Displaying 20 results from an estimated 200 matches similar to: "dovecot & cap_net_admin capability"
2017 Jun 20
0
dovecot & cap_net_admin capability
On 20 Jun 2017, at 14.18, Michal Hlavinka <mhlavink at redhat.com> wrote:
>
> Hi,
>
> we've seen SELinux reports from our users that dovecot tried to use something that needs CAP_NET_ADMIN capability. Before enabling it, we would like to know where it originated from. I've checked the sources, but was not able to find anything that would require this capability. Do you
2020 Jan 16
2
[Bug 1398] New: tproxy rule is not matched for ip6
https://bugzilla.netfilter.org/show_bug.cgi?id=1398
Bug ID: 1398
Summary: tproxy rule is not matched for ip6
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Ubuntu
Status: NEW
Severity: normal
Priority: P5
Component: kernel
Assignee: pablo at netfilter.org
2016 Oct 05
3
Dev: new option to mark all tincd socket of a tincd process
I know i'm new to the list but i'd like to propose something for tincd
daemon.
I'd like to mark all sockets established by a tincd process with a mark
passed as an argument in the command line.
What could be the purpose of this new option?
The goal of this option is to be able to have several tincd process
running at the same time using the same port but using different ip.
In
2004 Sep 09
0
Setting priority in userspace gets ignored
Briefly what I am trying to achieve is using the HTB qdisc to handle
traffic generated from
userspace. To achieve this I create a standard Gold/Silver/Bronze
configuration as follows;
tc qdisc add dev eth0 root handle 1: htb default 12
tc class add dev eth0 parent 1: classid 1:1 htb rate 100mbit
tc class add dev eth0 parent 1:1 classid 1:10 htb rate 1mbit ceil 100mbit
tc class add dev eth0
2016 Oct 06
0
Dev: new option to mark all tincd socket of a tincd process
On Wed, Oct 05, 2016 at 07:27:54PM +0200, Olivier Tirat wrote:
> I'd like to mark all sockets established by a tincd process with a mark
> passed as an argument in the command line.
[...]
> Do you think its something interesting?
> Do you think its a hard work to do?
> If not i could probably try to do it and propose a patch for that if you
> think it is interesting.
I
2023 Aug 29
1
[PATCH v3 0/3] vduse: add support for networking devices
On 8/11/23 00:00, Jakub Kicinski wrote:
> On Thu, 10 Aug 2023 17:42:11 -0400 Michael S. Tsirkin wrote:
>>> Directly into the stack? I thought VDUSE is vDPA in user space,
>>> meaning to get to the kernel the packet has to first go thru
>>> a virtio-net instance.
>>
>> yes. is that a sufficient filter in your opinion?
>
> Yes, the ability to create
2023 Aug 29
1
[PATCH v3 0/3] vduse: add support for networking devices
On 8/11/23 00:00, Jakub Kicinski wrote:
> On Thu, 10 Aug 2023 17:42:11 -0400 Michael S. Tsirkin wrote:
>>> Directly into the stack? I thought VDUSE is vDPA in user space,
>>> meaning to get to the kernel the packet has to first go thru
>>> a virtio-net instance.
>>
>> yes. is that a sufficient filter in your opinion?
>
> Yes, the ability to create
2023 Aug 29
1
[PATCH v3 0/3] vduse: add support for networking devices
On Tue, Aug 29, 2023 at 03:34:06PM +0200, Maxime Coquelin wrote:
>
>
> On 8/11/23 00:00, Jakub Kicinski wrote:
> > On Thu, 10 Aug 2023 17:42:11 -0400 Michael S. Tsirkin wrote:
> > > > Directly into the stack? I thought VDUSE is vDPA in user space,
> > > > meaning to get to the kernel the packet has to first go thru
> > > > a virtio-net instance.
1997 Jan 12
9
dos-attack on inetd.
Hi.
I don''t know if this one is known, but I can''t recall seeing anything
about it. If it is old news I apologize.
I discovered a bug in the inetd that comes with NetKit-B-0-08 and older.
If a single SYN is sent to port 13 of the server, inetd will die of Broken
Pipe:
write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe)
--- SIGPIPE (Broken pipe) ---
2023 Aug 30
1
[PATCH v3 0/3] vduse: add support for networking devices
On 8/29/23 19:05, Michael S. Tsirkin wrote:
> On Tue, Aug 29, 2023 at 03:34:06PM +0200, Maxime Coquelin wrote:
>>
>>
>> On 8/11/23 00:00, Jakub Kicinski wrote:
>>> On Thu, 10 Aug 2023 17:42:11 -0400 Michael S. Tsirkin wrote:
>>>>> Directly into the stack? I thought VDUSE is vDPA in user space,
>>>>> meaning to get to the kernel the packet
2015 Mar 02
2
QEMU interface type=ethernet
With Libvirt under modern kernels, you can't use <interface
type='ethernet'> unless QEMU is running as root.
