You can subscribe to this list here.
2005 |
Jan
|
Feb
|
Mar
|
Apr
(9) |
May
(6) |
Jun
(3) |
Jul
(15) |
Aug
(8) |
Sep
(4) |
Oct
|
Nov
(3) |
Dec
(3) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2006 |
Jan
(8) |
Feb
(3) |
Mar
(2) |
Apr
(1) |
May
(3) |
Jun
(2) |
Jul
(4) |
Aug
(3) |
Sep
|
Oct
(7) |
Nov
(2) |
Dec
(19) |
2007 |
Jan
(7) |
Feb
(4) |
Mar
(1) |
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(2) |
2009 |
Jan
|
Feb
|
Mar
|
Apr
(3) |
May
|
Jun
(2) |
Jul
(2) |
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
2011 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
From: Tassel D. <dav...@le...> - 2011-06-01 13:01:03
|
Hello, I try to use trustees with a kernel 2.6.32 amd64 Is there a problem with the site git://git.aeruder.net ? It was OK few days ago but I can't access it today Thanks in advance Regards David |
From: Andrew R. <ae...@ks...> - 2009-07-26 01:44:12
|
And to follow up even further, the git repository now contains up to 2.6.31-rc4 (latest release) having passed the testsuite. Let me know if you hit problems. On Fri, Jul 24, 2009 at 8:47 AM, Andrew Ruder<ae...@ks...> wrote: > Just to follow up on this. I got trustees 2.6.27 and 2.6.28 (and all > branches merged). I tested out 2.6.27-rc1 (and it works against the > testsuite). 2.6.29-rc1 gave me a few problems but I'll test that one > tonight. (and after that I'm guessing 2.6.29 will all be merged > without a problem). The first rc of any given kernel always has huge > changes that break the trustees code... > > -- > Andrew Ruder <an...@ae...> > http://www.aeruder.net > -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <ae...@ks...> - 2009-07-24 16:12:00
|
Just to follow up on this. I got trustees 2.6.27 and 2.6.28 (and all branches merged). I tested out 2.6.27-rc1 (and it works against the testsuite). 2.6.29-rc1 gave me a few problems but I'll test that one tonight. (and after that I'm guessing 2.6.29 will all be merged without a problem). The first rc of any given kernel always has huge changes that break the trustees code... -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <ae...@ks...> - 2009-06-29 19:37:53
|
> Assuming Today 6/2009: > 1. Whats the Status of Trustees in Linux Today? Is it part of the > official Linux Kernel? or is it just "a patch" ? Nope, and unfortunately I doubt it ever will be. I haven't pursued it, but the selinux guys tend to view the LSM (Linux Security Module) API as the LSM (Linux SeLinux Module) API. Not to mention the fact that this patch tends to (ab)use the LSM API in ways it wasn't really intended to be used AND it effectively disables POSIX ACLs. > 2. whats the recent developing activities on linux trustees ? I try to keep it up to date, as you've maybe noticed the most recently supported kernel is 2.6.26.8. In general keeping it up to date on the minor versions (the 'y' in 2.6.x.y) is very easy whereas keeping it up to date on the major versions (the 'x' in 2.6.x.y) is a pain in the rear generally. I need to go through my e-mail because someone sent me a patch for 2.6.27 and it just needs to be tested. My apologies to the author of that e-mail. After that, pretty much 2.6.27.y will all be supported and perhaps 2.6.28 will go easily too... > 3. has trustees been contributed/send in to the linux kernel.org thingy > yet ? is there a chance to become official part/support of the kernel? I haven't pushed for it to be included because as I mentioned it won't be. It completely rewrites how unix permissions work and in general the security framework is only there to *limit* users, not add additional rights. In general, git makes it very simple for me to maintain a fork though. > 4. are there any prepared debian packages for Debian Lenny (repositories) ? Not that I know of... but if you can compile a debian kernel package, I can definitely help with the process of using the trustees-kernel.git repository for generating a patch that will probably apply to the debian kernel package. > 5. are ther any known new filesystem permission/security features in the > current or next-version kernel that might replace linux trustees or ACLs > in a "better way" ? Not that I know of... POSIX ACLs suck for this and unix permissions in general suck for centralizing your permission scheme. Trustees lets you put your entire permission scheme in a file in /etc and use it for your entire system. POSIX ACLs and unix permissions make you apply the permissions to every individual file. > 6. Did someone test linux trustees with current nfs and samba version? > or more specific: are there any known problems with that ? Nope, although I suppose I'm more in the position to test that nowadays than I used to be (having multiple machines helps! :)). If you have a particular scenario you'd like me to test, describe it for me. -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Axel W. <ma...@aw...> - 2009-06-26 08:27:58
|
Hi there anybody... im all new to this trustee mailing list thingy, just read nearly all pages about trustee 4 linux and got a bit confused. all i found here is a pretty low activity and it seems lots of "old" news and documentations. So as an old netware guy, id like to ask you devs what is the status quo of linux trustees ? Would u please give me/us a short report of whats going on here and what will propably happen in future? Assuming Today 6/2009: 1. Whats the Status of Trustees in Linux Today? Is it part of the official Linux Kernel? or is it just "a patch" ? 2. whats the recent developing activities on linux trustees ? 3. has trustees been contributed/send in to the linux kernel.org thingy yet ? is there a chance to become official part/support of the kernel? 4. are there any prepared debian packages for Debian Lenny (repositories) ? 5. are ther any known new filesystem permission/security features in the current or next-version kernel that might replace linux trustees or ACLs in a "better way" ? 6. Did someone test linux trustees with current nfs and samba version? or more specific: are there any known problems with that ? well.. THANK YOU for any Information provided and Word done! But as an simple Linux User and the lack of news/docs on linux trustee project im pretty much lost but curious about whats going on here. best regards Axel Werner |
