From: Christian Mayrhuber (christian.mayrhuber_at_gmx.net)
Date: Wed 23 Apr 2003 - 19:17:13 BST
Am Mittwoch, 23. April 2003 18:36 schrieben Sie:
> I'm using vserver to provide a RH7.2 development environmnet on my
> RH7.3 machine. But, my build uses loop block devices to create fs
> images. Is there a way to allow this functionality?
> dd if=/dev/zero of=fs bs=1k count=13092
> 13092+0 records in
> 13092+0 records out
> sudo losetup /dev/loop3 fs
> memlock: Operation not permitted
> Couldn't lock into memory, exiting.
> make: *** [fs] Error 1
You can set the ipc lock capability in your .conf file
for the vserver.
All capabilities are defined in /usr/include/linux/capability.h
I'm pretty sure shared memory segments harm security.
The part for CAP_IPC_LOCK:
/* Allow locking of shared memory segments */
/* Allow mlock and mlockall (which doesn't really have anything to do
with IPC) */
#define CAP_IPC_LOCK 14
-- lg, Chris