[Solved] Decrypt files securely inside lxc container.

Hi, this is my first question, I've been using Arch for 5 years now, thanks for all your hard work!
I'm trying to setup an lxc container to securely view encrypted files(gpg keys encrypted with cryptsetup and a loopback device), I've done so already using cryptsetup, the only issue is that after I decrypt the device from inside the container, it is available from the host as /dev/mapper/name and I can mount it and view it's contents.
Is there any way to set cgroups to deny host and allow lxc container to access this device, maybe I can change /dev permissions so only root on host can access? I would prefer that not even root on host can access it but I know I'm asking too much, I can do this with qemu or other VMs but there is a lot of overhead.
If you happen to know of any way I can access files from inside lxc container but block access to host even if it is after mounting the device, I would like to hear you out.
I'm running an archlinux host and archlinux lxc container with grsecurity-pax enabled.
Feel free to ask any questions if it's not clear .
Thank you for your time, and kudos for your great work with this distro.
Last edited by freetoken (2014-09-18 07:57:46)

Progress!
$ ls -la /dev/mapper/name
lrwxrwxrwx 1 root root 7 Sep 16 09:21 /dev/mapper/name -> ../dm-0
$ ls -la /dev/dm-0
brw-rw---- 1 root disk 254, 0 Sep 16 09:21 /dev/dm-0
$ rm /dev/mapper/name
$ rm /dev/dm-0
voila!
The device is still there but it's not visible and user would need to have root permissions to run mknod and restore dm-0.
Also very interesting read about cgroups for anyone interested: https://www.kernel.org/doc/Documentatio … groups.txt
I'm wondering if there is any damage from doing this, since the data is backed up I guess I don't care too much and will test it for a while.
If anyone has any ideas or knows some cool feature I'm missing let me know.
Will mark as solved in 24 hours after more testing and in case something unexpected happens.