From: Tassel D. <dav...@vi...> - 2009-04-22 14:50:23
|
Here it is. -----Message d'origine----- De : Andrew Ruder [mailto:an...@ae...] Envoyé : mercredi 22 avril 2009 15:38 À : Tassel David Cc : tru...@li... Objet : Re: [trustees] Problem for compiling 2.6.26 kernel with Trustees ACL Could you attach your .config file? On Wed, Apr 22, 2009 at 2:52 AM, Tassel David <dav...@vi...> wrote: > Hello, > > I followed your instructions to download with git and compile a 2.6.26 > kernel with Trustees ACL but I had errors "multiple definition" like this > one : > > ... > security/commoncap.o: In function `cap_inode_removexattr': (.text+0x6e5): > multiple definition of `cap_inode_removexattr' > security/trustees/built-in.o:(.text+0x1e55): first defined here > make[2]: *** [security/built-in.o] Erreur 1 > make[1]: *** [security] Erreur 2 > make[1]: quittant le répertoire « /usr/src/linux-2.6.26 » > make: *** [debian/stamp/build/kernel] Erreur 2 > > I compiled the kernel using make-kpkg. I used a Debian Lenny .config file. I > could compile this kernel without the Trustees ACL option but I couldn't > with the option. > > Do I forgot something ? > > Thanks in advance > > Regards > > David > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > trustees-general mailing list > tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustees-general > > -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2009-04-22 14:08:00
|
Could you attach your .config file? On Wed, Apr 22, 2009 at 2:52 AM, Tassel David <dav...@vi...> wrote: > Hello, > > I followed your instructions to download with git and compile a 2.6.26 > kernel with Trustees ACL but I had errors "multiple definition" like this > one : > > ... > security/commoncap.o: In function `cap_inode_removexattr': (.text+0x6e5): > multiple definition of `cap_inode_removexattr' > security/trustees/built-in.o:(.text+0x1e55): first defined here > make[2]: *** [security/built-in.o] Erreur 1 > make[1]: *** [security] Erreur 2 > make[1]: quittant le répertoire « /usr/src/linux-2.6.26 » > make: *** [debian/stamp/build/kernel] Erreur 2 > > I compiled the kernel using make-kpkg. I used a Debian Lenny .config file. I > could compile this kernel without the Trustees ACL option but I couldn't > with the option. > > Do I forgot something ? > > Thanks in advance > > Regards > > David > > > ------------------------------------------------------------------------------ > Stay on top of everything new and different, both inside and > around Java (TM) technology - register by April 22, and save > $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. > 300 plus technical and hands-on sessions. Register today. > Use priority code J9JMT32. http://p.sf.net/sfu/p > _______________________________________________ > trustees-general mailing list > tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustees-general > > -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Tassel D. <dav...@vi...> - 2009-04-22 10:21:58
|
Hello, I followed your instructions to download with git and compile a 2.6.26 kernel with Trustees ACL but I had errors "multiple definition" like this one : ... security/commoncap.o: In function `cap_inode_removexattr': (.text+0x6e5): multiple definition of `cap_inode_removexattr' security/trustees/built-in.o:(.text+0x1e55): first defined here make[2]: *** [security/built-in.o] Erreur 1 make[1]: *** [security] Erreur 2 make[1]: quittant le répertoire « /usr/src/linux-2.6.26 » make: *** [debian/stamp/build/kernel] Erreur 2 I compiled the kernel using make-kpkg. I used a Debian Lenny .config file. I could compile this kernel without the Trustees ACL option but I couldn't with the option. Do I forgot something ? Thanks in advance Regards David |
From: Andrew R. <an...@ae...> - 2007-12-27 08:34:59
|
Hey all, You may (or probably not) have noticed that the trustees git repository has suddenly lost its module/ directory. This is due to a big change in how trustees is developed. Up until a couple days ago, trustees was distributed as a single repository containing the settrustees tool, a minor patch, and a module that compiled externally to the main linux source tree. This method of development worked well for a long time, that is, until 2.6.24-rc1. A commit for 2.6.24-rc1 made the API's I use to make trustees work unavailable to modules. Trustees would now have to be compiled *into* your kernel. If you've ever thought patches were a pain to apply, they're even more of a pain to maintain so I've gone with what is hopefully a better method. Since linux itself is developed with git and git is very distributed in nature, it is very easy to maintain a fork of the full linux kernel while merging in new changes as new kernels are released. So as of this point on, trustees will be distributed via two repositories. One repository will hold the linux kernel code with the changes for trustees incorporated. You can build this source code directly like any other kernel. Trustees will show up in the make menuconfig like any other kernel option. If you are using a custom kernel, you can pretty easily extract a patch to apply to your custom kernel. The new README in your trustees.git repository should fill you in on any details on getting going with the new setup. This is available online at: http://gitweb.aeruder.net/?p=trustees.git;a=blob_plain;f=README;hb=HEAD I'm going to plead with people to please use the method described in the document to clone the trustees kernel repository. It is a little complicated, but it pushes 98% of the bandwidth off onto kernel.org which would be a good thing for my current hosting situation. If the README is unclear or you can't figure something out, please send an email to this list to let me know. I'm not much of a documentation writer, but let me know if you have issues, and I'll do my best at fixing the docs. Thanks all, Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2007-12-07 04:03:22