Running qemu as root is not ideal, but I was able to track down the
issue to this linux change:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca6bb5d7ab22ac79f608fe6cbc6b12de6a5a19f0
Which means that if you're seeing errors like this:
2020 Aug 30
1
Re: plug pre-created tap devices to libvirt guests
> On Tue, Jun 30, 2020 at 04:02:05PM +0100, Daniel P. Berrangé wrote:
> > On Tue, Jun 30, 2020 at 12:59:03PM +0200, Miguel Duarte de Mora Barroso wrote:
> > > On Mon, Apr 6, 2020 at 4:03 PM Laine Stump <lstump redhat com> wrote:
> > > >
> > > > On 4/6/20 9:54 AM, Daniel P. Berrangé wrote:
> > > > > On Mon, Apr 06, 2020 at 03:47:01PM
2007 Apr 18
0
[Bridge] [PATCH] (4/11) bridge - ioctl cleanup and consolidation
Merge the ioctl stub calls that just end up calling the sub-function
to do the actual ioctl. Move br_get_XXX_ifindices into the ioctl file
as well where they can be static.
diff -Nru a/net/bridge/br_device.c b/net/bridge/br_device.c
--- a/net/bridge/br_device.c 2004-05-20 10:51:05 -07:00
+++ b/net/bridge/br_device.c 2004-05-20 10:51:05 -07:00
@@ -19,21 +19,6 @@
#include <asm/uaccess.h>
2015 Mar 02
0
Re: QEMU interface type=ethernet
On 3/2/2015 1:41 PM, Brian Rak wrote:
> With Libvirt under modern kernels, you can't use <interface
> type='ethernet'> unless QEMU is running as root.
>
> Running qemu as root is not ideal, but I was able to track down the
> issue to this linux change:
>
>
2007 Apr 18
0
[Bridge] [PATCH] (9/11) bridge -- new ioctl interface for 32/64 compatiablity
Add four new ioctl's for the operations that can't be done through sysfs.
The existing bridge ioctl's are multiplexed, and most go through SIOCDEVPRIVATE
so they won't work in a mixed 32/64bit environment.
The new release of bridge-utils will use these if possible, and fall
back to the old interface.
diff -Nru a/include/linux/if_bridge.h b/include/linux/if_bridge.h
---
2020 Jun 30
1
Re: plug pre-created tap devices to libvirt guests
On Tue, Jun 30, 2020 at 12:59:03PM +0200, Miguel Duarte de Mora Barroso wrote:
> On Mon, Apr 6, 2020 at 4:03 PM Laine Stump <lstump@redhat.com> wrote:
> >
> > On 4/6/20 9:54 AM, Daniel P. Berrangé wrote:
> > > On Mon, Apr 06, 2020 at 03:47:01PM +0200, Miguel Duarte de Mora Barroso wrote:
> > >> Hi all,
> > >>
> > >> I'm aware
2019 Apr 30
3
Re: libvirtd via unix socket using system uri
On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> wrote:
> Is there any problem running libvirtd as root?
>
> Yes, in the regulated environment in which I work! I have to do far more
thorough threat analysis than I would do if I knew which capabilities it
had. So far, we've accepted the extra work; but it would be wonderful to
be able to run a locked-down
2009 Aug 19
1
CAP_FOWNER=ep for asterisk
Hello,
I need CAP_FOWNER=ep for the asterisk process, i set it with setcap on
the file /usr/sbin/asterisk, it's there when i look on it with getcap,
but after starting and loocking with getpcaps there's only
cap_net_admin+ep set.
So how exactly do I set CAP_FOWNER? Do I have to patch and recompile
or is there another solution I did not see yet?
thanks,
best
--
Raimund Sacherer
2007 Apr 18
1
[Bridge] [PATCH 2.4] bridge - eliminate br_ioctl_mutex
The bridge code doesn't need a separate ioctl, mutex it can just
use the existing RTNL mechanism. This avoids some races and deadlocks
on shutdown.
This is for 2.4; a similar mechanism has been in 2.6 for some time.
diff -Nru a/net/bridge/br.c b/net/bridge/br.c
--- a/net/bridge/br.c 2004-06-21 07:46:49 -07:00
+++ b/net/bridge/br.c 2004-06-21 07:46:49 -07:00
@@ -22,6 +22,7 @@
#include
2017 Mar 31
2
Network isolation for KVM guests
On Fri, Mar 31, 2017 at 05:06:53PM +0200, Sven Kieske wrote:
> On 31/03/17 15:55, C. L. Martinez wrote:
> > I need to attach two physical interfaces to a guest and these phy interfaces have IP and routes assigned and I need to get them off the main routing table.
>
> I do not understand this.
>
> You can attach a physical (or virtual, doesn't matter), interface to any