Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
I have recently started using OpenBSD. And I want to create easy fire-and-forget containers/VM or something es (it should be used as a Sandbox).
The user can upload his source code (C++/Java/Perl), it will be compiled on the Server (OpenBSD), if this was successful, it should execute this File and then return the result to the Web page.
How can I provide this in OpenBSD?
Also, should I use chroot, since 'jail' will be removed in 6.0? Or are there other possibilities to create a "sandbox" in OpenBSD?
Currently OpenBSD doesn't support any "chroot on steroid" mechanism. In the past, same jail feature (named sysjail) was in ports, but removed in 2007 because it was not easy to maintain and pretty insecure. You can find more information about it on stackexchange and with your search engine.
Historically, OpenBSD only support chroot(8) and work exactly like other system:
create an alternative root with userland on it
# create your target chroot
target="/tmp/chroot"
mkdir ${target}
# now build and install your userland
cd /usr
cvs -qz3 -d${repository} co src -r${openbsd_release}
cd /usr/src
make obj && make && make install DESTDIR=${target}
start your daemon or your soft in it
# in root
chroot /tmp/chroot
# run your daemon here
# note: you need to init also dev directory
# and, eventually, customize /etc/fstab
# /tmp is currently not allowed to have dev on it
# please see fstab(5) man page
Lot of software in base support chroot feature, openntpd, openssh, httpd and many others are configured by default in isolated directory.
Now, since OpenBSD 5.9, you can use vmm(4) hypervisor and vmctl(8) in base. You can start your vmd daemon and create isolated container like any other hypervisor (bhyve, xen or kvm).
# from openbsd vmctl man page example
vmctl create disk.img -s 4.5G
vmctl start "myvm" -m 512M -i 1 -d disk.img -k /bsd
vmctl stop 1
You can also use another approach based on software in ports, qemu work pretty well but have poor performance on OpenBSD, due to lake of kernel acceleration support and in parts because of filesystem structure.
Now, concerning your main issue (offer a way of remote compiling source code), I guess the better idea is to truly isolate your code from main system, and using something like vmctl or qemu could be the good answer. Perhaps qemu would be the better, because you can use standard user to execute it, without kernel feature and with lot of network features, but compilation would be really slow.
Check out pledge and unveil
You can use pledge for restricting system calls and unveil for hiding the directories
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 2 years ago.
Improve this question
The only requirement is to be able to run python 3 command , i won't be installing additional packages on it. I have used alpine before and I have seen python slim , are those my best options ?
Also would appreciate of you can point out similar images for other programming languages
What I am trying to build is a simple service to which the user sends his code + input and the service executes it on respective containers(pods) running on the cluster and returns the output
You could use the alpine package because it is light and secure focused, and then you can go through the services and applications, and decide if these are not needed and remove them. Afterwards you can create another Docker image from this container.
I found a webpage which helps with efficiency of a build, by using the Docker cache more effectively, if this helps,
https://vsupalov.com/speed-up-python-docker-image-build/
The Problem
Your Dockerfile probably contains something like this:
ADD code /app # executed on every small change
RUN pip install -r /app/requirements.txt
# and here we go again...
You’re adding your project code (Flask or Django project?) after installing the necessary libraries and setting up a virtual environment. Then, you’re running pip to install the exact versions of every Python dependency needed for the project in a “requirements.txt” file.
You’re not using the Docker cache as well as you could. The good news is: there’s a simple way to fix that.
Use The Docker Cache
You can prevent the perpetual re-execution of the dependency-installation step if there were not actual changes to the stuff you’re using. There’s no tricky volume mounting or multi-stage build kung-fu needed.
The ADD directive only needs to run if the referenced file changed since the last time it was executed. If it did, every single build step needs to run again, but if it’s the same you can just use a version from the Docker cache and skip to the next one.
If you add the requirements.txt file before your other code, and run the pip install step right after it, both will only be executed if the file changes. Not on every build.
ADD code/requirements.txt /app/requirements.txt
RUN pip install -r /app/requirements.txt
# the steps above only depend on the requirements.txt file!
ADD code /app
This way, you can skip the expensive operation if nothing changed and reuse a cached state. You Docker image build will be faster in most cases. Once that’s not enough anymore, there are more elaborate ways to improve on the process.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have installed cups 2.0 on my Ubuntu box. I installed from source. When I type the first few commands in the CUPS manual it returns the message Bad file descriptor. Here is an example
VPCZ12V9E:~$ sudo lpinfo -m
lpinfo: Bad file descriptor
VPCZ12V9E:~$ lpstat -p
lpstat: Bad file descriptor
Please suggest why this is happening? It implies to me that I have a problem. I have not tried adding a printer yet. I have only installed CUPS 2.0.
Ensure also you have Started Cupsd Service
According to the ArchWiki (https://wiki.archlinux.org/index.php/CUPS), the service is called: org.cups.cupsd.service
Check the service by: sudo systemctl status org.cups.cupsd.service
Start (if not started) the service by: sudo systemctl start org.cups.cupsd.service
Enable the service (if not enabled) by: sudo systemctl enable org.cups.cupsd.service
I had the same error message. According to https://bbs.archlinux.org/viewtopic.php?id=185298 , make sure that /etc/cups/client.conf contains
ServerName /var/run/cups/cups.sock
Just leaving this here in case someone stumbles into the same problem as I did.
