store | blogs | forums | twitter | facebook | wiki | mailing lists | downloads | support portal
Atomic Secure Linux
It is currently Mon Apr 21, 2014 4:27 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 8 posts ] 
Author Message
 Post subject: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 1:13 pm 
Offline
Forum User
Forum User

Joined: Thu Feb 26, 2009 6:50 pm
Posts: 39
Hi folks,

I have a client who backs up to Jungle Disk and although they have other servers running ASL and Jungle Disk without a problem we have a new server which despite having a very vanilla configuration doesn't seem to allow the jungle disk server process to run properly. The /var/log/messages log file contains the following when I start the service...

Dec 21 17:09:34 london03 kernel: junglediskserve[15973]: segfault at 48 ip a5b9496e sp bfcba0d0 error 4 in libpthread-2.5.so[a5b8e000+15000]
Dec 21 17:09:34 london03 kernel: grsec: From 88.xx.xx.xx: Segmentation fault occurred at 00000048 in /usr/local/bin/junglediskserver[junglediskserve:15973] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0
Dec 21 17:09:34 london03 kernel: grsec: From 88.xx.xx.xx: denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0 for /usr/local/bin/junglediskserver[junglediskserve:15973] uid/euid:0/0 gid/egid:0/0, parent /sbin/init[init:1] uid/euid:0/0 gid/egid:0/0

Now I can see that this is because there is a segfault but I want to make sure that this is a problem with JD before submitting a ticket to them. Any ideas or thoughts?

The ip address is the one I am SSH'd to the box from.

Cheers

George


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 6:40 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
I recently had a problem with CouchDB not starting on the ASL kernel. I got nothing more than a "denied resource overstep by requesting 4096 for RLIMIT_CORE against limit 0" message in /var/log/messages. It turned out that I needed to run execstack -c on the Erlang beam.smp binary. Because RWXMAP_LOGGING is disabled by default I wasn't seeing the "denied RWX mmap" message, which would have helped finding the cause. See here for the thread: viewtopic.php?f=3&t=5601

So, you could try enabling RWXMAP_LOGGING in /etc/asl/config, run 'asl -s -f' and check /var/log/messages again after trying to start the program.

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 7:00 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Keep in mind if your kernel is locked, to turn on rwx logging will also require a reboot.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 7:12 pm 
Offline
Forum User
Forum User

Joined: Thu Feb 26, 2009 6:50 pm
Posts: 39
Ah ok, so after changing the default of RWXMAP_LOGGING=no to yes but without rebooting there's no change.

I'll need to schedule a reboot of the machine which should be easier over the holidays.

Thanks for the suggestion breun, and thanks for clarifying mike


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 7:27 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Sat Aug 20, 2005 9:30 am
Posts: 2812
Location: The Netherlands
I believe you'll also need to run 'asl -s -f'. (Mike, correct me if I'm wrong.)

So:

1. Change the setting in /etc/asl/config
2. Run 'asl -s -f'
3. Reboot

(Steps 1 and 2 could probably be replaced by changing the setting via the ASL web interface if you have that installed and prefer using a GUI.)

_________________
Lemonbit Internet Dedicated Server Management


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Wed Dec 21, 2011 7:36 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 3548
Location: Chantilly, VA
Yep, always run "asl -s -f" after you make any config changes. That sets the changes in the security policy.

_________________
Michael Shinn
Atomicorp - Security For Everyone

Co-Author of Troubleshooting Linux Firewalls.


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Thu Dec 22, 2011 9:56 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7779
Location: earth
And you have to reboot because the kernel was already locked at S99.


Top
 Profile  
 
 Post subject: Re: Jungle Disk
Unread postPosted: Fri Jan 20, 2012 8:27 am 
Offline
Forum User
Forum User

Joined: Thu Feb 26, 2009 6:50 pm
Posts: 39
Finally got round to rebooting this machine today - all seemed to do the trick! Thanks chaps.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 8 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group