|
Well all, I've been putting in some good time/code into trustees the last few weeks. I've cleaned up the code quite a bit, especially the hashing code which has always been unstable (although I think I HAD finally stabilized it) and messy. I also put together a testsuite which works pretty well, and has enabled me to find and track down other bugs. In fact, on the experimental branch, I'd just put up a fix (not ready for use yet) a few weeks ago for the last real remaining security issue related to nested trustees (a security issue that has been around since the first trustees). I had been doing all my work against 2.6.23. Tonight, I had just upgraded my kernel to 2.6.24-rc4 only to find that commit: commit 20510f2f4e2dabb0ff6c13901807627ec9452f98 Author: James Morris <jm...@na...> Date: Tue Oct 16 23:31:32 2007 -0700 security: Convert LSM into a static interface In short, the Linux Security Module(LSM) API is no longer available for kernel modules. This is *bad*. I have a strong suspicion that there is no chance trustees will ever make it into the mainline kernel due to its complete disregard for standard unix permissions, the ACL system, and in some ways it abuses the spirit of the LSM API (LSM was intended to take rights away for the most part, not grant them). So there's really only a handful of options here. a.) target an older kernel b.) maintain a full git fork of the kernel (this makes the maintenance burden much higher, although would be the road to mainline kernel acceptance, which IMO won't ever happen). This also potentially makes it much more difficult to get trustees going against distro-supplied kernel source. c.) ??? I'm pretty much out of ideas. Thoughts on what any of you would prefer? Cheers, Andy P.S. This could be much worse, the selinux guys are keen on them becoming the *only* LSM project. In fact, I believe there was a big push from them a few months ago to actually *remove* LSM and put just selinux in its place. As a person on #kernelnewbies said just a few minutes ago as I was asking for suggestions regarding this dilemma: 21:44 < zakalwe> right now an army of redhat and nsa employees are mobilising to smack your idea into oblivion. you better be wearing a flame proof suit. -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2007-06-12 04:01:13
|
Sorry if people got this two times, I never saw it come through... Hey all, I've spent the last few weeks familiarizing myself with git with the idea it would lend itself a bit more to trying to maintain trustees against several different kernel revisions. For now, I'm only doing 2.6.21, but hopefully on future kernel releases I will maintain separate branches for multiple stable kernels. I'll let you know more about that when 2.6.22 comes out I guess. :) Important changes in the git repository (more about accessing git below): * trustees bumped for kernel 2.6.21 trustees will no longer build on older kernel revisions, sorry, unless someone has some compelling reason not to use 2.6.21... * trusteesfs removed in favor of securityfs securityfs is a builtin filesystem that was made for security modules, it allowed me to remove some code and you no longer have to mount/unmount your trusteesfs to unload/reload the trustees module. You will need to add something like this to your /etc/fstab: none /sys/kernel/security securityfs defaults 0 0 When trustees is loaded, it will create /sys/kernel/security/trustees and associated files. * Added NEWS file This will include the major changes like dropping of securityfs from now on. If you see this file being updated, there's a good chance you should take a look at it. * Removed -t option on settrustees If settrustees can't automagically determine your securityfs mount, let me know. I've got some ideas for making a good testsuite that'll test various trustees configurations, I'll play with that more later on and let you know when its committed. ======== How to access the git repository ======== Firstly, get git installed. I would *very* highly recommend installing at *least* git 1.5, you can't go wrong with the latest 1.5.2.1 or even the git repository of git itself. Get this at http://git.or.cz Afterwards: * Clone the repository git clone git://git.aeruder.net/trustees.git At this point, you have the *full* trustees repository. Your copy of trustees.git has all the development history, so feel free to do things like 'git log', or 'git blame', or otherwise. * Pull additional changes git pull origin This is somewhat analogous to 'svn update' That should sum up the very very basics for what is needed to stay up to date with the latest trustees. There is some good tutorials and user manuals at http://git.or.cz or you can send me questions (on list) if you run into some git problems related to trustees. ======= Grabbing a trustees snapshot ======= These are available from the web interface at: http://gitweb.aeruder.net/?p=trustees.git;a=summary This is the URL you'd use for a tar.gz snapshot of the latest trustees: http://gitweb.aeruder.net/?p=trustees.git;a=snapshot;h=HEAD ======= I would appreciate it if some people could do a bit of testing against the new trustees, I need to do more testing myself, but at first glance it appears that everything is working alright. If there are problems, revert to the svn repository or do a: git checkout 8c97c92e in your cloned git repository. Thanks all, Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2007-06-10 20:55:44
|
