About this list Date view Thread view Subject view Author view Attachment view

From: Thomas Gebhardt (gebhardt_at_hrz.uni-marburg.de)
Date: Thu 08 May 2003 - 15:46:48 BST


Hi,

just try to set up my first vserver. Since I'm running on a debian
system, I cannot use vunify but have to "unify" the vservers "by hand".
I am not able to correctly set the ILI flag on a file such that root on
the vserver can unlink but not modify a file. Can anyone give me a
hint what I am doing wrong? Thanks!

Here I am trying to set the ILI flag on a test file:

master# cp /bin/ls /vservers/v1/test/
master# ln -f /vservers/v1/test/ls /vservers/v2/test/ls
master# lsattr /vservers/v1/test/ls
-------------- /vservers/v1/test/ls
master# /usr/lib/vserver/showattr /vservers/v1/test/ls
/vservers/v1/test/ls 00000000
master# /usr/lib/vserver/setattr --immulink /vservers/v1/test/ls
master# /usr/lib/vserver/showattr /vservers/v1/test/ls
/vservers/v1/test/ls 00008000
master# lsattr /vservers/v1/test/ls
-------------t /vservers/v1/test/ls

Somehow the "t' flag of chattr interferes with --immulink ?! Strange.
I cannot unlink /test/ls on the vserver v1:

v1# rm /test/ls
rm: cannot unlink `/test/ls': Operation not permitted
v1# reducecap --show
            Capability Effective Permitted Inheritable
             CAP_CHOWN X X
      CAP_DAC_OVERRIDE X X
   CAP_DAC_READ_SEARCH X X
            CAP_FOWNER X X
            CAP_FSETID X X
              CAP_KILL X X
            CAP_SETGID X X
            CAP_SETUID X X
           CAP_SETPCAP
   CAP_LINUX_IMMUTABLE
  CAP_NET_BIND_SERVICE X X
     CAP_NET_BROADCAST
         CAP_NET_ADMIN
           CAP_NET_RAW
          CAP_IPC_LOCK
         CAP_IPC_OWNER
        CAP_SYS_MODULE
         CAP_SYS_RAWIO
        CAP_SYS_CHROOT X X
        CAP_SYS_PTRACE X X
         CAP_SYS_PACCT
         CAP_SYS_ADMIN
          CAP_SYS_BOOT
          CAP_SYS_NICE
      CAP_SYS_RESOURCE
          CAP_SYS_TIME
    CAP_SYS_TTY_CONFIG X X
             CAP_MKNOD
             CAP_LEASE X X
           CAP_OPENDEV X X

My setup: Linux version 2.4.20ctx-17
          Debian Woody with vserver 0.22-10 backport
          ext3 filesystem on /vservers
          e2fsprogs version 1.27-2

Thanks for any hint!

Cheers, Thomas


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 08 May 2003 - 21:20:46 BST by hypermail 2.1.3