date:20120528

Re: [jail] Allowing root privledged users to renice

2012-05-28 Thread Konstantin Belousov

On Sun, May 27, 2012 at 05:33:30PM -0600, Jamie Gritton wrote:
 On 05/25/12 10:48, Sean Bruno wrote:
 I've been toying with the idea of letting jails renice processes ... how
 dangerous and/or stupid is this idea?
 
  //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
 /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c 
 270a271,275
 + int   jail_allow_renice = 0;
 + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
 +jail_allow_renice, 0,
 +Prison root can renice processes);
 
 3857a3863,3865
 +  case PRIV_SCHED_SETPRIORITY:
 +  if (!jail_allow_renice)
 +   return (EPERM);
 
 Considering they can only renice their own stuff, and could always just
 start a new process anyway, I see very little reason to deny this.
But the -niced process affects the whole system.


pgpTVkDgDqsv0.pgp
Description: PGP signature

pxe + nfs + microsoft dhcp

2012-05-28 Thread pacija

Dear list readers,

I am having a problem with pxe loader on FreeBSD 9.0 i386 release. No
matter what value I put for DHCP option 017 (Root Path) in Microsoft
DHCP server, pxe always sets root path:
pxe_open: server path: /

I've read src/sys/boot/i386/libi386/pxe.c as instructed in handbook, and
i learned there that root path is a failover value which gets set if no
valid value is supplied by DHCP server. At first i thought that
Microsoft DHCP does not send it but i confirmed with windump it does:

--
15:46:49.505748 IP (tos 0x0, ttl 128, id 6066, offset 0, flags [none],
proto: UDP
(17), length: 392) dhcp.domain.tld.67  255.255.255.255.68: [bad udp
cksum 4537!]
BOOTP/DHCP, Reply, length 364, xid 0xdcdb5309, Flags [ none ] (0x)
  Your-IP 192.168.218.32
  Server-IP dhcp.domain.tld
  Client-Ethernet-Address 00:19:db:db:53:09 (oui Unknown)
  file FreeBSD/install/boot/pxeboot
  Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Subnet-Mask Option 1, length 4: 255.255.255.0
RN Option 58, length 4: 345600
RB Option 59, length 4: 604800
Lease-Time Option 51, length 4: 691200
Server-ID Option 54, length 4: dhcp.domain.tld
Default-Gateway Option 3, length 4: gate.domain.tld
Domain-Name-Server Option 6, length 4: dhcp.domain.tld
Domain-Name Option 15, length 1: ^@
RP Option 17, length 42:
192.168.218.32:/b/tftpboot/FreeBSD/install/^@
BF Option 67, length 29: FreeBSD/install/boot/pxeboot^@
--

I do not understand code well enough to fix it, or at least send
pxeloader static value of /b/tftpboot/FreeBSD/install/, so if someone
would instruct me how to do it i would be very grateful.

Thank you in advance for your help.


___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: [jail] Allowing root privledged users to renice

2012-05-28 Thread Mateusz Guzik

On Fri, May 25, 2012 at 10:23:53AM -0700, Julian Elischer wrote:
 On 5/25/12 10:04 AM, Bjoern A. Zeeb wrote:
 On 25. May 2012, at 16:48 , Sean Bruno wrote:
 
 I've been toying with the idea of letting jails renice processes ... how
 dangerous and/or stupid is this idea?
 
  //depot/yahoo/ybsd_9/src/sys/kern/kern_jail.c#5 -
 /home/seanbru/ybsd_9/src/sys/kern/kern_jail.c 
 270a271,275
 + int   jail_allow_renice = 0;
 + SYSCTL_INT(_security_jail, OID_AUTO, allow_renice, CTLFLAG_RW,
 +jail_allow_renice, 0,
 +Prison root can renice processes);
 
 3857a3863,3865
 +  case PRIV_SCHED_SETPRIORITY:
 +  if (!jail_allow_renice)
 +   return (EPERM);
 
 I think sysctls are a bad idea given jails have per-jail flags these days.
 
 Maybe also only allow re-nicing to be nicer but not less nice?
    for sure !  start a jail with it's max priority and the
 root within can allow nicer priorities only..
 you can always add priority from teh master (parent) environment outside.
 

Unless I seriously misunderstood something, that's the case right now.

That is, PRIV_SCHED_SETPRIORITY matters only if resulting nice parameter
would be lower.

-- 
Mateusz Guzik mjguzik gmail.com
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: nvidia-driver-295.49 is highly unstable

2012-05-28 Thread Mark Felder


On Sun, 27 May 2012 11:46:23 -0500, y...@rawbw.com wrote:

After the recent system upgrade that brought nvidia-driver-295.49 my  
system began to malfunction.
Xorg randomly freezes and gets to 100% CPU (in kde4), switching back  
from the black terminal takes 30 seconds, some windows don't repaint  
while windows effects are on, etc.

