Search results

I don't know if that'll be added or not. However; you can just use a reverse proxy for that. Listen on loopback (127.0.0.1) device and put a reverse proxy on the interfaces you want to listen on the network.

The feature request is now in production. Add LISTEN_IP=<your_IP> to /etc/default/pveproxy and restart pveproxy. ie: echo 'LISTEN_IP=127.0.0.1' > /etc/default/pveproxy systemctl restart pveproxy To check if it worked: netstat -lntp|grep 8006

Created https://bugzilla.proxmox.com/show_bug.cgi?id=2997

With the implementation today we are totally dependable on that the application will withstand attempted attacks. If the pveproxy application some time in the future suffers from a vulnerability that can buypass this application security layer, we are at risk. It's good practice to have several...

Hi, I have several ethernet interfaces. To secure Proxmox webgui I want it to only listen on one of them. When checking netstat, I can see that it's listening on 0.0.0.0 (all) interfaces: root@pve:~# netstat -lntp|grep 8006 tcp 0 0 0.0.0.0:8006 0.0.0.0:*...

Thanks! That worked. For the record and for people landing on this page from google: I only had 1 pci device passtrough so it was named hostpci0 in the "/etc/pve/local/qemu-server/100.conf" config file, like this: hostpci0: 06:00.0 Added the following to the bottom solved the pci passtrough...

I have the same error on the same card. I have tried both ovmf and seabios. The same error message appears. As a test I used an Intel card in the same pci slot and that worked. However, this is not a suitable solution since the Intel card can only act as a client not AP. lspci: 06:00.0 Network...

Hi, Found an answer here: https://forum.proxmox.com/threads/lxc-cannot-assign-a-block-device-to-container.23256/ But it turns out that I actually don't need to add the block device as a block device after all. The mountpoint (mpX) config option solved everything for me. That makes my lxc...

Hi, I've got a spare physical disk (/dev/sdb) that I want to add to a container. How to do that? -Idar

thanks! please lock down this thread

are you sure that proxmox is based on ubuntu? a lsb_release -a tells me that my installation is debian: If that's the case, this should be the tracking of the released fixes: https://security-tracker.debian.org/tracker/CVE-2017-5754

Quoting https://insights.ubuntu.com/2018/01/04/ubuntu-updates-for-the-meltdown-spectre-vulnerabilities/ Ubuntu has also written a KB here; https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SpectreAndMeltdown Seems like we will get the kernels to upstream ubuntu january 9th.

you can disable it by adding "pti=off" to grub config..

it was what they called it before it got the fancy names meltdown and spectre; https://lkml.org/lkml/2017/12/4/709

according to @fabian, they are releasing updated kernels as soon as ubuntu does that. according to https://launchpad.net/ubuntu/+source/linux/+changelog ubuntu has not yet released such a kernel

Google Project Zero has released more information about the vulnerabilities. https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

It's a kernel patch. It can be disabled with kernel parameter "pti=off" in grub config file.

more info should surface tomorrow at 12:00 UTC regarding that. https://xenbits.xen.org/xsa/ (XSA-254)

With the surfacing of the Intel CPU security vulnerability, and recent patches done to the linux kernel. Sources; https://en.wikipedia.org/wiki/Kernel_page-table_isolation http://pythonsweetness.tumblr.com/post/169166980422/the-mysterious-case-of-the-linux-page-table/amp...

After the release of pve51, i upgraded and got new kernel (4.13). The servers now boot up normally with 4.13.4-26. I don't know what was wrong in the 4.10 kernel, but fortunately the new 4.13 is now working!