similar to: [PATCH] klibc: fix capability dropping

This patch adds the ability to kinit to allow the dropping of POSIX capabilities. kinit is modified by this change, such that it understands the new kernel command line "drop_capabilities=" that specifies a comma separated list of capability names that should be dropped before switching over to the next init in the boot strap (typically on the root disk). When processing capabilities

Commit-ID: 163920f31f98db13f4e37796bb92f0844e7aaf45 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=163920f31f98db13f4e37796bb92f0844e7aaf45 Author: maximilian attems <max at stro.at> AuthorDate: Tue, 29 May 2012 18:58:31 +0200 Committer: maximilian attems <max at stro.at> CommitDate: Tue, 29 May 2012 19:03:08 +0200 [klibc] capabilities: Use fflush() instead

Commit-ID: 8544fef6d5e5bc8f927ffbd3e4031b905c907de9 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=8544fef6d5e5bc8f927ffbd3e4031b905c907de9 Author: maximilian attems <max at stro.at> AuthorDate: Sun, 27 May 2012 23:18:07 +0200 Committer: maximilian attems <max at stro.at> CommitDate: Sun, 27 May 2012 23:18:07 +0200 [klibc] kinit: Fix capabilities alternate

Hello Tom, > I took a look at lib/CodeGen/SelectionDAG/LegalizeDAG.cpp and it > doesn't look like there is an Expand operation implemented for > ISD::Constant. I think you'll either need implement Expand for > ISD::Constant or Custom lower it in your backend. thank you for that information. This exactly is what I feared. Well I did some more mostly unguided hacking and these

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

From: Maciej ?enczykowski <maze at google.com> This adds a new setting: KBUILD_REPRODUCIBLE If it is non-empty, ar and ranlib will be called in such a way that timestamps do not affect the build output. This allows one to get perfectly reproducible builds. Signed-off-by: Maciej ?enczykowski <maze at google.com> --- scripts/Kbuild.klibc | 14 +++++++++----- usr/klibc/Kbuild |

From: Maciej ?enczykowski <maze at google.com> uname(2) returns (like all syscalls) 0 on success. Signed-off-by: Maciej ?enczykowski <maze at google.com> --- usr/klibc/getdomainname.c | 2 +- usr/klibc/gethostname.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/usr/klibc/getdomainname.c b/usr/klibc/getdomainname.c index 61722ca3519b..218ff0baa871

klibc/scripts/basic/fixdep.c: In function 'traps': klibc/scripts/basic/fixdep.c:368: warning: dereferencing type-punned pointer will break strict-aliasing rules klibc/scripts/basic/fixdep.c:370: warning: dereferencing type-punned pointer will break strict-aliasing rules klibc/usr/dash/jobs.c: In function 'sprint_status': klibc/usr/dash/jobs.c:427: warning: format not a string

Hi! The Netfilter project proudly presents: iptables 1.4.13 nfacct 1.0.0 libnetfilter_acct 1.0.0 Changes in iptables include: * rpfilter support from Florian Westphal. * IPv6 ECN capable version from Patrick McHardy. * a couple of fixes for internal libiptc library. * fix leaking file descriptor to avoid annoying log messsages in SELinux from Maciej enczykowski. * nfacct match

On Thu, Jul 12, 2012 at 01:22:39PM +0200, Fabian Scheler wrote: > Hi Micah, > > > We have a very similar setup with the AMDIL backend(some operations support 64bit some don't). > > > > What we do is we enable MVT::i64, set legal to all operands that are legal and then set everything else to expand. > > thanks for your hint. Unfortunately, I didn't find any

Hi Micah, > We have a very similar setup with the AMDIL backend(some operations support 64bit some don't). > > What we do is we enable MVT::i64, set legal to all operands that are legal and then set everything else to expand. thanks for your hint. Unfortunately, I didn't find any time to work on my problem in the meantime as I was busy preparing lectures. However, the summer

Hello hpa, please pull from my debian klibc tree to kernel.org for minor fixes, that piled up after kernel.org shutdown, inluding a build fix against current linux 3.1. git pull git://anonscm.debian.org/users/maks/klibc.git scripts/basic/fixdep.c | 27 +++++++++++++-------------- usr/include/limits.h | 2 ++ usr/include/sys/file.h | 9 +++++++++ usr/include/sys/types.h |

Hello, does anybody know how to achieve the following with SSH... a) accept RSA authentication for all but root from any IP b) accept RSA authentication for root from a couple IPs/Netmasks c) accept password authentication for all but root from a dozen Netmasks d) accept password authentication for root from 3 local netmasks only ie. make authentication depend on the

Maciej ?enczykowski dixit: >I guess what I wanted to say is that it might be desirable to have the >klibc shell do some dancing (perhaps controlled by some flags, but on There is no klibc shell. >child should > >setsid() >close(2) >close(1) >close(0) >open("/dev/ttyS0", O_RDONLY) >open("/dev/ttyS0", O_WRONLY|O_NOCTTY)

On Fri, 2005-06-03 at 09:36, Simon Perreault wrote: > i'm not sure you've considered your position thoroughly. > I am, and I will say it again just for the shock value: > Red Hat is the main developer of CentOS. On Fri, 3 Jun 2005, Les Mikesell wrote: > I'd put it this way instead: Red Hat is responsible for any > difficulty in creating the CentOS distribution, while

When building klibc 1.5.25 against linux/master (ie. post 3.1) I'm seeing: klibc/generated/include/linux/if_packet.h:176: error: expected specifier-qualifier-list before '__aligned_u64' which seems to come from upstream commits: 0d4691ce112be025019999df5f2a5e00c03f03c2 remotes/linux/master~90^2~408 (origin) 96c131842aab45b5d139d0bcb417796819f5ee92 remotes/linux/master~90^2~169

This release features a dash sync to latest dash git (We continue in the tradition of providing the freshest dash), porter fixes for arm Debian and ppc64 Ubuntu. To the utils got added a minimal mv, so that /run initramfs content can be moved to the real rootfs. The shortlog is dominated by dash commits, plus usual minimal fixes. git repository: git://git.kernel.org/pub/scm/libs/klibc/klibc.git

https://bugzilla.mindrot.org/show_bug.cgi?id=1604 Summary: SCTP support for openssh Product: Portable OpenSSH Version: 5.2p1 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at

Hello, Just a few quick, but not very simple questions...: Do any Linux filesystems (besides XFS) support freezing? (ie. in conjuction with LVM snapshots this can allow a mounted filesystem to be frozen [freezing all processes writing to this filesystem] in a valid state (with possibly dangling unlinked files), the device can be snapshotted via LVM, and the original filesystem unfrozen - the

I guess what I wanted to say is that it might be desirable to have the klibc shell do some dancing (perhaps controlled by some flags, but on by default?) If getpid() == 1 then fork a child, continue in the child, have the parent wait for the child to terminate, then exit child should setsid() close(2) close(1) close(0) open("/dev/ttyS0", O_RDONLY) open("/dev/ttyS0",