similar to: bind chroot, bind mounts and selinux

I went through the chroot/selinux review when Centos6 came out. I went with selinux and no chroot. I don't have too much of an issue with systemd; I am learning it as I go. I am putting up a Samba4 AD with Bind-DLZ backend. The Samba wiki explicitly calls out no chroot and kind of explains why. so I come out on the selinux side. On 09/09/2015 09:09 PM, Tom Robinson wrote: > Hi All,

How about trying commercial RHEV? Eero 22.6.2016 8.02 ap. "Tom Robinson" <tom.robinson at motec.com.au> kirjoitti: > Hi, > > I have two KVM hosts (CentOS 7) and would like them to operate as High > Availability servers, > automatically migrating guests when one of the hosts goes down. > > My question is: Is this even possible? All the documentation for HA

Hi, I've been looking for an answer to this question and can't find anything concrete that says full support for write barriers has been backported to the stock kernel. I've read that: "There is incomplete write barrier support in kernel versions 2.6.32 and earlier (2.6.31 has some support, while 2.6.33 works for all types of device target) - RHEL 6 uses 2.6.32." Now, I

Hi, Not sure if I should post in samba-technical or just samba list. Please advise. Back in February I was trying to do a samba-tool classicupgrade but kept getting SIGSEGV: https://lists.samba.org/archive/samba/2017-February/206409.html I didn't progress much after that. This week I've compiled samba-4.6.5 and installed that. Following the HOW-TO for classic upgrade

CentOS Linux release 7.1.1503 (Core) amanda-3.3.3-13.el7.x86_64 amanda-client-3.3.3-13.el7.x86_64 amanda-libs-3.3.3-13.el7.x86_64 dump-0.4-0.22.b44.el7.x86_64 Hi, I have been using amanda backup for quite a long time now. I'm busy migrating some older hosts to CentOS 7 but have found that the available amanda packages (see above) have not been compiled on a host that has the 'dump'

Hi, I'm having trouble with the classic upgrade. We have three samba servers: Server1: CentOS 5/Samba 3.6 (with smbldap-tools) Server2: CentOS 6/Samba Version 4.2.14-SerNet-RedHat-23.el6 Server3: CentOS 7/Samba Version 4.2.14-SerNet-RedHat-23.el7 Server 1: CentOS 5/Samba 3.6 (with smbldap-tools) Serves our OpenLDAP backend for centralised authentication (LDAP replicated to two other servers

Hi, I have two KVM hosts (CentOS 7) and would like them to operate as High Availability servers, automatically migrating guests when one of the hosts goes down. My question is: Is this even possible? All the documentation for HA that I've found appears to not do this. Am I missing something? My configuration so fare includes: * SAN Storage Volumes for raw device mappings for guest vms

# cat /etc/redhat-release CentOS Linux release 7.1.1503 (Core) # uname -r 3.10.0-123.20.1.el7.x86_64 Hi, We use iSCSI over a 10G Ethernet Adapter and SRP over an Infiniband adapter to provide multipathing to our storage: # lspci | grep 10-Gigabit 81:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01) 81:00.1 Ethernet controller: Intel Corporation

CentOS Linux release 7.2.1511 (Core) Hi, Last night our CentOS 7 server rebooted. Seemingly it's a very clean reboot. I can't find a shred of evidence as to why it happened though. Things I've checked: * sa reports * /var/log/{messages,secure,dmesg,cron} * /var/log/audit/audit.log * lastlog The host is used for KVM virtualisation and connects via multipathing to our OmniOS SAN via

Hi, I've done a classic upgrade to from samba 3.6.23 to samba 4.6.5 bringing across all the user accounts. The samba 3.6.23 we set up with smbldap as an NT Domain with OpenLDAP. After a lot of effort the classic upgrade worked well but now I'm a bit stuck with idmapping. The new AD DC is running 4.6.5 on CentOS7 and I can connect using ADUC. I set up a separate AD DM on a another CentOS7

Hi all: I'm looking to chroot sftp; but not chroot ssh sessions. I came across some info that said this is possible. But after searching this list's archives and Google, I was rather confused about the different patches for chrooting, and couldn't find anything that appeared to only chroot sftp. Is such a patch available? Can someone point me in the right direction? Erik

> > The main problem seems to be with the way that debian starts bind > > using > > the script /etc/init.d/bind. I thought it would be really neat to > > just > > change the #!/bin/sh at the top of the script to something like : > > #!/usr/sbin/chroot /chroot-dns/ /bin/sh > > or > > #!/usr/sbin/chroot /chroot-dns/

You must mean your most wanted feature. Mine is the integration of Simon's GSS patches. Nico -- > -----Original Message----- > From: Jean-Michel POURE [mailto:jm.poure at freesurf.fr] > Sent: Friday, May 17, 2002 7:35 AM > To: Markus Friedl; openssh-unix-dev at mindrot.org > Subject: OpenSSH 3.2.2 released : chroot > > > Le Vendredi 17 Mai 2002 00:36, Markus

Hi there, let me just ask if you know some good way to set up user chrooting in such a way, that each sftp user has its chroot directory entry somewhere (whatever path) and gets chrooted there upon its login? Maybe such feature is planned? Thanks... K.

I just downloaded the bind-chroot rpm and looked into it with Archive manager (so I am lazy), and no files, just the chroot tree. I am assuming there is some script that Archive manager does not show, or I am just missing it, because the ROOTDIR= did get added to /etc/sysconfig/named (and the one in the bind rpm is without this line). Just interesting that if you chroot, you are expected to

Plagued with an error I can't get past: ==> dovecot_info.log <== dovecot: Mar 04 22:09:06 Info: Dovecot starting up ==> dovecot.log <== dovecot-auth: Mar 04 22:09:07 Fatal: Can't open configuration file /usr/local/etc/dovecot-pgsql.conf: No such file or directory dovecot: Mar 04 22:09:07 Error: child 18211 (auth) returned error 89 dovecot: Mar 04 22:09:07 Error: Auth process

On Tue, 14 Jul 1998, cfb wrote: > The main problem seems to be with the way that debian starts bind using > the script /etc/init.d/bind. I thought it would be really neat to just > change the #!/bin/sh at the top of the script to something like : > #!/usr/sbin/chroot /chroot-dns/ /bin/sh > or > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing

Hello, I've got strange problem with centos (as well as rhel btw) chrooted environment. First of all I created simple directory with only the libs for 'bash' and 'id' tools: ---- # chroot testcase/ bash-3.1# id uid=0 gid=0 groups=0,1,2,3,4,6,10 ---- Yes, I even do not have /etc/ directory inside testcase/ , but id shows groups from the _host_ root account. I tried to

I am wondering what modifications to the chroot patch in the contrib directory for openssh would be necessary for it to be accepted into the standard release. Is anybody currently working on chroot for openssh? I would be willing to work on improving and testing the patch if I knew it would become a standard part of openssh. My main interest in a chrooted openssh is to provide chrooted sftp so I

On Thu, April 13, 2017 3:05 am, Nicolas Kovacs wrote: > Le 13/04/2017 ? 04:27, Robert Moskowitz a ?crit : >> But make sure to have SELinux enabled if you do not run it chrooted. >> >> I have mine running that way. > > I bluntly admit not using SELinux, because until now, I mainly used more > bone-headed systems that didn't implement it. Maybe this is the right