Similar Messages

  • [SOLVED] systemd 208 journald process CPU spike on LXC container start

    Hi,
    The problem is that whenever I start an LXC container, systemd-journald process goes on 100% CPU utilization and only stops when I stop the container.
    Setup details:
    % cat /var/lib/lxc/projects/config
    lxc.network.type = veth
    lxc.arch = x86_64
    lxc.utsname = projects
    lxc.network.link = virbr3
    lxc.network.flags = up
    lxc.network.ipv4 = 192.168.200.11
    lxc.rootfs = /mnt/lxc/projects
    lxc.pts = 1000
    lxc.autodev = 1
    lxc.cgroup.memory.limit_in_bytes = 256M
    The rootfs indicated is on a logical volume, /dev/mapper/virtual-projects.
    Details of journal when the spike happened:
    -- Logs begin at Sun 2013-08-04 07:19:25 IST. --
    Oct 05 09:03:30 core systemd[1]: Unit [email protected] entered failed state.
    Oct 05 09:03:30 core kernel: virbr3: port 2(vethl7BeWT) entered disabled state
    Oct 05 09:03:30 core kernel: device vethl7BeWT left promiscuous mode
    Oct 05 09:03:30 core kernel: virbr3: port 2(vethl7BeWT) entered disabled state
    Oct 05 09:03:31 core ntpd[813]: Deleting interface #13 vethl7BeWT, fe80::fcf2:f2ff:fea0:9473#123, interface stats: received=0, sent=0, dropped=0, active_time=11 secs
    Oct 05 09:03:31 core ntpd[813]: peers refreshed
    Oct 05 09:03:40 core dbus-daemon[533]: dbus[533]: [system] Activating via systemd: service name='org.freedesktop.ModemManager1' unit='dbus-org.freedesktop.ModemManager1.service'
    Oct 05 09:03:40 core dbus[533]: [system] Activating via systemd: service name='org.freedesktop.ModemManager1' unit='dbus-org.freedesktop.ModemManager1.service'
    Oct 05 09:03:40 core dbus[533]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.ModemManager1.service': Unit dbus-org.freedesktop.ModemManager1.service failed to load: No such file or directory.
    Oct 05 09:03:40 core dbus-daemon[533]: dbus[533]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.ModemManager1.service': Unit dbus-org.freedesktop.ModemManager1.service failed to load: No such file or directory.
    Oct 05 09:05:30 core systemd[1]: Starting Linux Container projects...
    Oct 05 09:05:30 core systemd[1]: Started Linux Container projects.
    Oct 05 09:05:30 core systemd-sysctl[4562]: Overwriting earlier assignment of kernel/sysrq in file '/etc/sysctl.d/zz-sysctl.conf'.
    Oct 05 09:05:30 core kernel: device vethmHU7wo entered promiscuous mode
    Oct 05 09:05:30 core kernel: IPv6: ADDRCONF(NETDEV_UP): vethmHU7wo: link is not ready
    Oct 05 09:05:30 core NetworkManager[521]: <warn> /sys/devices/virtual/net/vethSIUSbq: couldn't determine device driver; ignoring...
    Oct 05 09:05:30 core systemd-sysctl[4564]: Overwriting earlier assignment of kernel/sysrq in file '/etc/sysctl.d/zz-sysctl.conf'.
    Oct 05 09:05:30 core kernel: virbr3: topology change detected, propagating
    Oct 05 09:05:30 core kernel: virbr3: port 2(vethmHU7wo) entered forwarding state
    Oct 05 09:05:30 core kernel: virbr3: port 2(vethmHU7wo) entered forwarding state
    Oct 05 09:05:30 core kernel: virbr3: port 2(vethmHU7wo) entered disabled state
    Oct 05 09:05:30 core NetworkManager[521]: <warn> /sys/devices/virtual/net/vethmHU7wo: couldn't determine device driver; ignoring...
    Oct 05 09:05:30 core kernel: IPv6: ADDRCONF(NETDEV_CHANGE): vethmHU7wo: link becomes ready
    Oct 05 09:05:30 core kernel: virbr3: topology change detected, propagating
    Oct 05 09:05:30 core kernel: virbr3: port 2(vethmHU7wo) entered forwarding state
    Oct 05 09:05:30 core kernel: virbr3: port 2(vethmHU7wo) entered forwarding state
    Oct 05 09:05:30 core libvirtd[809]: nl_recv returned with error: No buffer space available
    Oct 05 09:05:30 core upowerd[660]: (upowerd:660): UPower-Linux-WARNING **: treating add event as change event on /org/freedesktop/UPower/devices/line_power_AC0
    Oct 05 09:05:30 core systemd-logind[516]: Watching system buttons on /dev/input/event3 (Power Button)
    Oct 05 09:05:30 core upowerd[660]: (upowerd:660): UPower-Linux-WARNING **: treating add event as change event on /org/freedesktop/UPower/devices/battery_BAT0
    Oct 05 09:05:30 core systemd-logind[516]: Watching system buttons on /dev/input/event5 (Video Bus)
    Oct 05 09:05:30 core systemd-logind[516]: Watching system buttons on /dev/input/event2 (Sleep Button)
    Oct 05 09:05:30 core systemd-logind[516]: Watching system buttons on /dev/input/event1 (Lid Switch)
    Oct 05 09:05:30 core systemd-logind[516]: Watching system buttons on /dev/input/event4 (Video Bus)
    Oct 05 09:05:30 core mtp-probe[4711]: checking bus 3, device 4: "/sys/devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.2"
    Oct 05 09:05:30 core mtp-probe[4712]: checking bus 3, device 5: "/sys/devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.4"
    Oct 05 09:05:30 core mtp-probe[4711]: bus: 3, device: 4 was not an MTP device
    Oct 05 09:05:30 core mtp-probe[4712]: bus: 3, device: 5 was not an MTP device
    Oct 05 09:05:30 core systemd-udevd[4561]: error opening ATTR{/sys/devices/pci0000:00/0000:00:1a.0/usb3/3-1/3-1.4/3-1.4:1.0/host6/scsi_host/host6/link_power_management_policy} for writing: No such file or directory
    Oct 05 09:05:32 core ntpd[813]: Listen normally on 14 vethmHU7wo fe80::fcf0:74ff:fe68:aade UDP 123
    Oct 05 09:05:32 core ntpd[813]: peers refreshed
    Oct 05 09:05:32 core ntpd[813]: new interface(s) found: waking up resolver
    Oct 05 09:05:40 core dbus-daemon[533]: dbus[533]: [system] Activating via systemd: service name='org.freedesktop.ModemManager1' unit='dbus-org.freedesktop.ModemManager1.service'
    Oct 05 09:05:40 core dbus[533]: [system] Activating via systemd: service name='org.freedesktop.ModemManager1' unit='dbus-org.freedesktop.ModemManager1.service'
    Oct 05 09:05:40 core dbus[533]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.ModemManager1.service': Unit dbus-org.freedesktop.ModemManager1.service failed to load: No such file or directory.
    Oct 05 09:05:40 core dbus-daemon[533]: dbus[533]: [system] Activation via systemd failed for unit 'dbus-org.freedesktop.ModemManager1.service': Unit dbus-org.freedesktop.ModemManager1.service failed to load: No such file or directory.
    Oct 05 09:06:15 core kernel: EXT4-fs (dm-10): re-mounted. Opts: commit=600
    Oct 05 09:06:15 core kernel: EXT4-fs (dm-12): re-mounted. Opts: acl,commit=600
    Oct 05 09:06:15 core kernel: EXT4-fs (dm-18): re-mounted. Opts: commit=600
    Oct 05 09:06:15 core kernel: EXT4-fs (sda1): re-mounted. Opts: commit=600
    Oct 05 09:06:16 core kernel: EXT4-fs (sda4): re-mounted. Opts: acl,commit=600
    Oct 05 09:06:21 core kernel: EXT4-fs (dm-10): re-mounted. Opts: commit=0
    Oct 05 09:06:21 core kernel: EXT4-fs (dm-12): re-mounted. Opts: acl,commit=0
    Oct 05 09:06:21 core kernel: EXT4-fs (dm-18): re-mounted. Opts: commit=0
    Oct 05 09:06:21 core kernel: EXT4-fs (sda1): re-mounted. Opts: commit=0
    Oct 05 09:06:28 core kernel: EXT4-fs (dm-10): re-mounted. Opts: commit=600
    Oct 05 09:06:28 core kernel: EXT4-fs (dm-12): re-mounted. Opts: acl,commit=600
    Oct 05 09:06:28 core kernel: EXT4-fs (dm-18): re-mounted. Opts: commit=600
    Oct 05 09:06:28 core kernel: EXT4-fs (sda1): re-mounted. Opts: commit=600
    Oct 05 09:06:28 core kernel: EXT4-fs (sda4): re-mounted. Opts: acl,commit=600
    Oct 05 09:06:31 core kernel: EXT4-fs (dm-10): re-mounted. Opts: commit=0
    Oct 05 09:06:31 core kernel: EXT4-fs (dm-12): re-mounted. Opts: acl,commit=0
    Oct 05 09:06:31 core kernel: EXT4-fs (dm-18): re-mounted. Opts: commit=0
    Oct 05 09:06:31 core kernel: EXT4-fs (sda1): re-mounted. Opts: commit=0
    Oct 05 09:06:38 core systemd[1]: Stopping Linux Container projects...
    Oct 05 09:06:38 core systemd[1]: [email protected]: main process exited, code=exited, status=137/n/a
    Oct 05 09:06:38 core systemd[1]: Stopped Linux Container projects.
    Oct 05 09:06:38 core systemd[1]: Unit [email protected] entered failed state.
    Oct 05 09:06:38 core kernel: virbr3: port 2(vethmHU7wo) entered disabled state
    Oct 05 09:06:38 core kernel: device vethmHU7wo left promiscuous mode
    Oct 05 09:06:38 core kernel: virbr3: port 2(vethmHU7wo) entered disabled state
    Oct 05 09:06:39 core ntpd[813]: Deleting interface #14 vethmHU7wo, fe80::fcf0:74ff:fe68:aade#123, interface stats: received=0, sent=0, dropped=0, active_time=67 secs
    Oct 05 09:06:39 core ntpd[813]: peers refreshed
    Nothing really leaps out to me.
    This only happens on Systemd-208. Rolling back to systemd-207 resolved the issue for now, but I can't help but wonder if I won't have this problem again on systemd-209 or whatever. Is there any additional configuration that I need to do in order to get LXC working properly with systemd 208+?
    Also, I don't know if this is relevant, but I got some filesystem permissions warnings on upgrading (and later downgrading) systemd.
    Last edited by railmaniac (2013-10-12 14:03:47)

