Code: Select all
# pupradio
/usr/local/pupradio/pupradio: line 108: /root/.pupradio/config: No such file or directory
Code: Select all
# pupradio
/usr/local/pupradio/pupradio: line 108: /root/.pupradio/config: No such file or directory
But I did have snapshots, both for the main system and for snapshots), above and beyond the first boot backup that the system automatically creates. I'll recheck after I've downloaded and cleanly installed 0.9.4 as it might have been a consequence of other things/tests made before trying out the rollback. Wondering if it might be consequence of using frugal (to HDD) installation - we'll see.BarryK wrote: rufwoof,
A quick note about "Rollback to last snapshot" in the boot menu. if you haven't made any actual snapshots, then rollback will be to the very first automatically-created snapshot, which is repositories/easy-0.9.4/rw-0.9.4.sfs, which has nothing in it -- meaning that at bootup it will be same as a pristine first-time bootup.
Thanks, fixed.rufwoof wrote:Hi BarryThere's another bug in the containers code Barry. Add a sfs to a container such as ff.sfs using the container manager, and its recorded in the container configuration file as EASY_LAYER_RO1=ff.sfs-*.sfs ... and doesn't get picked up/used.I found a couple of bugs in
I entered the password to enable encryption.Billtoo wrote: I have Firefox and Lxterminal running in a container, I have cmus
playing a radio station in the lxterminal container, is it secure?
Securer perhaps. But subject to if a flaw exists in the additional code added to provide such features, alongside how those programs are used.entered the password to enable encryption.
I changed the root password.
I put firefox and lxterminal in a container.
I run cmus in the lxterminal container.
So I ask you again @Barry, is it secure???
Code: Select all
#!/bin/sh
MOUNTS="$(busybox mount 2>/dev/null)"
if [ "$(echo "$MOUNTS" | grep '/proc ')" == "" ];then
busybox mount -t proc proc /proc
MOUNTS="$(busybox mount)"
fi
[ "$(echo "$MOUNTS" | grep '/shm ')" == "" ] && busybox mount -t tmpfs shmfs /dev/shm
[ "$(echo "$MOUNTS" | grep '/pts ')" == "" ] && busybox mount -t devpts -o newinstance devpts /dev/pts
[ "$(echo "$MOUNTS" | grep '/sys ')" == "" ] && busybox mount -t sysfs none /sys
EXE="$1"; shift
ARGS=''
[ $1 ] && while [ "$1" ]; do ARGS="$ARGS \"$1\""; shift; done #put quotes around each argument.
#delgroup tty
delgroup scanner
delgroup disk
#delgroup audio
delgroup lp
delgroup dialout
delgroup kmem
#delgroup video
delgroup floppy
delgroup cdrom
delgroup tape
delgroup plugdev
delgroup lpadmin
delgroup shutdown
delgroup crontab
delgroup bluetooth
ADDITIONALS="cap_fsetid,cap_setgid,cap_setuid,cap_linux_immutable,cap_net_bind_service"
ADDITIONALS="$ADDITIONALS,cap_net_broadcast,cap_net_raw,cap_ipc_lock,cap_ipc_owner"
ADDITIONALS="$ADDITIONALS,cap_sys_rawio,cap_sys_pacct,cap_lease,cap_audit_write"
ADDITIONALS="$ADDITIONALS,cap_audit_control,cap_mac_override,cap_mac_admin,cap_syslog"
ADDITIONALS="$ADDITIONALS,cap_wake_alarm,cap_block_suspend,cap_audit_read+ep"
if [ "$EC_CAP_DROP" ];then #180427
capsh --drop=${EC_CAP_DROP},${ADDITIONALS} -- -c "${EXE} ${ARGS}"
else
${EXE} ${ARGS}
fi
There is no such thing as "secure"Billtoo wrote:I entered the password to enable encryption.Billtoo wrote: I have Firefox and Lxterminal running in a container, I have cmus
playing a radio station in the lxterminal container, is it secure?
I changed the root password.
I put firefox and lxterminal in a container.
I run cmus in the lxterminal container.
So I ask you again @Barry, is it secure???
Yes.rufwoof wrote:The intent of Containers/Easy is to make things securer. Personally I only run rover inside containers, and add additional capsh'ing on top of what Barry currently capsh's. To the extent that when I run Firefox60 as a heavily restricted rover userid and where even root access is significantly crippled inside the container it feels considerably right shifted security wise (more secure).
OR! Just don't have the main system auto logging in and running as "root". It's common nowadays to have root login totally disabled, and instead have a userid that has root like permissions/authority. That way you have to know both the userid and the password - so more protective. Which would simplify things such as file copying/permissions between the main system and a container ... root-like userid outside of container, heavily restricted userid inside container, but the same userid/file owner name inside and outside of containers. That way and there's no need for "Zeus", as that would be "root", but if Rex (adopting Cu Chulinux's suggestion) is pretty much as good as root anyway outside of a container !!!BarryK wrote:I was thinking of naming this super-root "xeus", who was the king of the Greek gods. Unless there is a suitable doggy name...