is relative ;-)
For example, if you run a webserver, and one of the pages allows remote
code execution [1], a local root exploit can easily become a remote root
exploit via that exploitable page.
Regards,
Christian Boltz
[1] Are you 100% sure _all_ webhosting customers always run the latest
Hello,
Am Mittwoch, 31. August 2016, 08:36:39 CEST schrieb Michal Kubecek:
> On Tue, Aug 30, 2016 at 11:32:38PM +0200, Christian Boltz wrote:
> > Michal, do you know if there were AppArmor-related patches added
> > between the previous 3.11 Evergreen kernel and the (AFAIK)
>
d/or a bugreport if needed.
I'll also discuss this with the other AppArmor developers, but knowing
if there are possibly related patches (and ideally their filename) would
help a lot ;-)
Regards,
Christian Boltz
--
Kasper Unser im Usenet, geheiligt werde Deine Newsgroup, Dein Posting
kom
Hello,
Am Montag, 25. April 2016, 20:08:11 CEST schrieb Carlos E. R.:
> On 2016-04-25 19:53, Christian Boltz wrote:
> > Am Montag, 25. April 2016, 19:29:06 CEST schrieb Carlos E. R.:
> >> Mmmm, "rcauditd" does not exist. auditd.service does.
> >
> > One
Hello,
Am Montag, 25. April 2016, 19:29:06 CEST schrieb Carlos E. R.:
> On 2016-04-25 17:47, Christian Boltz wrote:
> > aa-logprof will read the log again every time you run it, which
> > means it sees the "old" event again.
>
> I thought it used some kind of ti
Hello,
Am Montag, 25. April 2016, 14:38:58 CEST schrieb Carlos E. R.:
> On 2016-04-25 01:04, Christian Boltz wrote:
> > Can you check if you still get dovecot-related events in
> > /var/log/audit/audit.log? (tail -f while restarting and using
> > dovecot) If in doubt, paste
for 2.9), but I'm not sure if
I have ever seen this one.
Anyway, the profile clearly allows the sys_resource capability ;-))
(having 10 similar lines for it doesn't hurt)
Regards,
Christian Boltz
--
> Ich hab letztens nen Film gesehen, in dem sich zwei Irre unterhalten
>
or rlimit settings on your system? Do you set
vsz_limit somewhere in your dovecot config?
Regards,
Christian Boltz
--
>Gibt es hier in dieser Liste eigentlich ausser mir noch jemanden ??
Nein, aber es laufen einige Robots, die Traffic vortäuschen. Ich
Hello,
Am Samstag, 16. April 2016, 13:27:18 CEST schrieb Wolfgang Rosenauer:
> Am 16.04.2016 um 13:11 schrieb Christian Boltz:
...
> > I just submitted the update:
> > https://build.opensuse.org/request/show/390298
>
> For whatever reason it ended up in the openSUSE:Mainten
Hello,
Am Samstag, 16. April 2016, 12:40:47 CEST schrieb Michal Kubecek:
> On Sat, Apr 16, 2016 at 12:24:03AM +0200, Christian Boltz wrote:
FYI: a quick test of the updated packages on one of my 13.1 machines
looks good.
> But I'm not realy expert on this. So maybe
>
> >
Hello,
Am Freitag, 15. April 2016, 09:12:06 CEST schrieb Michal Kubecek:
> On Thu, Apr 14, 2016 at 07:25:51AM +0200, Michal Kubecek wrote:
> > On Thu, Apr 14, 2016 at 12:31:48AM +0200, Christian Boltz wrote:
> > > General feedback if we want that "big" profile
'm not sure if all
changes are needed on 13.1, but IIRC at least some of them are.
Note that the patch is completely untested (except "it applies on top of
security:apparmor/apparmor_2_8") - feedback welcome ;-)
General feedback if we want that "big" profile updat
Hello,
Am Donnerstag, 7. April 2016, 09:57:17 CEST schrieb Ruediger Meier:
> On Wednesday 06 April 2016, Christian Boltz wrote:
...
> > You'll probably need to adjust the AppArmor profile a bit to allow
> > that. Otherwise, nscd won't be able to restart itsself (wh
/@{pid}/cmdline r,
The easiest way is probably:
echo '@{PROC}/@{pid}/cmdline r,' >> /etc/apparmor.d/local/usr.sbin.nscd
rcapparmor reload
This is fixed in the upstream profile (including the upcoming 2.9.3 and
2.10.1 releases), but I slightly doubt this is worth an update
step:
rpm -qf /usr/lib/systemd/system/haveged.service
I assume this will tell you the file belongs to haveged-$version.
Second step:
rpm -V haveged
This lists all files from the haveged package that were modified (no
output means nothing was modified).
If haveged.service isn't liste
15 matches
Mail list logo