    Some journal entries from the guest
    There's a bunch of these:
    ct 12 18:52:24 projects systemd-udevd[30]: Failed to apply ACL on /dev/dri/card0: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[38]: Failed to apply ACL on /dev/snd/hwC0D3: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[42]: Failed to apply ACL on /dev/snd/pcmC0D0c: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[37]: Failed to apply ACL on /dev/snd/hwC0D0: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[44]: Failed to apply ACL on /dev/snd/pcmC0D3p: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[43]: Failed to apply ACL on /dev/snd/pcmC0D0p: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[31]: Failed to apply ACL on /dev/snd/controlC0: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[35]: inotify_add_watch(7, /dev/sda, 10) failed: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[36]: Failed to apply ACL on /dev/sr0: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[34]: Failed to apply ACL on /dev/sg1: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[28]: Error, opening device '/dev/input/event12': No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[32]: Failed to apply ACL on /dev/video0: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[25]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[33]: Failed to apply ACL on /dev/kvm: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[29]: inotify_add_watch(7, /dev/sda1, 10) failed: No such file or directory
    Oct 12 18:52:24 projects systemd[1]: Listening on D-Bus System Message Bus Socket.
    Oct 12 18:52:24 projects systemd-udevd[30]: inotify_add_watch(7, /dev/sda2, 10) failed: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[27]: Failed to apply ACL on /dev/snd/timer: No such file or directory
    Oct 12 18:52:24 projects systemd[1]: Starting Sockets.
    Oct 12 18:52:24 projects systemd-udevd[35]: inotify_add_watch(7, /dev/sda4, 10) failed: No such file or directory
    Oct 12 18:52:24 projects systemd-udevd[31]: inotify_add_watch(7, /dev/sda3, 10) failed: No such file or directory
    And there's a bunch of these, which seems relevant since the logind part was changed in 208:
    Oct 12 18:52:24 projects systemd-logind[59]: New seat seat0.
    Oct 12 18:52:24 projects systemd[1]: Startup finished in 487ms.
    Oct 12 18:52:24 projects systemd-logind[59]: Failed to open event3: No such file or directory
    Oct 12 18:52:24 projects systemd-logind[59]: Failed to open event5: No such file or directory
    Oct 12 18:52:24 projects systemd-logind[59]: Failed to open event4: No such file or directory
    Oct 12 18:52:24 projects systemd-logind[59]: Failed to open event1: No such file or directory
    Oct 12 18:52:24 projects systemd-logind[59]: Failed to open event2: No such file or directory
    Oct 12 18:52:26 projects systemd-journal[64]: Permanent journal is using 87.6M (max 30.0M, leaving 1.1G of free 4.4G, current limit 30.0M).
    Oct 12 18:52:26 projects systemd-journal[64]: Journal started
    Oct 12 18:52:26 projects systemd[1]: systemd-journald.service: main process exited, code=exited, status=1/FAILURE
    Oct 12 18:52:26 projects systemd[1]: Unit systemd-journald.service entered failed state.
    Oct 12 18:52:26 projects systemd[1]: Starting Trigger Flushing of Journal to Persistent Storage...
    Oct 12 18:52:26 projects systemd[1]: Started Trigger Flushing of Journal to Persistent Storage.
    Hmm, just noticed it says systemd-journald exited with FAILURE. This is probably pretty informative to someone.

  • Open File - Security Warning box appears for several app on the desktop [solved]

    Hello,
    After googling around, I found why I get this warning, how it happens, how to manually fix it but I don't know how to prevent it.
    I got this warning when desktop integrity level drop to "low".
    Desktop integrity drop to "low" when launching IE (V9) with no network connection and the favorites folder has been redirected to a file server. If the favorites folder is not redirected, desktop integrity level remains the same.
    To fix it :
    icacls %\username%\desktop /setintegritylevel (OI)(CI)M
    But how can I prevent Windows (IE ?) from changing desktop integrity level ? I add the unc path of the file server hosting the favorites folders to the intranet zone to no avail.
    Thanks for your help.
    Chris

    Thanks for your reply.
    You never met this message, did you set folder redirection for your users ? Here you can find other people having this message
    http://www.lmgtfy.com/?q=open+file+security+warning+desktop+integrity+level
    I don't think process monitor or explorer will help because I already know the culprit : IE. If you read my message again, I need to tell IE : if the favorites folder is not accessible, don't modify my local desktop folder integrity level.
    Regards
    Chris

  • Why do I get a file security error when downloading itunes.

