From: sysadmin_at_qlusters.com
Date: Mon 17 Nov 2003 - 15:33:35 GMT
('binary' encoding is not supported, stored as-is)
('binary' encoding is not supported, stored as-is)
The e-mail you have sent to this domain (qlusters.com) did not reach its indended destination.
Possible reasons: the e-mail address entered is mispelled or the user is none existant.
Note:
---------
You may see the original e-mail below. If you feel that this is error message is incorrect or
you have a question then feel free to press "reply" to this e-mail and e-mail the Administrator.
Thank you,
Qlusters INC.
attached mail follows:
Hi all!
Here the list from Paul, with my comments
where appropriate ;)
]Needs fixing: as of 2003 Jan 26 Paul Sladen <vserver_at_paul.sladen.org>
okay, maybe an update should be done, paul?
](This is kernel side stuff considered, not userspace)
I'll comment on that one by one ...
]-------------------------------------------
]
]PS Tools.
]
]ps wants to read the System.map, so it looks for:
]
]$PS_SYSTEM_MAP
]/boot/System.map-`uname -r`
]/boot/System.map
]/lib/modules/`uname -r`/System.map
]/usr/src/linux/System.map
hmm, and how does the System.map get there on a
'normal' server, I assume it is written to this
location, right? so why not just copy it there,
so everybody should be happy again ...
by the way, my ps doesn't show this behaviour
# strace -F ps 2>&1 | grep System
]fix: could we fake this under `/proc' and then link to it?
why should we put userspace data into the kernel?
]-------------------------------------------
]
]Nmap.
]
]nmap needs help finding the default Interface and IP.
]
]Failed to lookup device subnet/netmask: SIOCGIFADDR: eth0: Cannot assign requested address
]Failed to lookup device subnet/netmask: eth0: no IPv4 address assigned
]I cannot figure out what source address to use for device eth0:foobar, does it even exist?
agreed, will hopefully be addressed by the future
virtualized network ...
]nmap works fine *if* you do:
]
] % nmap -e eth0:foobar -S 1.2.3.4 target.to.scan.com
]
]-------------------------------------------
]
]Ping.
]
]Ping generates raw IP packets but leaves the kernel to put the headers on.
agreed, same answer as above
]This can probably be fixed by doing selection in `ip_route' rather than
]the UDP / TCP functions.
]
]-------------------------------------------
]
]Init.
]
]init tries to bind to the console, it knows about:
]
]/dev/console
]/dev/tty*
hmm, any reason for not doing the pip & pipe handler
in userspace? this sounds like a typical userspace
problem/solution to me ..
]fix: We need to write a fake `console' driver that can pipe to a file.
]
]-------------------------------------------
]
]Quotaing.
]
]Quota calls `ioctl()s' on the `/dev/partition' to get sizes. It also
]calls `sys_quotactl()'.
]
]fix: Provide a fake `root device' and proxy `sys_quotactl()' through
]to userspace.
is solved by the vr patches and vr-tools ...
http://www.13thfloor.at/vserver/s_addons/vroot/
]Herbert Po"etzl has done the fake `/dev/root'.
]
] [ http://www.13thfloor.at/VServer/ ]
]
]Q: how does `df' figure out the size of the disk/ CTX-quota?
the same way as usual, via sys_statfs() ...
]-------------------------------------------
]
]lsof.
]
]lsof (List open files) tries to stat all the mounted partitions.
]
]It gets these from `/proc/mounts' instead of `/etc/mtab' which we
]already fake.
]
]lsof: WARNING: can't stat() ext2 file system /vservers
] Output information may be incomplete.
]lsof: WARNING: can't stat() proc file system /vservers/hutch/proc
] Output information may be incomplete.
]lsof: WARNING: can't stat() devpts file system /vservers/hutch/dev/pts
] Output information may be incomplete.
]lsof: WARNING: can't stat() proc file system /vservers/muse/proc
] Output information may be incomplete.
]lsof: WARNING: can't stat() devpts file system /vservers/muse/dev/pts
] Output information may be incomplete.
]
](Note: This doesn't stop it working).
there is a patch which hides _all_ /proc/mounts
entries which should solve this and other issues ...
http://vserver.13thfloor.at/Experimental/no-proc-mounts.diff
]fix: fake `/proc/mounts' so that stuff below the current chroot() is
]not shown.
]
]-------------------------------------------
]
]reboot
]
]kernel sys_reboot() replacement for rebootmgr/vreboot
]
]If we start a vserver with fakeinit, it would normally expect to
]shut itself down by called the kernel again.
