Access to NETMAP from c++ program
Is this posible (now) for access to NETAMP from C++? I am see headers conflict: In file included from /usr/include/net/netmap_user.h:104: In file included from /usr/include/net/netmap.h:812: /usr/include/stdatomic.h:141:21: error: reference to 'memory_order' is ambiguous atomic_thread_fence(memory_order __order __unused) ^ /usr/include/stdatomic.h:134:3: note: candidate found by name lookup is 'memory_order' } memory_order; ^ /usr/include/c++/v1/atomic:585:3: note: candidate found by name lookup is 'std::__1::memory_order' } memory_order; ^ Yes, I am need in C++ program. Include before also don't work, w/ different error. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
Good question Ronald. A test - I can login to jail (b3) where I run apache as www user, so # jexec -U www b3 /bin/tcsh > whoami; id www uid=80(www) gid=80(www) groups=80(www) Expected - good! and I can, in the host # su -m www -c "whoami; id" www uid=80(www) gid=80(www) groups=80(www) Good - so my user exists in both host and jail. Though for your purposes the host user could be anyone. So we've demonstrated that I have an unpriv'ed user in both the host and jailed context. But # /usr/bin/su -m www -c "jexec -U www b3 /usr/bin/whoami" jexec: initgroups: www: Operation not permitted So unless I/we can identify the cause of this, you're stuck Which surprised me, as I typically run stuff in my jails using commands from the host, like: /usr/sbin/jexec -U www b3 /usr/local/sbin/httpd -f /usr/local/etc/apache24/httpd.conf Now to part 2 of your question. I do run sshd quite happily in the jails, so that may be an option for you. (actually I use dropbear in situations where I don't required the proper audit logs and its approx 50% of the sshd resources ;)) ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
Christos Chatzaras wrote on 2019/11/19 14:09: On 19 Nov 2019, at 15:02, mike tancsa wrote: On 11/19/2019 6:42 AM, Ronald Klop wrote: Hi, Is it possible to jexec into a jail as a regular user. Or to enable that somewhere? Or is the way to do such a thing to set up ssh in the jail? On 11.3 at least, does not the built in functionality of jexec do what you need ? jexec [-l] [-u username | -U username] jail [command ...] # jexec -U testuser 3 csh testuser@cacticonsole:/ % id uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) testuser@cacticonsole:/ % I think he wants to use jexec as a normal user from the main OS. If he wants to run jexec as root and login to jail as user then your command works. If you want to use jexec as normal user in host, look at sysutils/jailme from ports: https://www.freshports.org/sysutils/jailme/ This version is installed setuid and does some sanity checking to ensure the username and UID match between the jail and the host system. WWW: https://github.com/Intermedix/jailme Miroslav Lachman PS: I never used jailme personally ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
On Tue, 19 Nov 2019, mike tancsa wrote: On 11/19/2019 8:09 AM, Christos Chatzaras wrote: On 19 Nov 2019, at 15:02, mike tancsa wrote: On 11/19/2019 6:42 AM, Ronald Klop wrote: Hi, Is it possible to jexec into a jail as a regular user. Or to enable that somewhere? Or is the way to do such a thing to set up ssh in the jail? On 11.3 at least, does not the built in functionality of jexec do what you need ? jexec [-l] [-u username | -U username] jail [command ...] # jexec -U testuser 3 csh testuser@cacticonsole:/ % id uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) testuser@cacticonsole:/ % I think he wants to use jexec as a normal user from the main OS. If he wants to run jexec as root and login to jail as user then your command works. Ahhh, my mistake. A sudo entry then ? ---Mike At least on older FreeBSD versions, it's easy to wrap `jexec` in a few lines (literally a half-dozen) of C code, suid after compiling, and have users in the host environment jump into jails with it. (I haven't set this up in a while, to know if there are issues with 11.X or 12.X.) OTOH, there is a bitter-regret-filled gap between knowing enough to do that, and knowing enough to securely write and deploy suid-root programs. -Walter ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
On 11/19/2019 8:09 AM, Christos Chatzaras wrote: > On 19 Nov 2019, at 15:02, mike tancsa wrote: >> On 11/19/2019 6:42 AM, Ronald Klop wrote: >>> Hi, >>> >>> Is it possible to jexec into a jail as a regular user. Or to enable >>> that somewhere? >>> Or is the way to do such a thing to set up ssh in the jail? >>> >> On 11.3 at least, does not the built in functionality of jexec do what >> you need ? >> >> jexec [-l] [-u username | -U username] jail [command ...] >> >> # jexec -U testuser 3 csh >> testuser@cacticonsole:/ % id >> uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) >> testuser@cacticonsole:/ % >> > I think he wants to use jexec as a normal user from the main OS. > > If he wants to run jexec as root and login to jail as user then your command > works. Ahhh, my mistake. A sudo entry then ? ---Mike ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
> On 19 Nov 2019, at 15:02, mike tancsa wrote: > > On 11/19/2019 6:42 AM, Ronald Klop wrote: >> Hi, >> >> Is it possible to jexec into a jail as a regular user. Or to enable >> that somewhere? >> Or is the way to do such a thing to set up ssh in the jail? >> > On 11.3 at least, does not the built in functionality of jexec do what > you need ? > > jexec [-l] [-u username | -U username] jail [command ...] > > # jexec -U testuser 3 csh > testuser@cacticonsole:/ % id > uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) > testuser@cacticonsole:/ % > I think he wants to use jexec as a normal user from the main OS. If he wants to run jexec as root and login to jail as user then your command works. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
On 11/19/2019 6:42 AM, Ronald Klop wrote: > Hi, > > Is it possible to jexec into a jail as a regular user. Or to enable > that somewhere? > Or is the way to do such a thing to set up ssh in the jail? > On 11.3 at least, does not the built in functionality of jexec do what you need ? jexec [-l] [-u username | -U username] jail [command ...] # jexec -U testuser 3 csh testuser@cacticonsole:/ % id uid=1005(testuser) gid=1005(testuser) groups=1005(testuser) testuser@cacticonsole:/ % ---Mike ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: jexec as user?
> Is it possible to jexec into a jail as a regular user. Or to enable that > somewhere? > Or is the way to do such a thing to set up ssh in the jail? I was searching few months ago the same and I think it's not possible. Maybe you can do it using sudo. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
jexec as user?
Hi, Is it possible to jexec into a jail as a regular user. Or to enable that somewhere? Or is the way to do such a thing to set up ssh in the jail? Regards, Ronald. ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"