    I try to download itunes, but about halfway through an error messge comes up that says error with file security:get lasterror:5

    Hi lizz4321,
    A digital ID is made up of three components; a private key, a corresponding public key, and some identifying information. The keys themselves are pretty straight forward, they are just big blobs of numbers used to encrypt and decrypt data. It's the identifying information that gets a bit tricky. On first look, the identifying information looks like plain text. You'll see your name and the issuer's name, a serial number, some dates for when the validity starts and ends. All pretty straight forward.
    However, all of this information is actually formatted using something called ASN.1 (it stands for Abstract Syntax Notation) and then encoded using BER (Basic Encoding Rules). When someone creates a digital ID they can put just about anything in there. Per specifications (RFC 5280 if you wanted to look it up) some items are required, and others are optional. Each piece of information that goes into the public-key certificate (the PKC is basically the digital ID without the private key) is contained in an extension. These extensions are identified using an OID (Object ID) and conform to a specification which may either be public or confidential.
    There are two possibilities in the case you are seeing. Either, some of the information that Acrobat knows about was formatted or encoded incorrectly, or, there is an optional entry that Acrobat doesn't understand how to decode. My guess is it's the latter possibility. There is a rule that states if an extension is marked as critical, and the application using the public-key certificate (in this case the application would be Acrobat), doesn't understand the extension, then the application is supposed to reject the certificate. It could be the former case (badly formatted data), but without seeing the certificate all I can do is guess.
    Steve

  • UNABLE TO OPEN AN HYPERLINK INSIDE OF A WEB PDF FILE OPENED INSIDE OF IE 11

    Hello, We have gone to the website
    http://www.salonrenovationmaisonneuve.com/en/exposants
    and download the file to open Inside of IE. Once the file is open, none of the links either e-mail or web site works. However, if we open the same file Inside of Google Chrome, the links work. So, we want to know if we are missing something in IE or a plugin.
    The PDF file opens with no problem but the links are not enabled. The file works in an Apple Machine and Google Chrome. However, if we download the file physically inside of the computer and then open the file with Adobe Reader, the links all work! Any ideas
    how to solve this issue? Thanks Miguel Moreno
    Miguel A. Moreno Alfa Logos inc. Tel. 514-253-2548

    Any ideas how to solve this issue?
    Try using Protected Mode Off.  Then you will be at the same level of security that those other programs are running at.  You could also try elevating the iexplore.exe task.  That would turn off Protected Mode in that task automatically but then
    you would be running also with Administrator level authority which might be excessive.
    Robert Aldwinckle

  • Would like to recover my old Apple File Security password

    Hi,
    Here is a continuation of a prior problem. Several years ago I encrypted some Appleworks WP files using Apple File Security while using OS 9. I now have a fully functional Classic available on an iMac G5 (OS10.4.4) (thanx to forum respondants) and I have discovered that I must have used a different password to encrypt them than I thought I have always used for everything. Initially I didn’t care but actually they do represent some legal issues of the past that if it was feasible to recover the password for I would appreciate the opportunity. If this requires advanced skills forget it, I don’t have them and if there is illegality involved forget it since I have no desire to do that either. I have seen them in their encrypted format so I know they are there. Just obviously not readable. Thanx.
    iMac G5   Mac OS X (10.4.3)  

    Spock,
    Unfortunately, I don't know of any crack for resolving this. Files that come out of Apple File Security are actually encrypted and compressed. I have a feeling that the password used is actually used as the encryption key. This is rather than just a simple security barrier in the Mac OS to prevent access by Mac applications.
    I'd even hoped that as the documents are WP docs, a disk scanning program - or Terminal in Mac OSX - could rescue the contents, but as they're compressed, you've had it.
    If it was me and my files, I'd try to find out more about the compression and encryption algorithms used by Apple File Security in Mac OS 9 (and maybe Mac OS 8) documentation. And then try to force decryption using Unix tools on your whizzy new iMac, ie. trying every word in a dictionary between 5 and 8 letters as the password would take a few hours of CPU.
    A moot point if you know that your password choices are designed to specifically not appear in a dictionary, ie. contain numbers, etc.

  • Disable "Open File Security Warning"

    Hi whenever I try to open a file from the local hardrive I get the "Open File Security Warning" asking me whether I want to open the file or not. This is getting rather annoying. I searched online but everything I found seems to be dealing with network shares and I am not using that. Just a file on the local hard drive in the computer I am using to the right of me. I remember in my last install I turned it off somehow, but for the life of me I can't figure out how I did it. Anybody have any ideas? Or is this here to stay?

    Windows 7 - Launching unsafe files is in this path;
    IE -> Internet Options -> Security tab -> Custome Level -> Scroll down in Settings -> Look for radio button "Launching applications and unsafe files (not secure)".
    Don't know if it solves the problem or not but option is there.
    Great, on Windows 8 x64 this is an option I can find and set.
    It will generate a nasty warning in the system tray. And does not solve the problem:
    I have downloaded a warez archive and extracted it. The resulting .exe file is a wrapped program which will extract everything to my choosings. I've used it before. 
    When I try to run the program, all I get is: 
    Windows Security
    These files can't be opened
    Your internet security settings prevented one or more files from being opened. 
    Show details | Close
    I do not use IE, I use chrome. What is this strange behaviour?? :(
    Post-EDIT: I found this link with detailed steps for Windows 8, including screenshots.
    http://www.c-sharpcorner.com/UploadFile/e83792/how-to-disable-the-open-file-security-warning-in-windows-8/
    But this does not solve my particular problem :s
    ... Peace!
    Devvie
    ~~~ [email protected] ~~~
    Cuisvis hominis est errare, nullius nisi insipientis in errore persevare
    All spelling mistakes are my own and may only be distributed under the GNU General Public License! – (© 95-1 by Coredump; 2-013 by DevNullius)
    2nd POST-EDIT: I solved it with a little tool: streams! Read more here: http://scforum.info/index.php/topic,8543.msg22024.html#msg22024 and be done with this IE sheit. Who uses IE anyways and why is it important when I want to run a local file :| The future
    looks grimm :(