Hey all, I've spent the last few weeks familiarizing myself with git with the idea it would lend itself a bit more to trying to maintain trustees against several different kernel revisions. For now, I'm only doing 2.6.21, but hopefully on future kernel releases I will maintain separate branches for multiple stable kernels. I'll let you know more about that when 2.6.22 comes out I guess. :) Important changes in the git repository (more about accessing git below): * trustees bumped for kernel 2.6.21 trustees will no longer build on older kernel revisions, sorry, unless someone has some compelling reason not to use 2.6.21... * trusteesfs removed in favor of securityfs securityfs is a builtin filesystem that was made for security modules, it allowed me to remove some code and you no longer have to mount/unmount your trusteesfs to unload/reload the trustees module. You will need to add something like this to your /etc/fstab: none /sys/kernel/security securityfs defaults 0 0 When trustees is loaded, it will create /sys/kernel/security/trustees and associated files. * Added NEWS file This will include the major changes like dropping of securityfs from now on. If you see this file being updated, there's a good chance you should take a look at it. * Removed -t option on settrustees If settrustees can't automagically determine your securityfs mount, let me know. I've got some ideas for making a good testsuite that'll test various trustees configurations, I'll play with that more later on and let you know when its committed. ======== How to access the git repository ======== Firstly, get git installed. I would *very* highly recommend installing at *least* git 1.5, you can't go wrong with the latest 1.5.2.1 or even the git repository of git itself. Get this at http://git.or.cz Afterwards: * Clone the repository git clone git://git.aeruder.net/trustees.git At this point, you have the *full* trustees repository. Your copy of trustees.git has all the development history, so feel free to do things like 'git log', or 'git blame', or otherwise. * Pull additional changes git pull origin This is somewhat analogous to 'svn update' That should sum up the very very basics for what is needed to stay up to date with the latest trustees. There is some good tutorials and user manuals at http://git.or.cz or you can send me questions (on list) if you run into some git problems related to trustees. ======= Grabbing a trustees snapshot ======= These are available from the web interface at: http://gitweb.aeruder.net/?p=trustees.git;a=summary This is the URL you'd use for a tar.gz snapshot of the latest trustees: http://gitweb.aeruder.net/?p=trustees.git;a=snapshot;h=HEAD ======= I would appreciate it if some people could do a bit of testing against the new trustees, I need to do more testing myself, but at first glance it appears that everything is working alright. If there are problems, revert to the svn repository or do a: git checkout 8c97c92e in your cloned git repository. Thanks all, Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2007-03-13 05:07:31
|
Noah, I am CC'ing this to the mailing list so others can be informed about the recent commits. On Mon, Feb 12, 2007 at 04:45:56PM -0800, Noah Baker wrote: > 1. Limited Number of Hash Elements Issue: > Solution: Use vmalloc. In order for Trustees to use more than 10000 hash > elements, we've switched from using kmalloc/kfree to vmalloc/vfree for hash > elements. We've not been able to find any performance hit due to this > change. Would you have any reason to caution against this approach? I've > included our patch in this email: trustees-vmalloc.patch The only issue with vmalloc/vfree was locking issues (ensuring that no locks are held while the vmalloc is performed) other than that, thank you very much for the suggestion, and I have incorporated the changes to the subversion. > 2. Hash Memory Management Without Complete Rebuild Issue: > Issue: Frequent dynamic permission changes caused internal permission > lists to grow without bound eventually crashing the server. Due to the user > load, it's impractical for us to delete all trustees and fully rebuild the > hash everytime a change is needed. We were using the 'clear' permission bit > and successive calls to settrustees to achieve this effect. For example: > [/dev/hda3]/mnt/path:user:CRBXEW # unset permissions > [/dev/hda3]/mnt/path:user:RBXE # set new permissions > > Even though we do a complete hash rebuild nightly, this issue still came up > once every 3 or 4 months. > > Solution: We've added code to settrustees allowing it to send the > previously unutilised TRUSTEES_COMMAND_REMOVE command to Trustees, telling > it to remove a complete element from the hash (including all permissions > associated with the element). Our implementation of the REMOVE command > involves prefixing trustee lines with a minus sign. Any users/permissions > on the line are ignored (the entire hash element is removed). > > Valid (& equivalent) lines: > -[/dev/hda3]/mnt/path:user:RBXE > -[/dev/hda3]/mnt/path: > > Attempting to remove a non-existent hash element makes settrustees bail > out, but REMOVEs are handled on the same pass as ADDs, making things like > this work as expected: > > [/dev/hda3]/mnt/path:user:W > -[/dev/hda3]/mnt/path: > [/dev/hda3]/mnt/path:user:W:user2:R > -[/dev/hda3]/mnt/path: > [/dev/hda3]/mnt/path:user:RBXE:user2:R > > Implementing this feature exposed an error in hash reconstruction when > removing elements. Even though it seems like free_hash_element sets the > hash element's status to DELETED, detailed debug output suggested that this > was not taking place. Adding the following in funcs.c fixed hash > reconstruction: > > (In case our line numbers don't line up with those currently in svn, this > is in the TRUSTEES_COMMAND_REMOVE case block) > @@ -661,6 +661,7 @@ int trustees_process_command(const struc > goto unlk; > } > free_hash_element(*e); > + e->usage = TRUSTEE_HASH_ELEMENT_DELETED; > trustee_hash_deleted++; > free_trustee_name(&name); > r = 0; > > I've included the patch we use for this functionality: > trustees-remove-command.patch > > I'd be interested in hearing your opinion about this remove functionality, > and whether or not you think it might be worth including in Trustees in > some form. I wonder how and why