On Mi, 21.10.20 22:13, Belisko Marek (marek.beli...@gmail.com) wrote:
> Hi,
>
> I'm facing a strange issue. When I boot system using systemd (244.3)
> and in one service I'm generating some certificates. When checking
> them I'm getting the result that the certificate was created 1.1.1970
> which
* Topi Miettinen:
>> The dynamic loader has to process the LOAD segments to get to the ELF
>> note that says to enable BTI. Maybe we could do a first pass and
>> load only the segments that cover notes. But that requires lots of
>> changes to generic code in the loader.
>
> What if the loader
On Do, 22.10.20 09:29, Szabolcs Nagy (szabolcs.n...@arm.com) wrote:
> > > The dynamic loader has to process the LOAD segments to get to the ELF
> > > note that says to enable BTI. Maybe we could do a first pass and load
> > > only the segments that cover notes. But that requires lots of changes
On Thu, Oct 22, 2020 at 7:58 AM Tomasz Torcz wrote:
>
> On Wed, Oct 21, 2020 at 10:13:10PM +0200, Belisko Marek wrote:
> > Hi,
> >
> > I'm facing a strange issue. When I boot system using systemd (244.3)
> > and in one service I'm generating some certificates. When checking
> > them I'm getting
* Lennart Poettering:
> On Mi, 21.10.20 22:44, Jeremy Linton (jeremy.lin...@arm.com) wrote:
>
>> Hi,
>>
>> There is a problem with glibc+systemd on BTI enabled systems. Systemd
>> has a service flag "MemoryDenyWriteExecute" which uses seccomp to deny
>> PROT_EXEC changes. Glibc enables BTI only
On Do, 22.10.20 09:05, Szabolcs Nagy (szabolcs.n...@arm.com) wrote:
> > > Various changes have been suggested, replacing the mprotect with mmap
> > > calls
> > > having PROT_BTI set on the original mapping, re-mmapping the segments,
> > > implying PROT_EXEC on mprotect PROT_BTI calls when
On Mi, 21.10.20 22:44, Jeremy Linton (jeremy.lin...@arm.com) wrote:
> Hi,
>
> There is a problem with glibc+systemd on BTI enabled systems. Systemd
> has a service flag "MemoryDenyWriteExecute" which uses seccomp to deny
> PROT_EXEC changes. Glibc enables BTI only on segments which are marked as
On 22.10.2020 10.54, Florian Weimer wrote:
* Lennart Poettering:
On Mi, 21.10.20 22:44, Jeremy Linton (jeremy.lin...@arm.com) wrote:
Hi,
There is a problem with glibc+systemd on BTI enabled systems. Systemd
has a service flag "MemoryDenyWriteExecute" which uses seccomp to deny
PROT_EXEC
* Topi Miettinen:
> Allowing mprotect(PROT_EXEC|PROT_BTI) would mean that all you need to
> circumvent MDWX is to add PROT_BTI flag. I'd suggest getting the flags
> right at mmap() time or failing that, reverting the PROT_BTI for
> legacy programs later.
>
> Could the kernel tell the loader of
Dimitri
In case you didn't see the earlier messages in this thread, I'm seeing
thousands of the DVE-2018-0001 messages, to the extent that they outnumber the
other messages in the log!
Please could I ask you to review this with the intent of either disabling this
message completely, or only
On 22.10.2020 10.54, Szabolcs Nagy wrote:
The 10/21/2020 22:44, Jeremy Linton wrote:
There is a problem with glibc+systemd on BTI enabled systems. Systemd
has a service flag "MemoryDenyWriteExecute" which uses seccomp to deny
PROT_EXEC changes. Glibc enables BTI only on segments which are
On Thu, Oct 22, 2020 at 11:51 AM Lennart Poettering
wrote:
>
> On Do, 22.10.20 11:47, Belisko Marek (marek.beli...@gmail.com) wrote:
>
> > On Thu, Oct 22, 2020 at 10:52 AM Lennart Poettering
> > wrote:
> > >
> > > On Mi, 21.10.20 22:13, Belisko Marek (marek.beli...@gmail.com) wrote:
> > >
> > >
On 22.10.2020 12.31, Catalin Marinas wrote:
On Thu, Oct 22, 2020 at 10:38:23AM +0200, Lennart Poettering wrote:
On Do, 22.10.20 09:29, Szabolcs Nagy (szabolcs.n...@arm.com) wrote:
The dynamic loader has to process the LOAD segments to get to the ELF
note that says to enable BTI. Maybe we
>> 1) Is there any way in journald.conf to perform a message
suppression
>> similar to the one I used for syslog? If not should there be one?
