Re: CONFIG_NET_NS
On Mon, Jun 06, 2011 at 11:30:08AM -0500, Serge Hallyn wrote: > Quoting Tim Gardner (tim.gard...@canonical.com): > > On 06/01/2011 12:57 PM, Serge Hallyn wrote: > > >Hi, > > > > > >vsftpd spawns a network namespace in response to each client connection. > > >Lucid kernel is slow to release network namespaces, which results, in > > >bug 720095, in an easy remote DOS. The maverick kernel has a fix for > > >this, but it is hard to cherrypick. > > > > > >The bug was resolved by compiling the lucid kernel without > > >CONFIG_NET_NS. I'm emailing to ask that we reconsider that solution. > > > > > >Turning off CONFIG_NET_NS prevents libvirt from creating all containers > > >(lxc:///), and prevents lxc from creating most useful containers, > > >resulting in bug 790863. There is the workaround of installing the > > >backported kernel, but I don't believe that will satiate users who > > >really want LTS stability. For those users, we are effectively telling > > >them that they cannot use containers until 12/04. > > > > > > > What is wrong with suggesting the use of LTS backported kernels? The > > UDS decision to support these kernels until the next LTS should > > provide the same level of stability. We (the kernel team) are very > > I guess that depends on how LTS customers feel about "potential of > regressions, but supported" versus "the only updates will be security > updates." > > I hadn't realized that the LTS backported kernsl are supported. I > thought it was less formal than that. > > I'll leave it sit here, then. Thanks again. It was also pointed out[1] by Chris Evans, the author of vsftpd, that disabling the use of network namespaces by vsftpd just requires setting: isolate_network=NO in vsftpd.conf. Ah, looking at the bug report, it seems you proposed a patch vsftpd to turn off network isolation (i.e. use of CLONE_NEWNET) by default for lucid, but then didn't pursue that any further. Perhaps that's the way forward, to disable by default in vsftpd there and look for additional sources in the lucid archive that allow a new network namespace to be triggered by an unprivileged user (as vsftpd does here). The only downside would be anything outside of the archive that made use of CLONE_NEWNET could potentially cause the issue to be triggered. [1] http://www.openwall.com/lists/oss-security/2011/06/06/10 -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: [RFC] meeting minutes
On Fri, Apr 23, 2010 at 10:55:01PM +0200, Thierry Carrez wrote: > Weekly address 1-3 by roughly highlighting actions and decisions from > the meeting log, as proposed by Dustin, and do not post it on the blog. I don't have a strong opinion on your proposals, though I prefer to at least see action items in emails. One thing I wish we would do across the Ubuntu development community is to regularize on a way of annotating action items in emails, as some mail clients (e.g. mutt) will let you write regexs to match and highlight such things. Something like ACTION: IRCNick frob the fribnizz with filthy frosting LP: #314159 or whatever, we can bikeshed on the specific format for easiest regex writing. That way, on those rare occasions that I get ubuntu-server action items, they're instantly visible to me when reading email minutes. Similarly, people may also wish to write scripts to parse such things so that they can be dumped into a todo tracking tool like gtg or whatever. (For the record, in a .muttrc you'd add something like: color body white blue "^ *ACTION: *IRCNick .*$" to have action items show up in email bodies with white text on a blue background, rather distinctive in white on black emails. Season to taste, of course.) -- Steve Beattie http://NxNW.org/~steve/ signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
Re: Status of Ubuntu Server documentation for 10.04
On Thu, Mar 11, 2010 at 03:43:45PM +0100, Thierry Carrez wrote: > If anyone spots other issues, please add them to this thread :) I asked on the ubuntu-doc list if there was any specific reason why there was no documentation about how to report bugs in the server guide and elsewhere and got no response. Given that we ensured that apport is installed by default on ubuntu-server in Karmic and that Chuck Short has been working to add apport package hooks for server packages this cycle, I thought it would be useful to have some documentation in the server guide about how to file bugs with ubuntu-bug (and that you don't need a desktop environment/X to do so). Attached is my attempt at drafting such a section; I added it as an Appendix to the server guide. Feedback welcome! -- Steve Beattie http://NxNW.org/~steve/ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: sbeat...@ubuntu.com-20100312080009-mhwlz8oq9uors4e0 # target_branch: bzr+ssh://bazaar.launchpad.net/~ubuntu-core-\ # doc/ubuntu-docs/lucid/ # testament_sha1: e098dbd8093eb1b45052c27d16f791abb9d84bc8 # timestamp: 2010-03-12 00:00:55 -0800 # base_revision_id: rocket2...