I was asked, what is the correct way to drop privileges in Linux.
So here is a list of things I usually do, when implementing unprivileged sub process:
fork
in some cases you would also want to do these:
clear the environment(leave only the required variables)
close all file descriptors(except the ones you need)
clear memory regions that are [...]
If you need to SNAT local processes over a specific interface(for example a tunnel) there are a few things you have to do and this artical describes the required steps.
= Sysctls =
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
More specific, you need to disable the rp_filter over the interface you are receiving the traffic. For tunnels this usually is [...]
At the office we have this joke, that the shortest program, that produces “Segmentation fault” is:
$ echo Segmentation fault (core dumped)
Segmentation fault (core dumped)
We had this joke, after a collegue of ours debugged that exact program for 20min, before he realized that it actually printed sefgault
However, one of the collegues decided to challenge [...]
My new expensive toy just came to life
localhost#show version
Arista DCS-7050QX-32-F
Hardware version: 02.11
Serial number: JPE1523XXXX
System MAC address: 001c.73XX.XXXX
Software image version: 4.14.5FX.2
Architecture: i386
Internal build version: 4.14.5FX.2-2328441.4145FX2
Internal build ID: 5f369972-3e94-403c-aee9-dd4cfba34d46
Uptime: [...]
If you want to do A/B split testing with nginx, you usually are directed to the split clients module.
However, most of us don’t have this module compiled into their nginx installations and this usually results in using our code to do the actual A/B spliting.
Here is how you can do that, without the addition of [...]
I’m using bird on my routers for a few years now, and every time I setup a new router I add these shell functions to help me monitor and debug network issues:
function bgp_states {
for i in $(birdc show protocols|sed ’s/\s\+/|/g’|grep BGP); do
a=(${i//|/ })
[...]
I was featured at PerlAdvent calendar 2016 with my article about controlling Linux Containers with Perl
The PerlAdvent calendar is a very nice way to countdown the days till Christmas
Bird’s memory usage with 8 BGP sessions (6 of which full BGP tables):
root@sfgw:~# birdc show memory
BIRD 1.5.0 ready.
BIRD memory usage
Routing tables: 160 MB
Route attributes: 136 MB
ROA tables: 112 B
Protocols: 68 kB
Total: [...]
I finally decided to request full BGP tables from all of my ISPs, so I can easily change the preferred path to certain destinations.
However this meant that now I have to monitor both the state of the BGP sessions, but also the amount of routes that I receive from my neighbors.
Before my days with full [...]
Since I started using Linux::Unshare after I created my Linux::Setns I found that unshare was missing a few tests.
I added them and sent a patch to the current maintainer Boris Sukholitko. However a few days later he wrote to me that he is no longer maintaining the module and proposed that I should take over [...]