  • An IOException thrown when I try to upload a file to my blob container

    Hi all, when I using Java to upload a FLV to my free trial storage account, an IOException occurs, can anybody tell me what's the reason for this problem? and how to solve this problem?
    // Dependency in my project.
    <dependency>
        <groupId>com.microsoft.windowsazure</groupId>
        <artifactId>microsoft-windowsazure-api</artifactId>
        <version>0.4.4</version>
    </dependency>
    // The source code used for uploading a file.
    public static void upload(String containerName, File localFile, String blobAddressUri) throws URISyntaxException,
    StorageException, InvalidKeyException, FileNotFoundException, IOException {
    long startTime = System.currentTimeMillis();
    // Retrieve storage account from connection-string.
    CloudStorageAccount storageAccount = CloudStorageAccount.parse(STORAGE_CONNECTION_STRING);
    // Create the blob client.
    CloudBlobClient blobClient = storageAccount.createCloudBlobClient();
    // Get a reference to a container.
    // The container name must be lower case.
    CloudBlobContainer container = blobClient.getContainerReference(containerName);
    if (!container.exists()) {
    // Create the container if it does not exist.
    createContainer(containerName);
    // Create or override the "myvideo.avi" blob with contents from a local file.
    CloudBlockBlob blob = container.getBlockBlobReference(blobAddressUri);
    try {
    blob.upload(new FileInputStream(localFile), localFile.length());
    } catch (Exception e) {
    // Retry again 2 seconds later.
    try {
    Thread.sleep(2000L);
    } catch (InterruptedException ie) {
    // LOG.error("2秒后重试一次", ie);
    blob.upload(new FileInputStream(localFile), localFile.length());
    long endTime = System.currentTimeMillis();
    LOG.info("Uploaded file '{}' (length={}) to Azure, startTime={}, endTime={}, elpased={} ms", new Object[] {
    localFile.getAbsoluteFile(), localFile.length(), startTime, endTime, (endTime - startTime) });
    java.io.IOException
            at com.microsoft.windowsazure.services.core.storage.utils.Utility.initIOException(Utility.java:563)
            at com.microsoft.windowsazure.services.blob.client.BlobOutputStream$1.call(BlobOutputStream.java:377)
            at com.microsoft.windowsazure.services.blob.client.BlobOutputStream$1.call(BlobOutputStream.java:361)
            at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
            at java.util.concurrent.FutureTask.run(FutureTask.java:138)
            at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
            at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
            at java.util.concurrent.FutureTask.run(FutureTask.java:138)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
    Caused by: com.microsoft.windowsazure.services.core.storage.StorageException: The server encountered an unknown failure:
            at com.microsoft.windowsazure.services.core.storage.StorageException.translateException(StorageException.java:120)
            at com.microsoft.windowsazure.services.core.storage.utils.implementation.ExecutionEngine.executeWithRetry(ExecutionEngine.ja
    va:166)
            at com.microsoft.windowsazure.services.blob.client.CloudBlockBlob.uploadBlockInternal(CloudBlockBlob.java:645)
            at com.microsoft.windowsazure.services.blob.client.CloudBlockBlob.uploadBlock(CloudBlockBlob.java:582)
            at com.microsoft.windowsazure.services.blob.client.BlobOutputStream$1.call(BlobOutputStream.java:365)
            ... 9 more
    Caused by: java.io.IOException: Error writing to server
            at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:578)
            at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:590)
            at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1193)
            at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:379)
            at com.microsoft.windowsazure.services.core.storage.utils.implementation.ExecutionEngine.processRequest(ExecutionEngine.java
    :332)
            at com.microsoft.windowsazure.services.blob.client.CloudBlockBlob$3.execute(CloudBlockBlob.java:633)
            at com.microsoft.windowsazure.services.blob.client.CloudBlockBlob$3.execute(CloudBlockBlob.java:613)
            at com.microsoft.windowsazure.services.core.storage.utils.implementation.ExecutionEngine.executeWithRetry(ExecutionEngine.ja
    va:112)
            ... 12 more

    Hi I am also getting the same IO Exception error.
    15/01/07 09:07:13 INFO mapreduce.Job: Task Id : attempt_1420542176512_0075_m_000234_0, Status : FAILED
    Error: java.io.IOException
                    at com.microsoft.windowsazure.storage.core.Utility.initIOException(Utility.java:493)
                    at com.microsoft.windowsazure.storage.blob.BlobOutputStream$1.call(BlobOutputStream.java:370)
                    at com.microsoft.windowsazure.storage.blob.BlobOutputStream$1.call(BlobOutputStream.java:354)
                    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
                    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
                    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
                    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
                    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
                    at java.lang.Thread.run(Thread.java:745)
    Caused by: com.microsoft.windowsazure.storage.StorageException: The server encountered an unknown failure:
                    at com.microsoft.windowsazure.storage.StorageException.translateException(StorageException.java:179)
                    at com.microsoft.windowsazure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:266)
                    at com.microsoft.windowsazure.storage.blob.CloudBlockBlob.uploadBlockInternal(CloudBlockBlob.java:717)
                    at com.microsoft.windowsazure.storage.blob.CloudBlockBlob.uploadBlock(CloudBlockBlob.java:688)
                    at com.microsoft.windowsazure.storage.blob.BlobOutputStream$1.call(BlobOutputStream.java:358)
                    ... 7 more
    Caused by: java.io.IOException: Error writing to server
                    at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:625)
                    at sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:637)
                    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1321)
                    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
                    at com.microsoft.windowsazure.storage.core.ExecutionEngine.executeWithRetry(ExecutionEngine.java:176)
                    ... 10 more
    Please Help

