Do containers contain?

At their core, containers are just Linux processes that are namespaced. This means in practice, many containers still run as processes on the same host machine. While namespacing processes using cgroups creates very good boundaries between processes, the isolation is still not perfect.

Read the rest of this entry »

ORA-31001: Invalid resource handle or path name “/sys/acls/myacl.xml”

So this happens when you try to add a privilege to an ACL that does not exist:

SQL> EXEC DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE ('myacl.xml', 'SIMON', true, 'connect');
BEGIN DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE ('myacl.xml', 'SIMON', true, 'connect'); END;

ERROR at line 1: ORA-31001: Invalid resource handle or path name "/sys/acls/myacl.xml" ORA-06512: at "SYS.DBMS_NETWORK_ACL_ADMIN", line 384 ORA-06512: at line 1

Oracle Database 11g introduced fine-grained access control to external network services using Access Control Lists (ACLs). This basically allows you to take control over which users access which network resources, regardless of package grants. Read the rest of this entry »

JBoss: LDAP authentication (login-config.xml) example

In the past weeks, I was responsible for setting up a new JBoss Application Server for a customer. One thing I had to do was to enable authentication via the customers existing Active Directory for SSO (Single Sign On).

When fiddling with authentication, one is always happy to find examples of existing installations. In this post, I give an example of how to configure LDAP authentication (in this case with Active Directory) in JBoss. While you can find extensive documentation on the JBoss website, I always like it if there is a specific example provided, so here it goes:

Read the rest of this entry »