ghaskins

	var conn *tls.Conn

	if conn, err = tls.Dial("tcp", "10.20.30.215:2000", config); err != nil {
		panic("failed to connect: " + err.Error())
	}
	defer conn.Close()

	certs := conn.ConnectionState().PeerCertificates

	if len(certs) != 1 {

ghaskins

// compile with: g++ -g -O0 -std=c++11 -o spirittest main.cc

#include <iostream>
#include <list>
#include <stack>
#include <vector>

#include <boost/spirit/include/qi.hpp>
#include <boost/spirit/include/qi_string.hpp>
#include <boost/spirit/include/qi_uint.hpp>

ghaskins

ghaskins@ubuntu:~/sandbox/git/spirit$ g++ -g -O0 -std=c++11 -o spirittest main.cc
In file included from /usr/include/boost/spirit/home/qi/auxiliary/attr.hpp:18:0,
                 from /usr/include/boost/spirit/home/qi/auxiliary.hpp:19,
                 from /usr/include/boost/spirit/home/qi.hpp:16,
                 from /usr/include/boost/spirit/include/qi.hpp:16,
                 from main.cc:8:
/usr/include/boost/spirit/home/qi/detail/assign_to.hpp: In instantiation of ‘static void boost::spirit::traits::assign_to_attribute_from_value<Attribute, T, Enable>::call(const T_&, Attribute&, mpl_::false_) [with T_ = unsigned int; Attribute = boost::fusion::extension::adt_attribute_proxy<Ast::Foo, 0, false>; T = unsigned int; Enable = void; mpl_::false_ = mpl_::bool_<false>]’:
/usr/include/boost/spirit/home/qi/detail/assign_to.hpp:170:54:   required from ‘static void boost::spirit::traits::assign_to_attribute_from_value<Attribute, T, Enable>::call(const T&, Attribute&) [with Attribute = boost::fusion::extension::a

ghaskins

// compile with: g++ -g -O0 -std=c++11 -o spirittest main.cc

#include <iostream>
#include <list>
#include <stack>
#include <vector>

#include <boost/spirit/include/qi.hpp>
#include <boost/spirit/include/qi_string.hpp>
#include <boost/spirit/include/qi_uint.hpp>

ghaskins

---
################################################################################
#
#   Profile
#
#   - Different configuration profiles may be encoded here to be specified
#   as parameters to the configtxgen tool
#
################################################################################
Profiles:

ghaskins

2017-05-01 14:49:05.937 UTC [policies] GetPolicy -> DEBU 1a3 Returning policy ChannelCreationPolicy for evaluation
2017-05-01 14:49:05.937 UTC [cauthdsl] func1 -> DEBU 1a4 Gate evaluation starts: (&{n:1 policies:<signed_by:0 > })
2017-05-01 14:49:05.937 UTC [cauthdsl] func2 -> DEBU 1a5 Principal evaluation starts: (&{0}) (used [false false])
2017-05-01 14:49:05.937 UTC [cauthdsl] func2 -> ERRO 1a6 Principal deserialization failed: (Could not deserialize a SerializedIdentity, err unexpected EOF) for identity [99 101 114 116]
2017-05-01 14:49:05.937 UTC [msp] newIdentity -> DEBU 1a7 Creating identity instance for ID &{Org1MSP 296331650cb720e9f04727c66efaa3e488815e08f3a9bfd9fb1ab79bff3a59d5}
2017-05-01 14:49:05.937 UTC [msp] SatisfiesPrincipal -> DEBU 1a8 Checking if identity satisfies ADMIN role for Org1MSP
2017-05-01 14:49:05.937 UTC [cauthdsl] func2 -> DEBU 1a9 Identity ([10 7 79 114 103 49 77 83 80 18 252 5 45 45 45 45 45 66 69 71 73 78 32 45 45 45 45 45 10 77 73 73 67 70 106 67 67 65 98 50 103 65 119 73 66 

ghaskins

$ tree build/cryptogen/
build/cryptogen/
├── ordererOrganizations
│   └── orderer.net
│       ├── ca
│       │   ├── 396e3795e1739afe1bdfc41b228c2569c27245d0d63b653a098a4d471df2921f_sk
│       │   └── ca.orderer.net-cert.pem
│       ├── msp
│       │   ├── admincerts
│       │   │   └── Admin@orderer.net-cert.pem

ghaskins

2017-05-02 02:23:00.492 UTC [policies] GetPolicy -> DEBU 8b2 Returning policy Application/Readers for evaluation
2017-05-02 02:23:00.492 UTC [cauthdsl] func1 -> DEBU 8b3 Gate evaluation starts: (&{n:1 policies:<signed_by:0 > })
2017-05-02 02:23:00.492 UTC [cauthdsl] func2 -> DEBU 8b4 Principal evaluation starts: (&{0}) (used [false])
2017-05-02 02:23:00.492 UTC [cauthdsl] func2 -> DEBU 8b5 Principal matched by identity: (&{0}) for [10 7 79 114 103 49 77 83 80 18 172 6 45 45 45 45 45 66 69 71 73 78 32 45 45 45 45 45 10 77 73 73 67 79 106 67 67 65 101 67 103 65 119 73 66 65 103 73 81 88 108 103 102 117 100 97 76 48 116 47 65 78 55 65 113 116 108 74 49 98 84 65 75 66 103 103 113 104 107 106 79 80 81 81 68 65 106 66 106 77 81 115 119 10 67 81 89 68 86 81 81 71 69 119 74 86 85 122 69 84 77 66 69 71 65 49 85 69 67 66 77 75 81 50 70 115 97 87 90 118 99 109 53 112 89 84 69 87 77 66 81 71 65 49 85 69 66 120 77 78 85 50 70 117 73 69 90 121 10 89 87 53 106 97 88 78 106 98 122 69 82 77 65 56 71 65 49 85 69 67 104 77 73 9

ghaskins

$ cat concourse-scc.yml
kind: SecurityContextConstraints
apiVersion: v1
metadata:
  name: concourse
allowPrivilegedContainer: true
defaultAddCapabilities:
  - "SYS_ADMIN"
  - "DAC_OVERRIDE"
  - "DAC_READ_SEARCH"

ghaskins

type=AVC msg=audit(1514993692.926:11214): avc:  denied  { sys_admin } for  pid=2892 comm="runc:[1:CHILD]" capability=21  scontext=system_u:system_r:spc_t:s0 tcontext=system_u:system_r:spc_t:s0 tclass=cap_userns permissive=0
type=SYSCALL msg=audit(1514993692.926:11214): arch=c000003e syscall=272 success=no exit=-1 a0=7c020000 a1=8785e8 a2=0 a3=0 items=0 ppid=2883 pid=2892 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="runc:[1:CHILD]" exe="/concourse-work-dir/3.8.0/assets/bin/runc" subj=system_u:system_r:spc_t:s0 key=(null)
type=PROCTITLE msg=audit(1514993692.926:11214): proctitle=2F70726F632F73656C662F65786500696E6974