Joseph Price

FOSS advocate in a Windows world...

AppArmor hat & child profiles

My last post omitted the real reason I hadn't swapped to OnlyOffice was that I was too lazy to look further into apparmor. Allowing dash to inherit the php permissions with /bin/dash ix, is one solution but for other reasons, I wanted to write a more contained profile to spawn dash within. Searching the internet & reading my favourite apparmor docs didn't enlighten.

Continue Reading →

Why I'm not using ONLYOFFICE yet.

I'm a huge fan of Nextcloud and version 18 brought great integration with ONLYOFFICE. I'm not using it though because it ships with binaries that aren't always straightforward to execute.

Continue Reading →

Connection reset...

After switching energy supplier, I discovered I couldn't connect to their website.

This is an explanation with notes of how I've attempted to diagnose the issue so far.

Continue Reading →

Nextcloud, CVE's & Apparmor

Nextcloud and others recently reported on CVE-2019-11043 which looks like a particularly nasty RCE affecting only nginx+php-fpm with certain configurations.

Unfortunately, the configuration the Nextcloud documentation recommended was one of those vulnerable configurations.

Continue Reading →

Switching backups to Restic - update

In a previous post I mentioned swapping my backups to restic. Since then, I've found my B2 storage costs increased substantially and wanted to figure out why.

Continue Reading →