]
]fix: hook the kernel call and pass it back to userspace to kill the context
this is solved starting with devel release vs1.1.3
kernel activates a reboot helper (userspace) which
then decides what to do ...
(credits go to paul and mark, I presume?)
]Mark Lawrence and Paul Sladen have patches:
]
] [ http://www.paul.sladen.org/vserver/sys_reboot/ ]
]
]-------------------------------------------
]Others:
]-*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*-
]
]bind(0.0.0.0)
]
]Jacques has two solutions, I prefer the second, should be here RSN(tm)
I assume this works now, any examples prooving
the oposite?
]fix: anything is just not nice.
]
]-------------------------------------------
]
]private loopback device: (networking)
]
]Currently the "lo" device looks like a piece of shared ethernet.
]eg. all vserver can dump other vserver private loopback communications.
will hopefully be solved with the virtualized network
too ...
]fix: allow the kernel to route stuff to `dev_loopback' but then
]pipe it to `current->dev_loopback' instead of global loopback.
]
]-------------------------------------------
]
]UDP mangling:
]
]Only TCP mangling was being done to force the source address, this
]showed up when querying bind through localhost.
please provide more details, if this isn't
in the vserver patches yet ...
]fix: Mark Lawrence patched the `net/ipv4/udp.c' a la TCP
]
]alternative: do it at the lower IP level instead of seperately, see ping above
]
]-------------------------------------------
]
]SSH X Forwarding:
]
]SSHd tries to create the X socket on the `127.0.0.1' which gets broken
]by our current mangling. This should go away once we fix this.
virtualized network
]The the mean time with pretty recent OpenSSHd's you can:
]
] echo "X11UseLocalhost no" >> /etc/ssh/sshd_config
]
]-------------------------------------------
]
]private filesystem loopback devices:
]
]If we want to be able to mount floppy-disk images or ISOs within a vserver
]I think we need to provide seperate loopback(s) per vserver? (?)
well, I assume you don't want to do this, because
if you allow loop devices or ramdisk, you are openeing
the system completely ... if you don't care about
security, you can just provide the 'default' loop
devices ...
]-------------------------------------------
]
]NFS (network filesystem)
hmm, well it seems to work for some ...
maybe an example what fails?
]This don't work. Userspace NFS client /might/ work. (or will it?)
]
]-------------------------------------------
]
]Midnight Commander/ terminals
]MC causes a segv under vservers; The easist workaround for this is:
well, probably a mc issue, and most likely,
it's already solved in a newer mc version ..
mc-4.5.55-7mdk.i586.rpm
runs without any changes for me ...
] $ export TERM=xterm
] $ mc
]
]Thread at:
]
] http://www.paul.sladen.org/vserver/archives/200301/0060.html
]
]<sam villian> Try:
] apt-get install ncurses-term
]or `reportbug libncurses5' :-)
]
]w3m crashes out with:
]
]> stat64("/dev/vc/0", 0xbffff9d0) = -1 ENOENT (No such file or directory)
]> stat64("/dev/tty0", 0xbffff9d0) = -1 ENOENT (No such file or directory)
]
]MC crashes out with: (eg, same thing...)
]
]> getdents64(0x4, 0x80f4158, 0x1000, 0x4) = 0
]> close(4) = 0
]> rt_sigaction(SIGWINCH, {0x8075028, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0
]> stat64("/dev/vc/0", 0xbffffa10) = -1 ENOENT (No such file or directory)
]> stat64("/dev/tty0", 0xbffffa10) = -1 ENOENT (No such file or directory)
]> --- SIGSEGV (Segmentation fault) ---
]
]MC good run (TERM=xterm):
]
]> getdents64(0x4, 0x80f4580, 0x1000, 0xa) = 0
]> close(4) = 0
]> rt_sigaction(SIGWINCH, {0x8075028, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0
]> write(1, "\33[?1001s\33[?1000h", 16) = 16
]> time(NULL) = 1043624513
]> time(NULL) = 1043624513
]
]-------------------------------------------
]
]Binfmt_Misc
]
]Seperate per-context (write-only /proc) to only
]Java and CLR/mono to run nicely
hmm, is this useful in any way? (just asking)
]-------------------------------------------
so what remains for this list:
kernel related:
- make virtual network possible
- make virtualized lo interface
userspace related:
- code a userspace reboot helper
- code a userspace console logger
unrelated:
- rethink security (loop/ramdisk)
- fix mc and or use sane setup
best,
Herbert
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver