similar to: Calls which cross trust boundaries

[Mod: chat removed -- alex] From: userv-maint@chiark.greenend.org.uk (Ian Jackson) Approved: alex@yuriev.com To: linux-security@redhat.com Subject: userv - how to make cron (et al) not setuid 0. Introduction Some time ago I posted on linux-security to say that I was working on a client/server pair which would allow you to invoke a privileged service in a more secure manner. I''ve now

Hans van Kranenburg writes ("[PATCH 06/13] sysconfig.xencommons.in: Strip and debianize"): > Strip all options that are for stuff we don't ship, which is 1) > xenstored as stubdom and 2) xenbackendd, which seems to be dead code > anyway. [1] > > It seems useful to give the user the option to revert to xenstored > instead of the default oxenstored if they really

Hi. I was wanting an initial opinion from the Release Team, about the Xen packages. Currently they are in bad shape in stretch and I intend to fix them ASAP. The question is whether I should move to Xen 4.7, or Xen 4.8. Xen 4.8 is currently at RC2 and seems in pretty good shape. I think it's more probable than not that we'll have Xen 4.8.0 by the Debian freeze date, but this is by no

Hans van Kranenburg writes ("[PATCH 09/13] xen init script: move init_dom0 into xenstored start"): > This little xen-init-dom0 program is present in both our 4.8 and 4.11 > packages, so there's no need to keep the if else code. Also, it only > makes sense to run it after starting xenstored, and not all other times > start is called. I think xen-init-dom0 is not in jessie

I am going to submit a proposal for a Xen BOF at DC18. Here is my first cut at a draft abstract: Title: Xen in Debian BoF Format: workshop with 25 min slot The Xen packages in Debian are in need of some work, including some tidying up, upstreaming of some Makefile patches, and updating to new versions. There is a large outstanding bug list. Also with the demise of Alioth and the

Elliott Mitchell writes ("[PATCH 12/12] Partially revert "Cross-compilation fixes.""): > This partially reverts commit 16504669c5cbb8b195d20412aadc838da5c428f7. Wow, that is an upsteam commit from 2005. However, I would like some kind of explanation. Is it in fact now false that | # These don't cross-compile ? Should this patch go upstream ? Ian. -- Ian Jackson

Control: retitle -1 max grant frames problem (domu freeze with linux-image-4.9.0-4-amd64) Control: severity -1 important Control: reassign -1 src:xen 4.8.3+xsa267+shim4.10.1+xsa267-1+deb9u9 Just gardening here. (i) Bug title should mention grant frames. (ii) This does not affect all use cases and is not, IMO, RC. Although we should certainly see if we can improve it. (iii) Britney is confused

(*Really* switching to my personal address not because I'm not doing work for Citrix, but because the corporate email is not working properly. Sigh. Also, email updated a bit.) Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > Ian Jackson writes ("Re: Updated Xen packages for XSA 216..225"): > > Hi. I was away and am now back. There are a lot

Knorrie and I just discussed our plans for sid and buster, on the phone. Here's my notes of the discussion. Plan is to upload Knorrie's 4.11 packages to experimental, to make them more public, while we fix the bugs in them. There's a list of Salsa issues and the BTS bugs list. This duplication is not ideal. We agreed that new things should go to the BTS. For now we'll keep

Hans van Kranenburg writes ("[PATCH 08/13] xen init script: rewrite xenstored start logic"): > -XENSTORED="$ROOT"/bin/xenstored > +# In /etc/default/xen, the user can set XENSTORED, which has to be either > +# 'xenstored' or 'oxenstored'. In here, we add the version specific path. > +if [ -n "$XENSTORED" ]; then > +

I rather like agedu It probably does what you want. But as Mohammad says you do have to traverse your filesystem. https://www.chiark.greenend.org.uk/~sgtatham/agedu/ agedu: track down wasted disk space - chiark home page<https://www.chiark.greenend.org.uk/~sgtatham/agedu/> www.chiark.greenend.org.uk agedu. a Unix utility for tracking down wasted disk space Introduction. Suppose

Hi Alex, John Thanks for confirming my suspicion that there is no getting away from POSIX tree traversal . I was aware of age-du but not robinhood. Cheers Kashif On Wed, May 2, 2018 at 8:57 AM, JOHE (John Hearns) <JOHE at novozymes.com> wrote: > I rather like agedu It probably does what you want. > > But as Mohammad says you do have to traverse your filesystem. > >

I have now finished totally rewriting the Xen package in Debian, from scratch. Amazingly as soon as I got a package which was lintian-clean and would install, it worked first time ! I have generated 18 patches to go upstream which I have sent to xen-devel. There are two more, xenstore ABI patches, which need a bit of tidying up. There is still room for improvement but it is now clearly ready

Hello, I just made available a beta version of a port scan detector that I''ve been working on. The program, called Abacus Sentry, is a port scan/probe detector that offers what I think are a number of unique and useful features: - Runs on TCP or UDP sockets. Configurable by the user to bind to multiples of sockets for increased detection coverage. - Adjustable scan detection value with

tl;dr The Debian Xen packages have had a very bad patch which I propose to simply drop, with minor compatibility implications, unless someone can explain what it is for and why it is still needed, and/or has a better plan. I have been going through delta queue in the Debian Xen package. I found a commit (patch) describing itself only this way:

Hans van Kranenburg writes ("Re: [PATCH 08/13] xen init script: rewrite xenstored start logic"): > So the question we should answer first is: What do we allow the user to > set as value? /bin/bash? And how should the init script deal with that? If they specify an absolute path, it should be used. Eg, /home/alice/Xen/xen/tools/xenstore/xenstore If the user specifies /bin/bash

branch xen-unstable xen branch xen-unstable job test-amd64-amd64-xl-pcipt-intel test debian-fixup Tree: linux git://xenbits.xen.org/linux-pvops.git Tree: qemu git://xenbits.xen.org/staging/qemu-xen-unstable.git Tree: qemuu git://xenbits.xen.org/staging/qemu-upstream-unstable.git Tree: xen http://xenbits.xen.org/staging/xen-unstable.hg *** Found and reproduced problem changeset *** Bug is in

Hans van Kranenburg writes ("Re: Plans for buster"): > This can be done from tag debian/4.11.1_pre+1.733450b39b-1_exp1 (which > is right now the same as the master branch). Thanks for doing all this work. I have just sent it to experimental. I did some reviewing and diffing. I have some comments, or, at least, things I noticed. None of them were IMO blockers for experimental.

flight 12922 qemu-upstream-unstable real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/12922/ Regressions :-( Tests which did not succeed and are blocking, including tests which could not be run: test-amd64-i386-qemuu-rhel6hvm-amd 9 guest-start.2 fail REGR. vs. 12892 Regressions which are regarded as allowable (not blocking): test-amd64-i386-qemuu-rhel6hvm-intel 9

flight 14649 qemu-upstream-unstable real [real] http://www.chiark.greenend.org.uk/~xensrcts/logs/14649/ Failures and problems with tests :-( Tests which did not succeed and are blocking, including tests which could not be run: build-amd64-pvops 2 host-install(2) broken REGR. vs. 14472 build-i386-pvops 2 host-install(2) broken REGR. vs. 14472