Switching back to 295.05.09 from Feb 11, 2012 fixed the problem.

9400GT

I can't believe this is only my problem. I think the version should be  
rolled back until the problem is fixed.




Hmmm I think this is exactly my problem. My desktop at home is working  
fine, but it's a 4xx and my work machine is a 9xxx. I honestly thought it  
was a flash problem because it seems to happen most on pages that have  
flash content.

___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: Activating libssp

2012-05-28 Thread Jeremie Le Hen

Hi Mel,

On Sun, May 27, 2012 at 08:15:02PM +0200, Mel Flynn wrote:
 Hi,
 
 for a port, I'm seeing:
 #ifdef _FORTIFY_SOURCE
 ...
 #endif
 
 I did a bit of reading (http://wiki.debian.org/Hardening) for example,
 searching through /usr/share/mk/* /usr/include/libssp, /usr/src/gnu/libssp.
 
 However, it's not clear to me, where the magic is that pulls in the
 libssp library that is in /lib.

 Also - it seems to be part of gcc, so does that mean on systems without
 gcc, that this library is not available or does clang have a variant?

gnu/lib/libssp is built for compatibility reasons.  See
http://svnweb.freebsd.org/base?view=revisionrevision=169718

Our libc provides the necessary symbols.
http://svnweb.freebsd.org/base/head/lib/libc/sys/stack_protector.c

 I do see -fstack-protector is added to CFLAGS by default, so I'm
 thinking there's some magic somewhere, but I'm just missing the docs
 that tell me if you add foo to CFLAGS then bar will happen, unless baz.

I'm not sure what you mean, but -fstack-protector is documented in GCC
documentation, I suppose it's the same for Clang but I didn't check.
You can disable it on FreeBSD by setting WITHOUT_SSP in src.conf(5).

-- 
Jeremie Le Hen

Men are born free and equal.  Later on, they're on their own.
Jean Yanne
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: pxe + nfs + microsoft dhcp

2012-05-28 Thread Rick Macklem

pacija wrote:

- Original Message -
 Dear list readers,
 
 I am having a problem with pxe loader on FreeBSD 9.0 i386 release. No
 matter what value I put for DHCP option 017 (Root Path) in Microsoft
 DHCP server, pxe always sets root path:
 pxe_open: server path: /
 
 I've read src/sys/boot/i386/libi386/pxe.c as instructed in handbook,
 and
 i learned there that root path is a failover value which gets set if
 no
 valid value is supplied by DHCP server. At first i thought that
 Microsoft DHCP does not send it but i confirmed with windump it does:
 
 --
 15:46:49.505748 IP (tos 0x0, ttl 128, id 6066, offset 0, flags [none],
 proto: UDP
 (17), length: 392) dhcp.domain.tld.67  255.255.255.255.68: [bad udp
 cksum 4537!]
 BOOTP/DHCP, Reply, length 364, xid 0xdcdb5309, Flags [ none ] (0x)
 Your-IP 192.168.218.32
 Server-IP dhcp.domain.tld
 Client-Ethernet-Address 00:19:db:db:53:09 (oui Unknown)
 file FreeBSD/install/boot/pxeboot
 Vendor-rfc1048 Extensions
 Magic Cookie 0x63825363
 DHCP-Message Option 53, length 1: Offer
 Subnet-Mask Option 1, length 4: 255.255.255.0
 RN Option 58, length 4: 345600
 RB Option 59, length 4: 604800
 Lease-Time Option 51, length 4: 691200
 Server-ID Option 54, length 4: dhcp.domain.tld
 Default-Gateway Option 3, length 4: gate.domain.tld
 Domain-Name-Server Option 6, length 4: dhcp.domain.tld
 Domain-Name Option 15, length 1: ^@
 RP Option 17, length 42:
 192.168.218.32:/b/tftpboot/FreeBSD/install/^@
 BF Option 67, length 29: FreeBSD/install/boot/pxeboot^@
What about getting rid of the ^@ characters at the end of
the strings?

rick

 --
 
 I do not understand code well enough to fix it, or at least send
 pxeloader static value of /b/tftpboot/FreeBSD/install/, so if someone
 would instruct me how to do it i would be very grateful.
 
 Thank you in advance for your help.
 
 
 ___
 freebsd-hackers@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
 To unsubscribe, send any mail to
 freebsd-hackers-unsubscr...@freebsd.org
___
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org

Re: [jail] Allowing root privledged users to renice

pxe + nfs + microsoft dhcp

Re: [jail] Allowing root privledged users to renice

Re: nvidia-driver-295.49 is highly unstable

Re: Activating libssp

Re: pxe + nfs + microsoft dhcp

6 matches

Site Navigation

Mail list logo

Footer information