 HylaFAX The world's
most advanced open source fax server
|
[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]
Re: [hylafax-users] login error 550 cannot set privileges
- To: GianLuca Sarto <glsarto@xxxxxxxxxx>, hylafax-users@xxxxxxxxxxx
- Subject: Re: [hylafax-users] login error 550 cannot set privileges
- From: giuseppe <giuseppe@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sat, 16 Feb 2008 15:45:52 +0100
Hi Aidan and Gianluca,
On Sat, 16 Feb 2008 08:27:15 -0500, Aidan Van Dyk <aidan@xxxxxxxx> wrote:
> * Giuseppe Sacco <giuseppe@xxxxxxxxxxxxxxxxxxxxxxxxx> [080216 04:40]:
>> Ciao Gianluca,
>>
>> On Fri, 15 Feb 2008 18:20:43 +0100 GianLuca Sarto <glsarto@xxxxxxxxxx>
> wrote:
>> > Aidan Van Dyk wrote:
>> > > * GianLuca Sarto <glsarto@xxxxxxxxxx> [080215 04:24]:
>> [...]
>> > > Now, we are running as "uucp (uid 10), so we need to go back to root
>> > > temporarily to chroot and lock ourself up:
>> > >
>> > >> 10:12:14.341270 geteuid() = 10 <0.000008>
>> > >> 10:12:14.341320 setresuid(-1, 0, -1) = 0 <0.000012>
>> > >
>> > > So going back to euid of root worked, but:
>> > >
>> > >> 10:12:14.341377 chroot(".") = -1 EPERM (Operation not
> permitted) <0.000013>
>> > >
>> > > chroot failed, as well as trying to back to uucp again:
>> [...]
>>
>> could you please display how your /var/spool/hylafax filesystem is
> mounted?
>
> The interesting thin is that if it does a "hylafax restart", it all
> starts working again.
>
> So, I'm not familar with "Capability LSM" that Ubuntu seems to be using,
> but I had pick something from nowhere, I would guess that when it's
> started via the normal system stuff, it's got some "capability" limit on
> it, but when "started" from an "unrestricted" root ssh/shell session,
> that limit isn't enforced...
I am not an expert of SELinux either, so I suggest Gianluca to file a bug
report against ubuntu package, whith a high severity level, so that
hopefully an ubuntu developer will write a patch to the SELinux policy.
Probably a good point to start is https://wiki.ubuntu.com/HardySELinux or,
more generally, http://oss.tresys.com/projects .
Bye,
Giuseppe
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*
- References:
- Re: [hylafax-users] login error 550 cannot set privileges
- From: Aidan Van Dyk
- Re: [hylafax-users] login error 550 cannot set privileges
- Prev by Date: Re: [hylafax-users] login error 550 cannot set privileges
- Next by Date: [hylafax-users] Limit Modem To Receive Only
- Previous by thread: Re: [hylafax-users] login error 550 cannot set privileges
- Next by thread: Re: [hylafax-users] login error 550 cannot set privileges
- Index(es):
Project hosted by iFAX Solutions