* Florian Sievers <[EMAIL PROTECTED]> [2008-11-26 05:35-0500]: > Package: util-vserver > Version: 0.30.216~r2772-4 > Severity: critical > Justification: breaks unrelated software > > *** Please type your report below this line *** > After updating to version 0.30.216~r2772-4 services like openssh or > postfix > stopped working. This is the output from the auth.log form one of my > vservers: > > ---Debug output from auth.log--- > Nov 25 11:39:25 web sshd[13098]: debug1: rexec start in 4 out 4 newsock > 4 pipe 6 sock 7 > Nov 25 11:39:25 web sshd[13091]: debug1: Forked child 13098. > Nov 25 11:39:25 web sshd[13098]: error writing /proc/self/oom_adj: > Permission denied > Nov 25 11:39:25 web sshd[13098]: debug1: inetd sockets after dupping: 3, > 3 > Nov 25 11:39:25 web sshd[13098]: Connection from 192.168.0.140 port > 52076 > Nov 25 11:39:25 web sshd[13098]: debug1: Client protocol version 2.0; > client software version OpenSSH_5.1p1 Debian-3 > Nov 25 11:39:25 web sshd[13098]: debug1: match: OpenSSH_5.1p1 Debian-3 > pat OpenSSH* > Nov 25 11:39:25 web sshd[13098]: debug1: Enabling compatibility mode for > protocol 2.0 > Nov 25 11:39:25 web sshd[13098]: debug1: Local version string > SSH-2.0-OpenSSH_5.1p1 Debian-3 > Nov 25 11:39:25 web sshd[13099]: fatal: chroot("/var/run/sshd"): > Operation not permitted > Nov 25 11:39:25 web sshd[13099]: debug1: do_cleanup > Nov 25 11:39:25 web sshd[13098]: debug1: do_cleanup > ------End of debug output------ > > Same problems with postfix and dovecot. The chroot command on the > console fails > too.
For sshd, this appears to be because of "UsePrivilegeSeparation" being set to 'yes' in in sshd config, which is the debian default along with SYS_CHROOT bcapability restricted by default in -4. micah
signature.asc
Description: Digital signature