xanvincent

Members
  • Content Count

    32
  • Joined

  • Last visited

Community Reputation

7 Neutral

About xanvincent

  • Rank
    Newbie
  • Birthday 01/28/1989

Converted

  • Gender
    Male
  • Personal Text
    UNRAID 6.5.1-rc6

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I just wanted to say that this is the best feature-set of a major release I've seen in a long time. You guys managed to pack in a lot of community requested items and we love to see it. Great work!
  2. Have you tried restarting the docker service (settings -> docker -> enable docker set to no)?
  3. I had the same issue. I changed my unraid's DNS server to 1.1.1.1 and 1.0.0.1 and it works fine now.
  4. Is the Adguard Home container working? Console doesn't work (just a black screen) and WebGUI doesn't load. I don't see anything created in the conf directory either.
  5. Can you get it to boot successfully with no USB peripherals attached? I'd imagine you'd need to use the Solaris x86 version and force the CPU to one of the supported Intel ones (like Westmere). EDIT: I recall from my sysadmin days that Solaris x86 was hot garbage, can you use something more modern like Illumos or Open Indiana?
  6. You need to add the following to your /etc/security/limits.conf (in your debian VM): * soft memlock <number> * hard memlock <number> <number> can also be "unlimited", which is the default unraid setting.
  7. 1) That's beta software, don't expect it to be stable or use it on a system with data you care about losing. 2) You should post this bug with relevant diagnostics to the bug report forum (prereleases).
  8. You will never see 3000 Mbps on wifi 6 (ax) devices today. That's just marketing wank (they add all the 5GHz and 2.4GHz bands together, devices don't work that way). Fastest wifi6 speeds I've seen real-world was ~700Mbps, and that was achieved 5 ft away from the AP. Assuming your server doesn't sit next to your AP, there are other APs in your area (interference) and you have multiple other wifi devices on your network, you're gonna see a drop in that 700 number real fast. Wireless connections are also unreliable, dropped packets are pretty common, meaning data has to be resent, slowing your ov
  9. The best security is provided by the most abstraction. I'd spin up a full VM to do any external forwarding instead of Docker containers. unRAID is always advertised to be not internet-facing so keep that in mind.
  10. The PGID and PUID commands map to an internal user (abc) within the container that runs and owns files for whatever app. Root still exists there (in the container) and that's the problem. Root id in container = root id outside of container. Implementing userns is THE fix for this security concern but has to be implemented at the command line when the container is run.
  11. My number one request as well. I would like Unraid to catch up to modern distros here and maybe we could even start recommending it to SMBes as an alternative to FreeNAS and OMV. PS I can definitely help with implementing a few of these. I just would like to use a better solution than running a script at boot to do it.
  12. Based on what I know about LinuxServer.io's docker containers, this simply maps the internal user of the docker (abc?) to the specified UID and GID. AFAIK, this does not affect the root user in the container. It would also only apply to LSIO containers. If someone knows different, feel free to correct me. I believe the only way to change the root user mapping (that is needed for interfacing with the host's resources) is with namespaces ie. --userns-remap USER.
  13. It is definitely possible to break out of containers. This was 'recently' exploited successfully per CVE-2019-5736: https://www.twistlock.com/labs-blog/breaking-docker-via-runc-explaining-cve-2019-5736/ This was more a vulnerability of runC, not docker itself. It was, of course, patched some time after the CVE was identified. The point to using namespaces here is, if an exploit like the above is used on a container you're making available to the world, you want to minimize damage to the host system. With namespaces implemented, even if you escaped as root,
  14. @Eadword: I have a thread opened for Docker Isolation with no replies, but you should add Linux namespaces / subuids for Docker to your list, as well as not using root and 777 permissions everywhere in the OS would be some good changes. It's been this way for a long time, I doubt it will change because unraid has always been a "don't expose to outside world" kind of distro for a long time.