similar to: Capability dropping support patch

This patch adds the ability to kinit to allow the dropping of POSIX capabilities. kinit is modified by this change, such that it understands the new kernel command line "drop_capabilities=" that specifies a comma separated list of capability names that should be dropped before switching over to the next init in the boot strap (typically on the root disk). When processing capabilities

I was wondering if it might be possible for an rsync developer to look over the attached patch (tested on Linux 2.4.24 against the rsync-2.6.0 release), and offer suggestions on how I could improve it. Basically I want to use Linux finer grained capabilities to retain only CAP_SYS_CHROOT & CAP_DAC_READ_SEARCH when rsync drops root privs. That way I can take whole system backups as a (mostly)

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

I'm experimenting with the libvirt lxc driver, and wondering if there is some way to control the capabilities assigned to the container processes. With lxc-tools, I can specify a configuration option, lxc.cap.drop, which causes the container processes to drop the specified privileges. My libvirt containers seem to run with

The usage of strict_strtoul() is not preferred, because strict_strtoul() is obsolete. Thus, kstrtoul() should be used. Signed-off-by: Jingoo Han <jg1.han at samsung.com> --- drivers/xen/xen-selfballoon.c | 54 +++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index

The usage of strict_strtoul() is not preferred, because strict_strtoul() is obsolete. Thus, kstrtoul() should be used. Signed-off-by: Jingoo Han <jg1.han at samsung.com> --- drivers/xen/xen-selfballoon.c | 54 +++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index

The usage of strict_strtoul() is not preferred, because strict_strtoul() is obsolete. Thus, kstrtoul() should be used. Signed-off-by: Jingoo Han <jg1.han at samsung.com> --- drivers/xen/xen-selfballoon.c | 54 +++++++++++++++++++++++++++-------------- 1 file changed, 36 insertions(+), 18 deletions(-) diff --git a/drivers/xen/xen-selfballoon.c b/drivers/xen/xen-selfballoon.c index

Timo, I see where at least one other person reported this, but here goes. I went from rc24 to rc25 this morning, and I got an assert and core from my own mailbox withing five minutes: Mar 2 06:52:26 karst dovecot: [ID 107833 mail.error] IMAP(jaearick): file mbox-sync-rewrite.c: line 408: assertion failed: (need_space == (uoff_t)-mails[idx].space) Mar 2 06:52:26 karst dovecot: [ID 107833

I had our production systems running on rc23, however we ran into problems when the server was under heavy load. Eventually, the server would begin to freeze all imap connection after authentication (according to the logs). A user would connect, authentication would succeed, and then the connection would sit until timing out. No error logs were produced. Upgrading to rc24 did not

Hi, almost everything is in the subject. Server : Solaris 9 /SPARC, Dovecot 1.0.rc22 Client : Mac OS X 10.4.8 (8L2127) Kernel-Version: Darwin 8.8.1 Thunderbird is: german Version 1.5.0.9 (20061207) With OS X Mail.app, message deletion works. With Thunderbird, a warning popup appear on the desktop. English translation is about "command failed, internal error occurred".

Hello, For those interested, I have released the NHW v0.3.0-rc24 new version. I continue to fine-tune the nhw_kernel weights.This new version has then more precision and a better visual quality. I find that this new version has now a good precision. NHW is still developed for neatness, and I don't know how far in precision I will be able to push the NHW technology. More at:

His Friends, I've been using dovecot-1.0.alpha5 for a long time, now i would like to update to v.1.0.rc24 on my Red Hat ES 4 machine, so i need an rpm version that i couldn't find on the web. Also now i can build the rpm package via SPECS, which i don't have. Plis, anybody would help? Thanks in advanced, Alfredo -------------- next part -------------- An HTML attachment was

Hi, sometimes there is a timeout, while logging in. Dovecot-rc24 Dovecot uses PAM, PAM uses a LDAP server. Solaris 10 The log, if everything is ok: auth(default): client in: AUTH 1 PLAIN service=POP3 secured lip=x.x.x.x rip=x.x.x.x resp= auth(default): client out: CONT 1 auth(default): client in: CONT<hidden> auth(default): client out: OK 1

> How do I start a process with a limited set of capabilities under > another uid? > > Use the sucap utility which changes uid from root without loosing any > capabilities. Normally all capabilities are cleared when changing uid > from root. The sucap utility requires the CAP_SETPCAP capability. > The following example starts updated under uid updated and gid updated >

On 4/30/19 3:15 PM, Peter Crowther wrote: > On Tue, 30 Apr 2019 at 10:48, Daniel P. Berrangé <berrange@redhat.com> > wrote: > >> On Tue, Apr 30, 2019 at 10:45:03AM +0100, Peter Crowther wrote: >>> On Tue, 30 Apr 2019 at 10:40, Michal Privoznik <mprivozn@redhat.com> >> wrote: >>> >>>> Is there any problem running libvirtd as root?

Filesystem rebalancing (BTRFS_IOC_BALANCE) affects the entire filesystem and may run uninterruptibly for a long time. This does not seem to be something that an unprivileged user should be able to do. Reported-by: Aron Xu <happyaron.xu@gmail.com> Signed-off-by: Ben Hutchings <ben@decadent.org.uk> --- fs/btrfs/volumes.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-)

Reindl on the compiled version the samba binary file is not in /usr/sbin/smbd and i think start whith samba file not with smbd El lun., 21 sept. 2020 10:41, Reindl Harald <h.reindl at thelounge.net> escribi?: > > > Am 21.09.20 um 14:47 schrieb jmpatagonia via samba: > > Hello I am using samba Version 4.11.2 compiled. > > > > To start the daemon I using > >

Running rc24 and with one user in particular they are getting "(auth) killed with signal 11" when trying to pop email. IMAP works. What causes this? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://dovecot.org/pipermail/dovecot/attachments/20070224/195f61be/attachment-0002.html>

> Hmm, > > I was using 0.3.0 rc24, or the unstable branch. I see 0.2.0 is listed as > 'stable' so maybe I should have used that. Please do keep me informed of > your progress. > > Craig After finally getting chan_misdn to load (missing #include to bitops.h under Debian at least) it still won't load, and won't tell me why even with all the debug stuff

Hi, Have encountered some strange behavior of dovecot: after few days of work (5-7 days, ~50 users, imap over ssl or tls) dovecot stops respond with "* OK Dovecot ready.". I.e. connection gets accepted, but no response from dovecot: [ivan at dyn-226 bin]$ telnet imap 143 Trying 192.168.100.9... Connected to imap.n-ix.com.ua (192.168.100.9). Escape character is '^]'. while