the REMOVE & REPLACE commands were > originally implemented, given that they are not currently used. I've included some of the functionality to settrustees to not have to always reparse the file in the case that there are case-insensitive filesystems so the possibility of having deltaified submissions to the kernel can be correct on those filesystems. I'm still debating how to best handle removing/replacing trustees. The -[] syntax DOES work pretty well for something more along the lines of being piped in, but perhaps it'd be better to just have a: settrustees --reset-dir [/dev/hda]:/blah which removes the permissions on [/dev/hda]:/blah and then parses the config file for any entries that are on that directory and that directory alone. What do you think? Perhaps some others on the list have some suggestions for the mechanism to remove trustees on a directory or manage trustees without having to clear/reset them every time. > Another note about our in-house Trustees development. I've started work on > a test suite for Trustees. It is written in Perl; I call it Testees. > Unfortunately, it is quite rudimentary, useful only for testing trustees on > a large scale and torture testing. It creates a configurable number of > temporary users & n x m directory structures, creates random trustee > permission files (you can specify what percentage of available targets to > assign trustees to), then verifies permissions on all available targets in > its sandbox, based on the applicable trustees. It's useful, but it doesn't > do what would be most useful, verifying that Trustees is behaving correctly > based on its configuration file. I can't stress enough that the code is > debug quality and incomplete, but I'd be happy to send it along if you > think it might be useful. I didn't include it in this email because it's > somewhat sizable (2000 lines or so). If you'd be willing to include it in an email to me and were OK with me adding it to the repository, I'd be happy to include it in the trustees and hopefully I/you/someone could later add support for making it a full testsuite. To everyone else, I've also made several recent commits that overhaul the settrustees code and the kernel/userspace communication code, my limited tests show that it works fine, but there may still be issues. In any case, the hash rebuild bug has been squashed. - Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: David T. <Dav...@vi...> - 2007-02-13 07:23:46
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type"> <title></title> </head> <body bgcolor="#ffffff" text="#000000"> Andrew Ruder a écrit : <blockquote cite="mid...@bo...der" type="cite"> <pre wrap="">On Mon, Feb 05, 2007 at 01:21:54PM +0100, David Tassel wrote: </pre> <blockquote type="cite"> <pre wrap="">Hello, I have had a problem with trustees for 2.6.18 kernel : The server crashed when I executed "settrustees -D". This problem occured when the program settrustees has rebuilt its hash (message : "Rebuilding trustee hash, oldsize: 32, newsize 64"). I temporarily solved the problem changing "TRUSTEE_INITIAL_HASH_SIZE" from 32 to 1024 in .../include/trustees_private.h If someone could find a better solution ... Now, I will try to make trustees compatible with bind9 using "trustees & capabilities together - ugly hack - From: Kamil Kaczkowski" I hope that trustees will not be forgiven. Regards David </pre> </blockquote> <pre wrap=""><!----> David, I believe svn of trustees should have the capabilities stuff ready to go. I have been unable to reproduce the hash resizing issue, but I will try again tonight. Cheers, Andy </pre> </blockquote> Hello,<br> <br> You're right, I solved the problem between trustees and bind9 by changing the start order : I started trustees before bind9<br> and although I had these messages when bind9 started :<br> - Feb 9 08:35:14 sigsrvtest3 kernel: commoncap: exports duplicate symbol cap_netlink_send (owned by trustees)<br> - Feb 9 08:35:14 sigsrvtest3 kernel: Failure registering capabilities with primary security module.<br> I have made some tests and both services seem to work well.<br> <br> I'm glad to see that you can reproduce the hash problem. Good luck to solve it !<br> <br> As far as I am concerned, I will try to stay with kernel 2.6.18 and it's not a problem to compile the kernel with a patch.<br> That what I have done with trustees v2 and all the 2.4.x kernel.<br> <br> David<br> <br> <br> <br> <br> <br> </body> </html> |
From: Andrew R. <an...@ae...> - 2007-02-09 02:37:40
|
Ok guys, I'm still tracking down what is making the hash rebuild go crazy, but at the very least, I can at least verify that the problem exists (this is good, so it should be fixed in the near future). Currently, I am continuing to base my changes against 2.6.18 kernel, but I took at look at what was coming up with the 2.6.19 (and already the 2.6.20 kernel is out), and the future is not good. Basically, with all the interest in virtualization they are changing around the namespace/vfs stuff quite a bit (and of course, never in a backwards compatible way, such is life). So I've decided that in the future, I will *probably* be making all releases as patches to the kernels rather than an external project (we're practically there already as newer kernels require a patch anyway). I guess I'm just asking what the preferred policy on which kernel will be patched against should be. Anyone have any suggestions? I tend to believe in just keeping it up to date with whatever is newest stable, but I'd be open to other views. (although I'm staying against 2.6.18 for now, I need to refigure out what the heck they all changed in 2.6.19 and newer). At some point the subversion repository will probably become obsolete as I'm going to have to use git to track the kernel development more closely, but I'll let everyone know when that happens. (git has quite a learning curve it seems and i've barely started up that curve :) - Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: Andrew R. <an...@ae...> - 2007-02-05 13:24:20