  • IllegalStateException: ADFv: Not inside a container

    When accessing our UI application from multiple client sessions(browsers), we often get this exception while collapsing/expanding tree nodes. The issue happens only when we add new children to the node. Any idea what this exception is?
    [2009-10-07T04:25:12.312-07:00] [AdminServer] [WARNING] [ADF_FACES-00009] [oracle.adf.view.rich.component.fragment.UIXRegion] [tid: [ACTIVE].ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 0000IGiji9r37E7TrIaASY1An6lJ00006Z,0] [APP: oam_admin] [arg: /lhp/lhp.jsff] [arg: /oracle/am/security/taskflows/navigationtree/leftpane/Lhp.jsff] [arg: /oracle/am/security/taskflows/navigationtree/leftpane/Lhp.jsff] Error processing viewId: /lhp/lhp.jsff URI: /oracle/am/security/taskflows/navigationtree/leftpane/Lhp.jsff actual-URI: /oracle/am/security/taskflows/navigationtree/leftpane/Lhp.jsff.[[
    java.lang.IllegalStateException: ADFv: Not inside a container.
    at oracle.adfinternal.view.faces.model.binding.FacesCtrlHierBinding$FacesModel.exitContainer(FacesCtrlHierBinding.java:672)
    at oracle.adfinternal.view.faces.model.FlattenedTreeCollectionModel.getRowIndex(FlattenedTreeCollectionModel.java:109)
    owIndex(FlattenedTreeCollectionModel.java:109)
    at oracle.adfinternal.view.faces.renderkit.rich.TreeRendererUtils$1.getRowIndex(TreeRendererUtils.java:552)
    at oracle.adfinternal.view.faces.renderkit.rich.TreeRenderer._handleRowDelete(TreeRenderer.java:1171)
    at oracle.adfinternal.view.faces.renderkit.rich.TreeRenderer._handleDataFetch(TreeRenderer.java:989)
    at oracle.adfinternal.view.faces.renderkit.rich.TreeRenderer.encodeAll(TreeRenderer.java:231)
    at oracle.adf.view.rich.render.RichRenderer.encodeAll(RichRenderer.java:1369)
    at org.apache.myfaces.trinidad.render.CoreRenderer.encodeEnd(CoreRenderer.java:335)
    at org.apache.myfaces.trinidad.component.UIXComponentBase.encodeEnd(UIXComponentBase.java:751)
    at org.apache.myfaces.trinidad.component.UIXCollection.encodeEnd(UIXCollection.java:527)
    at org.apache.myfaces.trinidad.render.CoreRenderer.encodeChild(CoreRenderer.java:415)

    Hello! Take a look at this thread
    Recursive tree issue
    This may help

  • LXC Container login on host tty

    I want create a full system lxc container with a gui and log in to it on one of the host's tty (using CTRL+ALT+Fn). I have set up lxc as per the wiki and I can login into container (its debian sid) and ssh into it and install software. What I'm having trouble doing is getting it to present a login at the host tty. I'm trying to set this up for F7 since that is not used by systemd. Has anybody been able to do this?
    My config file:
    # Template used to create this container: /usr/share/lxc/templates/lxc-debian
    # Parameters passed to the template:
    # For additional config options, please look at lxc.container.conf(5)
    # lxc.network.type = empty
    lxc.rootfs = /var/lib/lxc/Mycont/rootfs
    # Common configuration
    lxc.include = /usr/share/lxc/config/debian.common.conf
    # Container specific configuration
    lxc.utsname = Mycont
    lxc.arch = amd64
    lxc.tty = 3
    lxc.cap.drop = mknod
    lxc.pts = 1024
    lxc.kmsg = 0
    lxc.autodev = 1
    #networking
    lxc.network.type=veth
    lxc.network.link=br0
    lxc.network.ipv4=10.0.0.100
    lxc.network.ipv4.gateway=10.0.0.1
    lxc.network.flags=up
    lxc.network.name=enp3s0
    lxc.network.mtu=1500
    #cgroups
    lxc.cgroup.devices.deny = a # Deny all access to devices
    lxc.cgroup.devices.allow = c 1:3 rwm # dev/null
    lxc.cgroup.devices.allow = c 1:5 rwm # dev/zero
    lxc.cgroup.devices.allow = c 5:1 rwm # dev/console
    lxc.cgroup.devices.allow = c 5:0 rwm # dev/tty
    #lxc.cgroup.devices.allow = c 4:0 rwm # dev/tty0
    lxc.cgroup.devices.allow = c 4:7 rwm # dev/tty7
    lxc.cgroup.devices.allow = c 1:9 rwm # dev/urandom
    lxc.cgroup.devices.allow = c 1:8 rwm # dev/random
    lxc.cgroup.devices.allow = c 136:* rwm # dev/pts/*
    lxc.cgroup.devices.allow = c 5:2 rwm # dev/pts/ptmx
    tty setup in the container's rootfs/dev/
    crw-rw-rw- 1 root tty 5, 0 Jan 14 01:03 tty
    crw------- 1 root tty 4, 0 Jan 14 01:03 tty0
    crw-r--r-- 1 root root 4, 1 Mar 2 14:26 tty1
    crw-r--r-- 1 root root 4, 2 Mar 2 14:26 tty2
    crw-r--r-- 1 root root 4, 3 Mar 2 14:26 tty3
    crw-r--r-- 1 root root 4, 4 Mar 2 14:26 tty4
    crw-r--r-- 1 root root 4, 7 Mar 3 15:34 tty7
    tty setp in the container /dev when its running:
    crw-rw-rw- 1 root root 5, 0 Mar 4 18:52 tty
    crw--w---- 1 root tty 136, 0 Mar 4 18:52 tty1
    crw--w---- 1 root tty 136, 1 Mar 4 18:52 tty2
    crw--w---- 1 root tty 136, 2 Mar 4 18:52 tty3
    crw-rw-rw- 1 root root 1, 9 Mar 4 18:52 urandom
    note that tty7 is not created in the running container's /dev even though it is in the container's rootfs/dev
    thanks

