From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on sa.local.altlinux.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Virus-Scanned: amavisd-new at rosalinux.ru To: devel@lists.altlinux.org References: <3a76e0b2-059c-036f-d732-f4867a71018f@rosalinux.ru> <20200418142344.GA8584@alexnuc> From: Mikhail Novosyolov Message-ID: <284386a0-c81c-d81b-98fe-d3a46ca5aa86@rosalinux.ru> Date: Sat, 18 Apr 2020 18:37:55 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.7.0 MIME-Version: 1.0 In-Reply-To: <20200418142344.GA8584@alexnuc> Content-Type: text/plain; charset=koi8-r Content-Language: ru-RU Content-Transfer-Encoding: quoted-printable Subject: Re: [devel] =?utf-8?b?0J/QvtC90LjQttC10L3QuNC1INC/0YDQsNCyINGBIHJv?= =?utf-8?b?b3Qg0L3QtSDRgNCw0LHQvtGC0LDQtdGCINCyIGFsdC1wOC1yb290ZnMtc3lz?= =?utf-8?q?temd?= X-BeenThere: devel@lists.altlinux.org X-Mailman-Version: 2.1.12 Precedence: list Reply-To: ALT Linux Team development discussions List-Id: ALT Linux Team development discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Apr 2020 15:38:17 -0000 Archived-At: List-Archive: List-Post: 18.04.2020 17:23, Alexey Sheplyakov =D0=C9=DB=C5=D4: > On Sat, Apr 18, 2020 at 05:12:52PM +0300, Mikhail Novosyolov wrote: >> =F3=C4=C5=CC=C1=CC chroot =CE=C1 =CF=D3=CE=CF=D7=C5 http://ftp.altlinu= x.org/pub/distributions/ALTLinux/images/p8/cloud/alt-p8-rootfs-systemd-x8= 6_64.tar.xz >> >> =F3=CF=DA=C4=C1=CC =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D1 (useradd --uid= 1000 user) >> >> =CE=CF =CE=C5 =CD=CF=C7=D5 =D7=CF=CA=D4=C9 =D0=CF=C4 =DC=D4=C9=CD =D0=CF= =CC=D8=DA=CF=D7=C1=D4=C5=CC=C5=CD: >> >> [root@pay2 /]# su - user >> su: exec failed >> >> [root@pay2 /]# strace -f su - user -c /bin/bash 2>&1 | grep bin/bash >> execve("/bin/su", ["su", "-", "user", "-c", "/bin/bash"], 0x7ffccf65b4= a8 /* 30 vars */) =3D 0 >> [pid 37104] execve("/bin/bash", ["-bash", "-c", "/bin/bash"], 0x12fa9a= 0 /* 17 vars */) =3D -1 EAGAIN (=F2=C5=D3=D5=D2=D3 =D7=D2=C5=CD=C5=CE=CE=CF= =CE=C5=C4=CF=D3=D4=D5=D0=C5=CE) >> >> [root@pay2 /]# sudo -u user -i >> -bash: fork: =F2=C5=D3=D5=D2=D3 =D7=D2=C5=CD=C5=CE=CE=CF =CE=C5=C4=CF=D3= =D4=D5=D0=C5=CE >> -bash-3.2$ ls >> -bash: fork: =F2=C5=D3=D5=D2=D3 =D7=D2=C5=CD=C5=CE=CE=CF =CE=C5=C4=CF=D3= =D4=D5=D0=C5=CE >> >> =EB=C1=CB =D4=C1=CB=CF=C5 =CD=CF=D6=C5=D4 =C2=D9=D4=D8?! > ulimit -a > > =EC=C9=CD=C9=D4 =CE=C1 =DE=C9=D3=CC=CF =D0=D2=CF=C3=C5=D3=D3=CF=D7 (=CE= =C1 =D3=C1=CD=CF=CD =C4=C5=CC=C5 -- =D0=CF=D4=CF=CB=CF=D7) =DA=C1=DE=C5=CD= -=D4=CF =D7=D9=D3=D4=C1=D7=CC=C5=CE =D7 512. > =E5=D3=CC=C9 =D5 =F7=C1=D3 =D7 =C8=CF=D3=D4 =D3=C9=D3=D4=C5=CD=C5 =D5=D6= =C5 =C5=D3=D4=D8 =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=D8 =D3 UID 1000, =C9, = =CE=C1=D0=D2=C9=CD=C5=D2, > =DA=C1=D0=D5=DD=C5=CE firefox =D3 100+ =D7=CB=CC=C1=C4=CF=CB, desktop e= nvironment, =C9 =D4.=D0., =D4=CF =DB=C1=CE=D3=CF=D7 > =D7=D0=C9=D3=C1=D4=D8=D3=D1 =DC=D4=CF=D4 =D6=CC=CF=C2=D3=CB=C9=CA^W =D3= =CB=D5=C4=CE=D9=CA =CC=C9=CD=C9=D4 =CB=D2=C1=CA=CE=C5 =CD=C1=CC=CF. =F0=D2= =C9=CD=C5=D2. > > $ ps -T -u `whoami` |wc -l > 806 > > =E8=D2=C1=CE=D1=D4=D3=D1 =DC=D4=C9 =CE=C1=D3=D4=D2=CF=CA=CB=C9 =D7 /etc= /security/limits.conf (=C9 =C5=DD=C5 =D7 =CB=C1=CB=CF=CD-=D4=CF =CD=C5=D3= =D4=C5). =EE=C5. =E4=C5=CC=CF =CE=C5 =D7 ulimit. =F7 =D3=CF=D3=C5=C4=CE=C5=CD =CB=CF= =CE=D4=C5=CA=CE=C5=D2=C5 =D3 =DA=C1=D0=D5=D3=CB=CF=CD =CF=D4 UID=3D1000 =CE= =C5=D4 =D0=D2=CF=C2=CC=C5=CD. =FC=D4=CF =C9=CD=C5=CE=CE=CF =D7 =CB=CF=CE=D4= =C5=CA=CE=C5=D2=C5 =DE=D4=CF-=D4=CF =CE=C5 =D4=CF.