the standard jail I mean sure jail is handy for
2005 Jul 16
0
FreeBSD Summer of Code Projects Announced
The FreeBSD Project is pleased to announce its participation in the Google "Summer of Code" program designed to introduce students to open source software development. The FreeBSD Project received over 350 applications, amongst which 18 projects have been selected for funding. Unfortunately, due to the limited number of spots available, we were unable to fund many first rate
2007 Mar 14
1
Check PRIV_VFS_MOUNT when jailed.
Hi. I'd like to commit this patch: http://people.freebsd.org/~pjd/patches/vfs_mount.c.9.patch It currently should change nothing, but will be needed once we allow to grant privileges for jails. I'd like to commit it now, so I can experiment easier with my ZFS improvements. -- Pawel Jakub Dawidek http://www.wheel.pl pjd@FreeBSD.org
2006 Mar 06
6
gmirror(8) and graid3(8) changes.
Hi. Here you can find patches with changes to gmirror(8) and graid3(8): http://people.freebsd.org/~pjd/patches/gmirror.7.patch http://people.freebsd.org/~pjd/patches/graid3.patch The patches does the following: - Significant synchronization speed improvement. Now many parallel synchronization I/O requests can be used instead of only one before. Many people requested this. - Close race
2005 Jul 29
1
booting gbde-encrypted filesystem
Hello, I think there was already a thread on this. I just want to raise the question again if anyone has successfully booted an gdbe-encrypted filesystem (everything encrypted except the bootloader). The passphrase is entered at the bootloader prompt or embedded in the bootloader. I appreciate any tips. Thanks, - ronnel
2018 Nov 08
2
Re: guestfs_launch() fails when C application is started as a systemd service
Here are strace outputs per process. strace_output.22076 is the plugin's pid. (A little before forking) strace_output.22077 runs qemu-img strace_output.22078 is a mystery to me strace_output.22079 is rm -rf to the overlay image and its temporary dir. Best Regards, Peter On Wed, Nov 7, 2018 at 4:38 PM Richard W.M. Jones <rjones@redhat.com> wrote: > On Wed, Nov 07, 2018 at
2007 Sep 21
3
The ZFS-Man.
Hi. I gave a talk about ZFS during EuroBSDCon 2007, and because it won the the best talk award and some find it funny, here it is: http://youtube.com/watch?v=o3TGM0T1CvE a bit better version is here: http://people.freebsd.org/~pjd/misc/zfs/zfs-man.swf BTW. Inspired by ZFS demos from OpenSolaris page I created few demos of ZFS on FreeBSD:
2004 Mar 08
4
Call for review: restricted hardlinks.
Hi. I've no response from so@ in this topic, probably because leak of time, so I'll try here. Here is a patch that I'm planing to commit: http://people.freebsd.org/~pjd/patches/restricted_hardlinks.patch It adds two new sysctls: security.bsd.hardlink_check_uid security.bsd.hardlink_check_gid If sysctl security.bsd.hardlink_check_uid is set to 1, unprivileged users are not
2017 Nov 07
1
Pathview xml issue
Hi, I'm using GAGE/pathview to analyze my RNA-seq and phospho-protein data. The following error occurs after this command line below: >pv.out.list <- sapply(path.ids2[1:3], function(pid) pathview( gene.data = cnts.d, pathway.id = pid, gene.idtype="SYMBOL",kegg.native = F, same.layer = T, species = "hsa", kegg.dir = "test", out.suffix = "up"))
2006 Apr 21
2
Crypto hw acceleration for openssl
I got roughly the same performance results when I use the openssl speed test with and without a hifn 7956 cryto card Here's what I did: After the card is plugged in, kldload hifn; kldload cryptodev; I got the message: hifn0 mem 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff, 0xfc8f0000-0xfc8f7ffff irg 28 at device 3.0 on pci1 hifn0: Hifn 7956, rev 0, 32KB dram, pll=0x800<pci clk, 4x
2003 May 26
1
[patch] port-irix.c: refine jlimit support
--- openbsd-compat/port-irix.c.orig 2002-04-07 03:58:33.000000000 +0900 +++ openbsd-compat/port-irix.c 2003-05-27 02:11:07.620000380 +0900 @@ -7,6 +7,12 @@ #endif /* WITH_IRIX_PROJECT */ #ifdef WITH_IRIX_JOBS #include <sys/resource.h> +#include <optional_sym.h> +# if !defined(JLIMIT_CPU) +typedef __int64_t jid_t; +extern jid_t jlimit_startjob(char *, uid_t, char *); +# pragma
2002 Mar 07
1
Irix joblimits failure (was: Re: New snapshot)
IRIX has a compatibility mechanism that lets you test for optional symbols (like jlimit_start) at run-time. I think these patches will let all all IRIX 6.5 systems build images that will test for job limit support dynamically: --- ./configure.ac Wed Feb 27 01:12:35 2002 +++ ../openssh-3.1p1/./configure.ac Thu Mar 7 15:50:21 2002 @@ -115,7 +115,7 @@ AC_DEFINE(WITH_IRIX_ARRAY)
2012 Sep 18
8
Collecting entropy from device_attach() times.
Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful
2007 Apr 06
11
ZFS committed to the FreeBSD base.
Hi. I''m happy to inform that the ZFS file system is now part of the FreeBSD operating system. ZFS is available in the HEAD branch and will be available in FreeBSD 7.0-RELEASE as an experimental feature. Commit log: Please welcome ZFS - The last word in file systems. ZFS file system was ported from OpenSolaris operating system. The code in under CDDL license. I''d
2008 Jul 29
2
Unexpected b_hdr change.
Hi. We''re testing the most recent ZFS version from OpenSolaris ported to FreeBSD. Kris (CCed) observed strange situation. In function arc_read() he had a panic on assertion that we try to unlock a lock which is not beeing held: rw_enter(&pbuf->b_hdr->b_datalock, RW_READER); err = arc_read_nolock(pio, spa, bp, done, private, priority, flags, arc_flags, zb);
2007 Feb 18
3
Improper use of atomic_add_64().
Hi. I noticed that when non-64bit variable is given as a second argument to atomic_add_64() function, the result is invalid. I found few places where such situation occurs. I wonder how this got unnoticed with ztest, which fails on me within a few seconds (after I started to use Solaris atomic operations) on assertions. Maybe this only doesn''t work when compiled with gcc? Not sure, but
2004 Aug 06
3
q about jspeex - repost of TestClient.java with PipedInputStream
There is actually a mail missing - the version with the pipedinputstream construction. attached the current source with pipedinputstream/pipedoutputstream tia, ulrich <p><p> -------------- next part -------------- A non-text attachment was scrubbed... Name: TestClient.java Type: text/x-java Size: 14939 bytes Desc: TestClient.java Url :