    Hi yjdabear,  Thank you for your replies. I do have logging history set to level 4.  I am still not seeing traps generated even using the 'syslog method' for the login failures.  here is a snipit of my logging
    Syslog logging: enabled (0 messages dropped, 1102 messages rate-limited, 0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level debugging, 277317 messages logged, xml disabled,
    filtering disabled
    Monitor logging: level debugging, 139 messages logged, xml disabled,
    filtering disabled
    Buffer logging: level debugging, 278418 messages logged, xml disabled,
    filtering disabled
    Exception Logging: size (8192 bytes)
    Count and timestamp logging messages: disabled
    Trap logging: level debugging, 278388 message lines logged
    Logging to , 278388 message lines logged, xml disabled,
    filtering disabled
    switch#show logging history
    Syslog History Table:1 maximum table entries,
    saving level warnings or higher
    4417 messages ignored, 0 dropped, 0 recursion drops
    273892 table entries flushed
    SNMP notifications enabled, 52 notifications sent
    entry number 273893 : LINK-3-UPDOWN
    Interface GigabitEthernet7/19, changed state to up
    timestamp: 883868674

  • How can i locate the properties files within a ejb container?

    when i develop servlet+javabean structure application,in order to imploement decoupling,i
    would like to write the config information in the properties files(key-value pair),in
    servlet,i use "getResourceAsStream(String relativePath)" method to retrieve the
    configuration information from the properties files(i even write the SQL clause
    in the files),it alwsys works well.
    now,i want to implement such function within the ejb container,that is to read
    a properties file from session bean,but i don't know how can i locate the file
    within the ejb container by using relative path,i wonder if there is the same
    method within ejb container as "getResourceAsStream(.......)" method within servlet
    container?
    thanks for any helps!
    the code snippet is appreciated!

    In general, you should look at using environment entries (variables) in the
    deployment descriptors (both the war and EJB jar rather than properties
    files for configuring J2EE applications. The reasons for this are many:
    1. This is the official way to do it according to the spec. Properties
    files are the J2SE way of doing things
    2. As you note, that it's not obvious how you would (legally) read a
    properties file inside an EJB.
    3. It's consistent between the web and EJB part of your code
    4. the weblogic console and tools have good capabilities to edit these
    fields.
    Kent
    "zhebincong" <[email protected]> wrote in message
    news:[email protected]..
    >
    when i develop servlet+javabean structure application,in order toimploement decoupling,i
    would like to write the config information in the propertiesfiles(key-value pair),in
    servlet,i use "getResourceAsStream(String relativePath)" method toretrieve the
    configuration information from the properties files(i even write the SQLclause
    in the files),it alwsys works well.
    now,i want to implement such function within the ejb container,that is toread
    a properties file from session bean,but i don't know how can i locate thefile
    within the ejb container by using relative path,i wonder if there is thesame
    method within ejb container as "getResourceAsStream(.......)" methodwithin servlet
    container?
    thanks for any helps!
    the code snippet is appreciated!

  • How to get list of jar files loaded by servlet container.

    Hi,
    I need to display in my servlet program about the list of jar files loaded by servlet container. Does it vary for each servlet container or is it same. Where can I get those details.
    I need to write code to support tomcat 4x, iplanet 5.0 and websphere 6.0.
    Thanks & Regards,
    Nasrin.N

    For curious, here are output prints for all 3 methods:
    1) parsing system property
    2) tschodt
    3) overcast SystemClassLoader to URLClassLoader
    /home/espinosa/workspace/jboss_embedded_test1/target/test-classes
    /home/espinosa/workspace/jboss_embedded_test1/target/classes
    /opt/javalibs/javax/ejb/ejb-api/3.0/ejb-api-3.0.jar
    /opt/javalibs/javax/jms/jms/1.1/jms-1.1.jar
    /opt/javalibs/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
    package com.sun.org.apache.xerces.internal.impl.validation, Java Platform API Specification, version 1.6
    package com.thoughtworks.qdox.directorywalker
    package com.sun.org.apache.xerces.internal.parsers, Java Platform API Specification, version 1.6
    package java.util.jar, Java Platform API Specification, version 1.6
    package org.testng.internal.thread
    package com.sun.org.apache.xerces.internal.util, Java Platform API Specification, version 1.6
    package java.net, Java Platform API Specification, version 1.6
    package sun.reflect.misc, Java Platform API Specification, version 1.6
    package esp.ejb.samples1.test
    package sun.security.provider, Java Platform API Specification, version 1.
    file:/home/espinosa/workspace/jboss_embedded_test1/target/test-classes/
    file:/home/espinosa/workspace/jboss_embedded_test1/target/classes/
    file:/opt/javalibs/javax/ejb/ejb-api/3.0/ejb-api-3.0.jar
    file:/opt/javalibs/javax/jms/jms/1.1/jms-1.1.jar
    file:/opt/javalibs/javax/annotation/jsr250-api/1.0/jsr250-api-1.0.jar
    ...Interestingly, method 1 and 3 gives the same list, same order, same count, just format of item is a little bit different. The order is same as in Eclipse .classpath file.
    Method 2 (tschodt) give significantly more items! rougly 3x! Different order (somewhat random it seems to me). Some items contain extra information, like version and string "Java Platform API Specification".
    It prints not absolute paths but logical Java names.