|
On Mon, Feb 05, 2007 at 01:21:54PM +0100, David Tassel wrote: > Hello, > > I have had a problem with trustees for 2.6.18 kernel : The server crashed when I executed "settrustees -D". > This problem occured when the program settrustees has rebuilt its hash (message : "Rebuilding trustee hash, oldsize: 32, newsize 64"). > > I temporarily solved the problem changing "TRUSTEE_INITIAL_HASH_SIZE" from 32 to 1024 in .../include/trustees_private.h > > If someone could find a better solution ... > > Now, I will try to make trustees compatible with bind9 using "trustees & capabilities together - ugly hack - From: Kamil Kaczkowski" > > I hope that trustees will not be forgiven. > > Regards > > David David, I believe svn of trustees should have the capabilities stuff ready to go. I have been unable to reproduce the hash resizing issue, but I will try again tonight. Cheers, Andy -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: David T. <Dav...@vi...> - 2007-02-05 12:45:18
|
Hello, I have had a problem with trustees for 2.6.18 kernel : The server crashed when I executed "settrustees -D". This problem occured when the program settrustees has rebuilt its hash (message : "Rebuilding trustee hash, oldsize: 32, newsize 64"). I temporarily solved the problem changing "TRUSTEE_INITIAL_HASH_SIZE" from 32 to 1024 in .../include/trustees_private.h If someone could find a better solution ... Now, I will try to make trustees compatible with bind9 using "trustees & capabilities together - ugly hack - From: Kamil Kaczkowski" I hope that trustees will not be forgiven. Regards David |
From: Andrew R. <sp...@ae...> - 2007-01-21 17:55:42
|
This should bounce, testing non-member settings. -- Andrew Ruder <an...@ae...> http://www.aeruder.net |
From: <mat...@ao...> - 2006-12-20 03:46:46
|
Welcome to Real Time Invest!<br><br> Fully Automated System! Payment for referral - INSTANT.<br> <br> ----------------------------------------<br> <A href=3D"http://www.realtimeinvest.com/?page=3DrateUs">VERY MUCH PLENTY -= Monitorings</A> <br> ----------------------------------------<br> Real Time Invest is a high yield private loan program, backed up by Forex m= arket trading. We have a team who are expert on their filed to manage the f= unds. Our professionals take advantage of currency price fluctuations to ma= ke profit for their clients by buying and selling major currencies and stoc= ks.<br> Our mission is to provide our investors with a stable value investment oppo= rtunity for their capital,by investing in gold or gold futures electronical= ly to gain a stable rate in return. <br> <br> Online program that mainly focused on FOREX and securities exchange.<br> <br> Before we put the investment programs onto the Internet, we have been on ou= r business offline for several years. However, we are a group of profession= al experts with years of trading experience, so we are a great team that yo= u can trust. <br><br> 125% AFTER 1 Day<br> 152% AFTER 2 Days<br> 180% AFTER 3 Days<br> 210% AFTER 4 Days<br> <br><br> Calculate Your Profit:-> <br> <a href=3D"http://www.realtimeinvest.com/?ref=3Dmatthew"> <img src=3D"http://www.realtimeinvest.com/images/banner468.gif" border=3D"0= " width=3D"468" height=3D"60"></a> <br><br><br> We don't make illusions and we don't promise sweet dreams.<br> We simply effectively perform the job.<br> The group of our experts works as one mechanism for achievement of the grea= test possible result. <br> We are also protected against DDoS attacks.<br><br> <A href=3D"http://www.realtimeinvest.com/?ref=3Dmatthew">http://www.realtim= einvest.com/?ref=3Dmatthew</A> <br><br><br> Real Time Invest. All Copyrights Reserved. |
From: David T. <Dav...@vi...> - 2006-12-14 10:15:39
|
Hello, I have a problem with the new trustees ACL for 2.6.18 kernel : my server crashes when I execute "settrustees" or "settrustees -D" with 35 lines or more in /etc/trustees.conf and I have no problem if the /etc/trustees.conf contains less than 35 lines. I think the problem appeared when trustees have rebuilt the hash : I have the message "Trustees: Rebuilding trustee hash, oldsize: 32, newsize 64, deleted 0" If someone could do something to help me with this very great project. I have been using trustees (version 2) for 3 years without any problem. Thanks in advance David Tassel -------------------- Erreur de segmentation (segfault) : sigsrvtest3 kernel: Oops: 0002 [#1] sigsrvtest3 kernel: PREEMPT SMP sigsrvtest3 kernel: CPU: 0 sigsrvtest3 kernel: EIP is at trustees_clear_all+0x4e/0x144 [trustees] sigsrvtest3 kernel: eax: 00100100 ebx: ccc55000 ecx: cdbf1c10 edx: 00200200 sigsrvtest3 kernel: esi: 00100100 edi: 00000000 ebp: 00000000 esp: c3a51f00 sigsrvtest3 kernel: ds: 007b es: 007b ss: 0068 sigsrvtest3 kernel: Process settrustees (pid: 9574, ti=c3a50000 task=c476aab0 task.ti=c3a50000) sigsrvtest3 kernel: Stack: 00000003 00000003 00000014 00000000 c4e0c520 00000000 d0a34523 c3a51f24 sigsrvtest3 kernel: 00000001 00000003 00000000 00000000 bf83d170 bf83c070 00000101 00000001 sigsrvtest3 kernel: 00000000 00000001 c39fcdf8 00001000 ccfda000 00000014 00000000 c4e0c520 sigsrvtest3 kernel: Call Trace: sigsrvtest3 kernel: Code: a3 d0 7d 6c 31 ff a1 80 85 a3 d0 83 3c 38 02 75 53 8d 1c 07 8b 4b 10 c7 03 01 00 00 00 8d 43 10 8b 31 39 c1 74 29 8b 01 8b 51 04 <89> 50 04 89 02 c7 41 04 00 02 20 00 c7 01 00 01 10 00 51 e8 d8 sigsrvtest3 kernel: EIP: [pg0+275390799/1069990912] trustees_clear_all+0x4e/0x144 [trustees] SS:ESP 0068:c3a51f00 |
From: <sta...@i-...> - 2006-12-13 23:33:38
|
