From: Martin List-Petersen (martin_at_list-petersen.dk)
Date: Mon 31 Mar 2003 - 01:28:12 BST
For the fun of it, i tried to recompile a 2.4.19 kernel with ctx-15
patch .. still the same problem. Courier-imap in a vserver binds all
ip's, no matter of what restrictions are set.
-- Regards, Martin List-Petersen martin at list-petersen dot dk -- Oh, and this is another kernel in that great and venerable "BugFree(tm)" series of kernels. So be not afraid of bugs, but go out in the streets and deliver this message of joy to the masses. -- Linus, in the announcement for 1.3.27
On Sun, 2003-03-30 at 22:09, Martin List-Petersen wrote: > As i wrote earlier i figured out, what went wrong. > > I don't get the errors on entering a vserver anymore since that is setup > correct now, however it still seems that my vservers can bind ANY ip > which is quite odd. > > Example: exim or courier-imap will bind all ip's (also the ones not > shown with ifconfig) if no ip to bind is specified. This should not be > possible. > > On Sun, 2003-03-30 at 18:46, Herbert Poetzl wrote: > > On Sun, Mar 30, 2003 at 06:15:05PM +0200, Martin List-Petersen wrote: > > > Hi, > > > > > > i seem to have a odd problem: > > > > > > My vservers doen't seem to be bound to only access their own ip-adress. > > > > > > When i enter a vserver with: vserver servername enter > > > it gives me the following output: > > > SIOCSIFBRDADDR: Cannot assign requested address > > > SIOCSIFFLAGS: Cannot assign requested address > > ^^^^^^^^^^^^^^^^^ > > > > seems like the script could not create the alias > > required for this virtual server ... > > > > possible causes: > > > > - your servernames are 'verylongname001', 'verylongname002', ... > > - the alias names ethX:<servername> collide with existing > > aliases ... > > - the script is broken ... > > - the kernel is broken ... > > > > hth, > > Herbert > > > > > ipv4root is now x.x.x.x > > > New security context is 12 > > > > > > So it seems, that i maybe missed something during compile of the kernel > > > (am I right here ?) > > > > > > The machine is running Debian Woody, kernel 2.4.20ctx-16, vserver > > > package 0.22-7 and was a fresh install. On my other server (running > > > Debian Woody, kernel 2.4.19ctx-15, vserver package 0.21-1) i don't have > > > that problem at all. > > > > > > What also happens is that for example exim inside a vserver also binds > > > ip's which it doesn't has access to (besides .. all vserver have > > > CAP_NET_RAW capability) > > > > > > What can i do to find out, what i missed ? Any hints ? > > >