  • Encrypted document using Apple File Security won't open

    Back in 2000 I was using an iMac G3 with OS 9. I created a MS word document with MS 2000 and encrypted it using the Apple File Security. Since then I have upgraded to an iMac G5 with OS 10.4 and OS 9 for older applications.
    Since this is a legal document, I now need to decrypt it and I am not sure if I used a password to encrypt this document. I have opened up the key chain in OS 9 and, I don't see any saved passwords. I have opened up MS Word and don't see anything about a password for this application. When I open up the encrypted document it shows it to be over 300 pages, and when I select "Get Info" it shows that this document is unlocked, but I see on the desktop the document with a yellow key symbol.
    Is this a locked document? Why does it ask me for a password when I don't see any password in the key chain? What does the yellow key symbol mean?
    I really need to decrypt this document and their are a lot of programs that will decrypt a word document but you have to be running Windows and not OS X or 9.
    Can any one give me any suggestions on how I can decrypt this word document that was encrypted with Apple File Security.
    Thanks,
    DaisyMay

    Open Apple File Security and use it to decompress or decrypt the file. Any item can be encrypted with Apple File Security, and no other application will decrypt that format; the mechanism isn't the same as used in some Word versions. The Locked setting in the Get Info window controls something else. A password doesn't need to be stored in the keychain to be applied to an encrypted item; the file itself stores the encrypted password.
    (48403)

  • How to create an automatic decrypt file

    Hi,
    I try to create an automatic decrypt file, that 's mean :
    I want to send to a user a jar that wrappe the application (which decrypt) and the file parameter.
    The user must need only to enter a password to launch the application for decrypting the file.
    Is it possible with java.
    Many thanks for your help.
    Lokmane.

    Make a text file containing the line:
    Main-Class: myMain
    Where you replace myMain with the name of your program. (Full package name if you need it. ie mypackage.myMain)
    then execute the command
    jar -cfm prog.jar textfile *.class
    or
    jar -cfm prog.jar textfile package/
    if your program is packaged. You must be above the package directory to do the second one.

  • Memory does not get released after encrypting/ decrypting files.

    I am using javax.crypto package to encypt/decrypt files but the problem is that once a big file (around 100- 700 mb) is encrypted there is spike in memory of 70 Mb (first time) and whole of this memory is not released after execution is finished. I have kept my application run for days but this memory do not come down.
    Interesting thing is if I encrpyt/ decrypt the same file again and again the memory do not rise by 70 Mb, but for first 3-4 iterations 5-8 Mb of memory is released in each iteration and after that memory starts increasing again in chunk of 2-5 Mb and after few iteration some memory get released but in all the memory always increases. The code to encrypt file is simple
    Cipher c = Cipher.getInstance("AES/CBC/PKCS5Padding");
    byte[] salt = generateRandomBytes(16);
    Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("123456", salt, 1000);
    SecretKey key = new SecretKeySpec(rfc.getBytes(32), "AES");
    c.init(Cipher.ENCRYPT_MODE, key );
    FileOutputStream fos = new FileOutputStream(encryptedFile);
    CipherOutputStream cos = new CipherOutputStream(fos);
    FileInputStream fis = new FileInputStream(largeInputFile);
    int len = 0;
    byte[] buf = new byte[1024 * 128];
    while((len = fis.read(buf)) != -1) {
       cos.write(buf, 0, len);
    cos.close();
    fis.close();
    This is simple observation I have seen in my program:
    I am using Windows 7 64 bit with 16 GB RAM Intel Core 2 Duo 3.00 GHz and file encrypted was 700 MB size
    Explanation
    Memory Usage (As shown in Windows Task Manager Private Working Set column)
    When program starts
    9924 K
    After first iteration of encryption
    81,180 K
    Second Iteration
    78,254 K
    3 Iteration
    74,614 K
    4 Iteration
    69,523 K
    5 Iteration
    72,256 K
    6 Iteration
    70,152 K
    7 Iteration
    83,327 K
    8 Iteration
    85,613 K
    9 Iteration
    95,124 K
    10 Iteration
    92,698 K
    11 Iteration
    94,670 K
    I kept the iteration on for 2000 iteration, the same pattern was observed and at the end memory usage 184,951 K, this memory was not released after calling System.gc() also.
    What could be the possible problem, is it the CipherOutputStream or Cipher class having some memory leak or I am doing something wrong here?

    ash wrote:
    We are using WebLogic Server 7.0 runing on Solaris 2.7.
    We are experiencing a problem where the memory does not seem to be released after
    the application has been shut down.What do you mean by "application has been shut down"? Is the server
    process running or not? Is it a zombie?
    The
    Unix 'top' command reports that memory has not been reclaimed by the O/S. What exactly has it reported? If the process is gone, then I'm pretty
    sure your O/S has reclaimed the memory. What exactly are you looking at
    in top?
    -- Rob
    > Continue
    restarting it will forces us to reboot the server as there will be more and more
    memory lost when restarting the WebLogic.
    Advice to fix the problem is much appreciated. Thanks.

Maybe you are looking for

  • Method Not Found Invoke Node error 1316 using Solid Works IEdm

    Hi Forum members, I have been having a problem with calling a function in a dll file.  I have attached the VI as example.  When I use the GetFile method I get a reference to that.  I then use the Invoke node and recieve a list of methods, the first o

  • Delete records from internal table using another internal table

    HI, I have two internal tables itab1 and itab2 which have same records initially.Later some records of itab2 are deleted .Then i want to delete those records from itab1 also ie,those records not found in itab2 .Is there any method other than looping.

  • Anyone manage to get ColdFusion to work under Apache on OS X 10.10 Yosemite?

    Hi all I'm having great difficulty getting ColdFusion10 to work under Apache with OS X 10.10 Yosemite. Here is a description of what I've faced and a little of what I've done to solve my problem Problem 1 Apache httpd.conf file gets messed up Solutio

  • IDOC Types

    Hi all,   can anyone let me know the difference between the 4 IDOC type MATMAS01 MATMAS02 MATMAS03 MATMAS04 Regards Simin.R

  • IOS 4 Rebooting after 10-15 mins

    wonder how many people are having the problem with their iphone rebooting every 10-15 mins or during games after upgrading to iOS 4? Is it just me not seeing the solution properly or is it just as simple as just letting itunes be able to let u downgr