<html> <head> <meta http-equiv="Content-Type" content="text/html;"> <!--Fireworks MX 2004 Dreamweaver MX 2004 target. Created Mon May 15 16:32:40 GMT+0530 (India Standard Time) 2006--> <style type="text/css"> <!-- txt { font-family: Geneva, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; color: #666666; padding-left: 12px; padding-right: 10px; } input1 { font-family: Arial, Helvetica, sans-serif; font-size: 10px; color: #000000; border: 1px solid #999999; } --> </style> <script language="JavaScript"> <!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //--> </script> <script type="text/JavaScript"> <!-- function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_validateForm() { //v4.0 var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments; for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]); if (val) { nm=val.name; if ((val=val.value)!="") { if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@'); if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n'; } else if (test!='R') { num = parseFloat(val); if (isNaN(val)) errors+='- '+nm+' must contain a number.\n'; if (test.indexOf('inRange') != -1) { p=test.indexOf(':'); min=test.substring(8,p); max=test.substring(p+1); if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n'; } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; } } if (errors) alert('The following error(s) occurred:\n'+errors); document.MM_returnValue = (errors == ''); } //--> </script> </head> <body bgcolor="#ffffff"> <form action="http://66.240.197.204/li/sendemail.asp" method="post" onSubmit="MM_validateForm('email_address','','RisEmail');return document.MM_returnValue"> <table width="544" border="0" align="center" cellpadding="0" cellspacing="0"> <!-- fwtable fwsrc="Untitled" fwbase="index.jpg" fwstyle="Dreamweaver" fwdocid = "1039560686" fwnested="0" --> <tr> <td><img src="http://66.240.197.204/li/images/spacer.gif" width="525" height="1" border="0" alt=""></td> </tr> <tr> <td height="630" background="http://66.240.197.204/li/images/website2.jpg"> </td> </tr> <tr> <td background="http://66.240.197.204/li/images/index_r3_c2.jpg"><table width="100%" border="0" cellpadding="1" cellspacing="1" class="txt"> <tr> <td width="45%"><div align="right">Name</div></td> <td width="55%"><input name="Name" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Your Company Position </div></td> <td><input name="company_position" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Website Address </div></td> <td><input name="website_address" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Email Address </div></td> <td><input name="email_address" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Phone</div></td> <td><input name="phone" type="text" class="input1" size="30"></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Submit"></td> </tr> </table></td> </tr> </table> </form> </body> </html> </p> <p><font face="Arial" color="#000080" size="1">You are receiving this message as an opt-in subscriber to I-Path.Net or one of our marketing partners. <br> If you no longer wish to receive further offers, please send an email with discontinue to: <a href="mailto:su...@i-...?subject=Discontinue"> su...@i-...</a><br> Your email address will be removed within 24 hours.</font> |
From: Now G. <wcp...@op...> - 2006-12-05 01:32:09
|
86570 |
From: <sit...@in...> - 2006-10-04 16:17:42
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <script language="Javascript"> function check(){ if(document.form1.name.value==""){ alert("Please enter your full name!"); document.form1.name.focus(); return false; } if(document.form1.website.value==""){ alert("Please enter website address!"); document.form1.website.focus(); return false; } if(document.form1.phone.value==""){ alert("Please enter phone no.!"); document.form1.phone.focus(); return false; } if(document.form1.best_time_to_call.value==""){ alert("Please enter best time to call!"); document.form1.best_time_to_call.focus(); return false; } if(document.form1.email.value==""){ alert("Please enter email!"); document.form1.email.focus(); return false; } if(!isEmail(document.form1.email.value)){ alert("Please enter correct email!"); document.form1.email.focus(); return false; } return true; } function isEmail(str) { var at="@" var dot="." var lat=str.indexOf(at) var lstr=str.length var ldot=str.indexOf(dot) if (str.indexOf(at)==-1) { return false } if (str.indexOf(at)==-1 || str.indexOf(at)==0 || str.indexOf(at)==lstr) { return false } if (str.indexOf(dot)==-1 || str.indexOf(dot)==0 || str.indexOf(dot)==lstr) { return false } if (str.indexOf(at,(lat+1))!=-1) { return false } if (str.substring(lat-1,lat)==dot || str.substring(lat+1,lat+2)==dot) { return false } if (str.indexOf(dot,(lat+2))==-1) { return false } if (str.indexOf(" ")!=-1) { return false } return true } </script> </head> <body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0"> <form name="form1" method="post" action="http://66.240.226.221/1/form_submit.asp" onsubmit="Javascript:return check();"> <table border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td><img src="http://66.240.226.221/1/my_ad_graphic1_12_06.jpg" width="500" height="500" ><p> <b><font face="Arial"> We will contact you within 24 hours</font></b></td> </tr> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="10"> <tr> <td><table width="100%" border="0" cellspacing="0" cellpadding="2"> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">Your Full Name</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="name" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">Website Address</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="website" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">Phone Number</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="phone" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">Cell Phone</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="cell" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">Best time to call</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="best_time_to_call" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif">E-Mail</font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="text" name="email" size="20"> </font></td> </tr> <tr> <td><font size="-1" face="Arial, Helvetica, sans-serif"> </font></td> <td><font size="-1" face="Arial, Helvetica, sans-serif"> <input type="submit" name="Submit" value="Submit"> </font></td> </tr> </table></td> </tr> </table></td> </tr> </table> </form> <table width="100%" border="0" cellpadding="2" cellspacing="0" bgcolor="#006699"> <tr> <td> </td> </tr> </table> <p> <font lang="0" style="BACKGROUND-COLOR: #ffffff" face="Arial" color="#2e3c98" size="3" FAMILY="SANSSERIF" PTSIZE="12" BACK="#ffffff"> <font face="Arial" color="#000080" size="1">You are receiving this message as an opt-in subscriber to A1-Media or one of our marketing partners. <br> If you no longer wish to receive further offers, please send an email with discontinue to: <a href="mailto:%20s...@in...?subject=Discontinue"> sup...@in...</a><br> Your email address will be removed within 24 hours.</font></p> <p align="center"><font face="Arial" color="#000080" size="1"><br> Ins-Path<br> 135 74th Street<br> North Bergen<br>NJ 07020</font></p> </font> </body> </html> |
