CAP_DAC_OVERRIDE usage in Samba on SELinux enabled systems

Anoop C SLeave a comment

Most of us might have heard about capabilities from POSIX world in general. They are normally associated with processes with the purpose of performing permission checks. Traditionally in UNIX processes are either run as privileged or unprivileged. Privileged process are those with superuser power which can bypass permission checks imposed by the kernel. These privileges can further be fine grained into distinct units, known as capabilities, which can then be independently enabled or disabled on a per-thread basis. Following are some among the many capabilities available on Linux:

  • CAP_AUDIT_CONTROL
  • CAP_CHECKPOINT_RESTORE
  • CAP_CHOWN
  • CAP_DAC_OVERRIDE
  • CAP_FOWNER
  • CAP_KILL
  • CAP_LINUX_IMMUTABLE

You can find more details on all available capabilities from manual page for capabilities(7). But we rather focus on CAP_DAC_OVERRIDE.

DAC, DAC override and CAP_DAC_OVERRIDE

Read More »

Tracing “Curl error (6): getaddrinfo() thread failed to start” error with systemd seccomp filters

Anoop C SLeave a comment

You might be wondering on what are we going to discuss in this article as it is most likely the case that you are seeing the error for the first time. But I found it very interesting, especially the whole debugging process I followed to figure out the actual root cause triggering above error. Going forward there are few software and command-line utilities that I mention to explain the context in detail. I have managed to provide hyperlinks to manual pages or websites for those utilities/terminologies I find may be useful for readers to go through and familiarize themselves with more insights.

Preamble

Read More »

Stepping in to the world of containers with Samba

Anoop C SLeave a comment

Container is not at all a new technology these days within global software community. There has been a time when people were discussing a lot about containers and its future applications. But it is not the case now as they are an integral part of modern hybrid cloud infrastructure. The core of this article may not be on containers and related technologies rather a report on my learning curve as a newbie in bringing Samba in to containers. Samba? Yes, it is a free software implementation of SMB protocol providing file and print services capable of integrating with Windows server domain as a Domain Controller or as a domain member. You can grab more details from Samba project page. Last but not the least, readers are expected to have basic knowledge on containers, Dockerfile etc as explaining those are not my intention here in this article.

Read More »