>No.
Does that mean no there isn't and also that there should not be, or are you
open to considering allowing a suppression mechanism similar to
On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote:
> >>1) Is there any way in journald.conf to perform a message
> suppression
> >> similar to the one I used for syslog? If not should there be one?
>
> >No.
>
> Does that mean no there isn't and also that there
On Do, 22.10.20 11:47, Belisko Marek (marek.beli...@gmail.com) wrote:
> On Thu, Oct 22, 2020 at 10:52 AM Lennart Poettering
> wrote:
> >
> > On Mi, 21.10.20 22:13, Belisko Marek (marek.beli...@gmail.com) wrote:
> >
> > > Hi,
> > >
> > > I'm facing a strange issue. When I boot system using
On Thu, Oct 22, 2020 at 10:52 AM Lennart Poettering
wrote:
>
> On Mi, 21.10.20 22:13, Belisko Marek (marek.beli...@gmail.com) wrote:
>
> > Hi,
> >
> > I'm facing a strange issue. When I boot system using systemd (244.3)
> > and in one service I'm generating some certificates. When checking
> >
On 22.10.2020 11.29, Szabolcs Nagy wrote:
The 10/22/2020 11:17, Topi Miettinen via Libc-alpha wrote:
On 22.10.2020 10.54, Florian Weimer wrote:
* Lennart Poettering:
Did you see Topi's comments on the systemd issue?
https://github.com/systemd/systemd/issues/17368#issuecomment-710485532
I
On Do, 22.10.20 11:53, Belisko Marek (marek.beli...@gmail.com) wrote:
> > Hmm? this service has nothing to do with epoch/clock setting. It's
> > used for systems that have a "reboot-for-update" mode.
>
> Sorry I mixed up things. Can you pls guide where can I find code which
> set date/time from
>>> Reindl Harald schrieb am 22.10.2020 um 18:49 in
Nachricht <9af67357-feaa-e1c7-291e-afe5f48e8...@thelounge.net>:
>
> Am 22.10.20 um 16:55 schrieb Dave Howorth:
>> On Thu, 22 Oct 2020 15:27:58 +0200
>> Reindl Harald wrote:
>>> Am 22.10.20 um 12:59 schrieb Lennart Poettering:
On Do,
On Thu, 22 Oct 2020 15:27:58 +0200
Reindl Harald wrote:
> Am 22.10.20 um 12:59 schrieb Lennart Poettering:
> > On Do, 22.10.20 11:11, David C. Partridge
> > (david.partri...@perdrix.co.uk) wrote:
> 1) Is there any way in journald.conf to perform a
> message
> >> suppression
>
Am 22.10.20 um 12:59 schrieb Lennart Poettering:
On Do, 22.10.20 11:11, David C. Partridge (david.partri...@perdrix.co.uk) wrote:
1) Is there any way in journald.conf to perform a message
suppression
similar to the one I used for syslog? If not should there be one?
No.
Does
On 10/22/20 9:55 AM, Dave Howorth wrote:
On Thu, 22 Oct 2020 15:27:58 +0200
Reindl Harald wrote:
Am 22.10.20 um 12:59 schrieb Lennart Poettering:
On Do, 22.10.20 11:11, David C. Partridge
(david.partri...@perdrix.co.uk) wrote:
1) Is there any way in journald.conf to perform a
message
Am 22.10.20 um 16:55 schrieb Dave Howorth:
On Thu, 22 Oct 2020 15:27:58 +0200
Reindl Harald wrote:
Am 22.10.20 um 12:59 schrieb Lennart Poettering:
On Do, 22.10.20 11:11, David C. Partridge
(david.partri...@perdrix.co.uk) wrote:
1) Is there any way in journald.conf to perform a
While it may be
true that "frontends" might provide some filtering (rsyslog, plenty of
options, journalctl much less)
in COCKPIT that filtering is easy, effective and intuitive to perform.
___
systemd-devel mailing list
On 22.10.2020 23.02, Kees Cook wrote:
On Thu, Oct 22, 2020 at 01:39:07PM +0300, Topi Miettinen wrote:
But I think SELinux has a more complete solution (execmem) which can track
the pages better than is possible with seccomp solution which has a very
narrow field of view. Maybe this facility
26 matches
Mail list logo