I'm running Debian Jessie, which has CUPS 2.0.3 and systemd. During some experiments the socket stopped working and I had the above symptoms. It was enough to systemctl restart systemd.socket, restarting cups was not enough. Also no config modification, as mentioned in the other answer was necessary.
In addition to the other solutions (which are all valid ones), it can happen when you upgrade your system kernel.
So one can also simply restart its system to ensure everything is right before investigating deeper.
Just to throw in my 2 cents:
I got this message because I forgot to open Port 631. Test if the port is open with:
nc -zv <hostname> 631
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I'm a user of Ubuntu 12.04 LTS and in a future a user of Ubuntu 14.04 LTS.
I have a problem, when I run Ubuntu my .bashrc script doesn't work unless I open the terminal.
This is a problem because, for example, the paths I write doesn't work unless I execute the programs from the terminal.
Are there an user config startup file for Ubuntu and not for the terminal?
P.D.:Maybe I don't explain very well, in other words, I'd like to execute mi scripts on Ubuntu startup without using the terminal.
Shell initialisation files (.profile, .bashrc, etc.) are intended for preparing the user's (interactive) environment.
For standalone scripts, it's better to make them independent from the environment, including
$HOME, $PATH, etc.
If you need to share code (functions, configuration) with other scripts, store that in a separate
shell library that you source from a known location, either through a fixed path or from a
path relative to the script's own location.
you can add the line below at the start of your script file
source ~/.bashrc
grep '/etc/bashrc' ~/.bashrc
if [ -f /etc/bashrc ]; then
. /etc/bashrc # --> Read /etc/bashrc, if present.
by default /etc/bashrc gets loaded when opening a console.
What are you trying to do - if you want to do something without it being executed as part of a console and more to do with system startup ? then you need to look into modifying existing service or adding a new service.
If this is related to when users ssh or connect it via console then its be bashrc file
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I have performed the following steps to install OpenLdap on my Redhat Linux Server:
1. untar the tar file
2. ./configure <--this ran successfully without error
3. make depend
4. make
5. make test <-- couldn't find any error
6. make install
7. started slapd: /usr/local/sbin/slapd
But the service is not starting. I don't see any slapd process in the ps -lef | grep slapd output. Also I see this, when i run : ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
What could be the error and also How can I completely uninstall OPENLDAP
There are two questions here:
What could be the error?
It's possible that you haven't appropriately configured slapd. There are probably errors in your syslog (/var/log/messages) that will help you diagnose problems. You can also run slapd in debugging mode (slapd -d none) to see errors displayed on your terminal.
How can I completely uninstall OpenLDAP?
That's a little tricky, since you (a) elected to install it from source rather than using an existing package and (b) you didn't install it into a dedicated directory. To completely uninstall it, you would have to pay close attention to what files are installed by running make install and then remove them.
However, there's no harm in leaving the files installed on your system as long as you're not using them. You can remove anything that was installed into /usr/local/bin or /usr/local/sbin if you want to prevent them from conflicting with versions of those commands installed via system packages.
If OpenLDAP is the only thing you've installed in /usr/local you can just remove any files below that directory.
Generally, if you can use the pre-packaged versions of software available in your Linux distribution your life will be easier. For example, if you were to install the RedHat openldap-servers package, you would have a default configuration that would allow slapd to start and run correctly.
To uninstall. look through either the log output from the configure command, or type "configure --help" to see a list of directories that things are installed in by default. Most likely it populated files into /usr/local/bin, /usr/local/lib, and so forth, so you'll need to into those directories and remove the files by hand.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I accidentally set owner of root folder (/) and all subfolders to one user by command
$ sudo chown -R 'userName' /*
Now I wanna set owner back to root user by command
$ chown -R root:root /*
But I have no permission for this operation.
If i use command
$ sudo chown -R root:root /*
it returns
sudo: effective uid is not 0, is sudo installed setuid root?
What should I do to fix that?
I am guessing when you ran the first command you also ended up modifying the ownership of the /usr/bin/sudo executable.
It is saying that effective UID isn't 0 (since root has EUID equal to 0).
So try to change owner of /usr/bin/sudo, and then try change the ownership of other files.
You broke your system pretty badly. Next time be more careful using sudo.
Now, start your system using a rescue disk, probably your install disk.
Mount your broken file system in the rescue system.
Fix the permission/owner stuff.
Reboot using your original system.
Depending on how much you changed using that chown, you will have to fix a lot in step 3. You probably might want to have a look at a working proper installation of the same system to find out which user should be the owner of things like /dev/mem etc.
A re-install of the OS might be faster.
:O I offer my condolence!
The problem is that the sudo binary itself must be owned by root. If you have the root password you could just get root to fix the problem:
su
If not, you could boot using a rescue system, mount the partition and
chown root:root /mnt/usr/bin/sudo
or fix the whole problem using the rescue system.
But it will be hard to fix all that ownerships. I would suggest to craft a script that reads the file ownerships from a vanilla installation of your system (having installed the same packages as you) and applies them to the crashed system. (Custom files in the /home/... you'll have to chown yourself) Without such a script it will get really hard but it should be easy to code that