@ubuntu.com-20100311034638-\ # admur3do82n0gazx # # Begin patch === added file 'serverguide/C/reporting-bugs.xml' --- serverguide/C/reporting-bugs.xml 1970-01-01 00:00:00 + +++ serverguide/C/reporting-bugs.xml 2010-03-12 07:50:03 + @@ -0,0 +1,310 @@ + +http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd"; [ + +%globalent; + +%gnome-menus-C; + +%xinclude; + +]> + + Reporting Bugs in Ubuntu Server Edition + + + While the Ubuntu Project attempts to release software with as few + bugs as possible, they do occur. You can help fix these bugs by + reporting ones that you find to the project. The Ubuntu Project + uses https://launchpad.net/";>Launchpad + to track its bug reports. In order to file a bug + about Ubuntu Server on Launchpad, you will need to + https://help.launchpad.net/YourAccount/NewAccount";>create + an account. + + + +Reporting Bugs With ubuntu-bug + + +The preferred way to report a bug is with the +ubuntu-bug command. The ubuntu-bug +tool gathers information about the system useful to developers in +diagnosing the reported problem that will then be included in the +bug report filed on Launchpad. Bug reports in Ubuntu need to be +filed against a specific software package, thus the name of the +package that the bug occurs in needs to be given to ubuntu-bug: + + + +ubuntu-bug PACKAGENAME + + + +For example, to file a bug against the openssh-server package, you would do: + + + +ubuntu-bug openssh-server + + + +You can specify either a binary package or the source package +for ubuntu-bug. Again using openssh-server as an example, +you could also generate the report against the source package +for openssh-server, openssh: + + + +ubuntu-bug openssh + + + +See +for more information about packages in Ubuntu. + + + +The ubuntu-bug command will gather information about the system in +question, possibly including information specific to the specified +package, and then ask you what you would like to do with collected +information: + + + +ubuntu-bug postgresql + +*** Collecting problem information + +The collected information can be sent to the developers to improve the +application. This might take a few minutes. +.. + +*** Send problem report to the developers? + +After the problem report has been sent, please fill out the form in the +automatically opened web browser. + +What would you like to do? Your options are: + S: Send report (1.7 KiB) + V: View report + K: Keep report file for sending later or copying to somewhere else + C: Cancel +Please choose (S/V/K/C): + + + +The options available are: + + + + + +Send Report Selecting +Send Report submits the collected information to Launchpad as +part of the the process of filing a bug report. You will be +given the opportunity to describe the situation that led up to +the occurrance of the bug. + + + +*** Uploading problem information + +The collected information is being sent to the bug tracking system. +This might take a few minutes. +91% + +*** To continue, you must visit the following URL: + + https://bugs.launchpad.net/ubuntu/+source/postgresql-8.4/+filebug/kc6eSnTLnLxF8u0t3e56EukFeqJ? + +You can launch a browser now, or copy this URL into a browser on another +computer. + +Choices: + 1: Launch a browser now + C: Cancel +Please choose (1/C): + + + +If you choose to start a browser, by default the text based web +browser w3m will be used to finish filing +the bug report. Alternately, you can copy the given URL to a +currently running web browser. + + + + + +View Report
Re: Moving w3m out of standard
On Mon, Jun 16, 2008 at 03:31:46PM +0100, Matt Zimmerman wrote: > * w3m# we need some text-based html presenter > > I'd like to formally cast doubt on this statement from the standard seed. > This was originally added a long time ago in order to provide a text-based > browser for use on servers, at a time when the default server installation > was a strict subset of the desktop. It is completely superfluous on a > modern desktop. > > Now that this is becoming possible with the new server seed[1], I'd like to > propose that it move to the server seed instead (or even be removed, if the > server team doesn't feel it's appropriate). > > Note that wget, which is much smaller, simpler and more generally useful > (e.g. in scripts) is already in standard. I have no opinion as to where in the seeds w3m exists, so long as I can apt-get install it somehow on my apparently archaic desktop, where it is not superfluous at all. But do note that wget, curl et al serve slightly different purposes than w3m, lynx, elinks et al in that the latter do interpretation and presentation of html, not merely just pulling it from the network. For example, I use a text based email client and I use "w3m --dump" in my mailcap entry[0] to handle html email, so that I can read and respond to the processed output, not the raw html. It's particularly effective for handling html email that contains tables in it, especially if you need to address in your reply to said email specific elements within tables and wish to comment inline. And that's not even mentioning w3m-img, which lets it display graphical elements within an X terminal just peachy. (I picked w3m a couple of years ago because it handled tables and other formatted html layouts the best of it, lynx, and elinks. But which one does this best may have changed.) [0] Sorry, Kees. I don't even run it wrapped in an apparmor profile, though I know w3m has had a few security issues in the past. -- Steve Beattie <[EMAIL PROTECTED]> http://NxNW.org/~steve/ signature.asc Description: Digital signature -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