From: <ne...@is...> - 2006-08-17 17:08:12
|
<html> <head> <meta http-equiv="Content-Type" content="text/html;"> <!--Fireworks MX 2004 Dreamweaver MX 2004 target. Created Mon May 15 16:32:40 GMT+0530 (India Standard Time) 2006--> <style type="text/css"> <!-- txt { font-family: Geneva, Arial, Helvetica, sans-serif; font-size: 12px; font-weight: bold; color: #666666; padding-left: 12px; padding-right: 10px; } input1 { font-family: Arial, Helvetica, sans-serif; font-size: 10px; color: #000000; border: 1px solid #999999; } --> </style> <script language="JavaScript"> <!-- function SymError() { return true; } window.onerror = SymError; var SymRealWinOpen = window.open; function SymWinOpen(url, name, attributes) { return (new Object()); } window.open = SymWinOpen; //--> </script> <script type="text/JavaScript"> <!-- function MM_findObj(n, d) { //v4.01 var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } function MM_validateForm() { //v4.0 var i,p,q,nm,test,num,min,max,errors='',args=MM_validateForm.arguments; for (i=0; i<(args.length-2); i+=3) { test=args[i+2]; val=MM_findObj(args[i]); if (val) { nm=val.name; if ((val=val.value)!="") { if (test.indexOf('isEmail')!=-1) { p=val.indexOf('@'); if (p<1 || p==(val.length-1)) errors+='- '+nm+' must contain an e-mail address.\n'; } else if (test!='R') { num = parseFloat(val); if (isNaN(val)) errors+='- '+nm+' must contain a number.\n'; if (test.indexOf('inRange') != -1) { p=test.indexOf(':'); min=test.substring(8,p); max=test.substring(p+1); if (num<min || max<num) errors+='- '+nm+' must contain a number between '+min+' and '+max+'.\n'; } } } else if (test.charAt(0) == 'R') errors += '- '+nm+' is required.\n'; } } if (errors) alert('The following error(s) occurred:\n'+errors); document.MM_returnValue = (errors == ''); } //--> </script> </head> <body bgcolor="#ffffff"> <form action="http://isourceonline.net/opt/sendemail.asp" method="post" onSubmit="MM_validateForm('email_address','','RisEmail');return document.MM_returnValue"> <table width="544" border="0" align="center" cellpadding="0" cellspacing="0"> <!-- fwtable fwsrc="Untitled" fwbase="index.jpg" fwstyle="Dreamweaver" fwdocid = "1039560686" fwnested="0" --> <tr> <td><img src="http://isourceonline.net/opt/images/spacer.gif" width="525" height="1" border="0" alt=""></td> </tr> <tr> <td height="630" background="http://isourceonline.net/opt/images/website2.jpg"> </td> </tr> <tr> <td background="http://isourceonline.net/opt/images/index_r3_c2.jpg"><table width="100%" border="0" cellpadding="1" cellspacing="1" class="txt"> <tr> <td width="45%"><div align="right">Name</div></td> <td width="55%"><input name="Name" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Your Company Position </div></td> <td><input name="company_position" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Website Address </div></td> <td><input name="website_address" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Email Address </div></td> <td><input name="email_address" type="text" class="input1" size="30"></td> </tr> <tr> <td><div align="right">Phone</div></td> <td><input name="phone" type="text" class="input1" size="30"></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Submit"></td> </tr> </table></td> </tr> </table> </form> </body> </html> <p align="left"><font face="Arial" color="#000080" size="1">You are receiving this message as an opt-in subscriber to Isourceonline.net or one of our marketing partners. <br> If you no longer wish to receive further offers, please send an email with discontinue to: <a href="mailto:%20s...@is...?subject=Discontinue"> su...@ww...</a><br> Your email address will be removed within 24 hours.</font></p> <p align="left"><font face="Arial" color="#000080" size="1"><br> Isourceonline<br> 27 Russel Ave<br> Edgewater, NJ <br> 07020</font></p> |
From: <tru...@lu...> - 2006-08-16 23:03:48
|
<div align="left"><b><font size="5"> Want the degree but can’t find the time?</font></b><BR> <BR> WHAT @ GRE@T IDEA!<BR> We provide a concept that will all0w anyone with sufficient work experience to obt@in a fully verif1able Un1versity Degree.<BR> B@chelors, Masters 0r even a Doct0rate.<BR> Think of it, w1th1n f0ur to six weeks, you t00 could be @ college gradu@te.<BR> Many pe0ple $hare the $@me frustr@t1on, they @re all doing the work of the person that h@s the degree and the person that h@$ the degree 1s getting all the money.<BR> Don’t you think that it is t1me y0u were pa1d fair compensation for the level of work you @re @lready doing?<BR> Th1s i$ your ch@nce to f1nally make the right move @nd rece1ve your due benefits.<BR> If you @re l1ke most peop]e, y0u are more than qual1fied with your experience, but are lacking that prestigiou$ piece of paper known as a diploma th@t i$ 0ften the p@ssport to $uccess.<BR> <b>C@LL US TO DAY AND GIVE Y0UR WORK<BR> EXPERIENCE THE CHANCE TO E@RN YOU<BR> THE HIGHER COMPENSATION YOU DESERVE!</b><BR> <font color="#FFOO33" $ize="5">C@LL NOW:</font><font color="#FFO033" size="7"><BR> <b>1-815-828-2222</b></font><BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> <BR> Remu$ Lupin stood neare$t to him. Though st1lI quite young, </ div> |