From: mile1_at_bellsouth.net
Date: Wed 26 Nov 2003 - 05:29:39 GMT
Here it is,
Last login: Sun Nov 23 21:53:32 2003
[root_at_rdhat01 root]# ls
anaconda-ks.cfg install.log install.log.syslog vps
[root_at_rdhat01 root]# vi /etc/vservers/redhat9.conf
# Description: RedHat 9 VPS Server
if [ "" = "" ]; then
PROFILE=prod
fi
case $PROFILE in
prod)
# Select the IP number(s) assigned to the virtual server
# These IPs will be defined as IP alias
# The alias will be setup on IPROOTDEV
# You can specify the device if needed
# IPROOT="eth0:1.2.3.4 eth1:3.4.5.6"
IPROOT="172.16.0.109"
# You can define on which device the IP alias will be done
# The IP alias will be set when the server is started and unset
# when the server is stopped
# The netmask and broadcast are computed by default from IPROOTDEV
#IPROOTMASK=
#IPROOTBCAST=
IPROOTDEV=eth0
# You can set a different host name for the vserver
# If empty, the host name of the main server is used
S_HOSTNAME=redhat9.icanreach.com
;;
backup)
IPROOT=""
#IPROOTMASK=
#IPROOTBCAST=
IPROOTDEV=eth0
S_HOSTNAME=
;;
esac
# Set ONBOOT to yes or no if you want to enable this
# virtual server at boot time
ONBOOT=yes
# Control the start order of the vservers
# Lower value start first
PRIORITY=100
# You can set a different NIS domain for the vserver
# If empty, the current on is kept
# Set it to "none" to have no NIS domain set
S_DOMAINNAME=
# You can set the priority level (nice) of all process in the vserver
# Even root won't be able to raise it
S_NICE=
# You can set various flags for the new security context
# lock: Prevent the vserver from setting new security context
# sched: Merge scheduler priority of all processes in the vserver
# so that it acts a like a single one.
# nproc: Limit the number of processes in the vserver according to ulimit
# (instead of a per user limit, this becomes a per vserver limit)
# private: No other process can join this security context. Even root
# Do not forget the quotes around the flags
S_FLAGS="lock nproc"
# You can set various ulimit flags and they will be inherited by the
# vserver. You enter here various command line argument of ulimit
# ULIMIT="-H -u 200"
# The example above, combined with the nproc S_FLAGS will limit the
# vserver to a maximum of 200 processes
ULIMIT="-HS -u 1000"
# You can set various capabilities. By default, the vserver are run
# with a limited set, so you can let root run in a vserver and not
# worry about it. He can\'t take over the machine. In some cases
# you can to give a little more capabilities \(such as CAP_NET_RAW\)
# S_CAPS="CAP_NET_RAW"
S_CAPS="CAP_NET_RAW CAP_SYS_ADMIN CAP_NET_ADMIN"
# Select an unused context (this is optional)
# The default is to allocate a free context on the fly
# In general you don't need to force a context
#S_CONTEXT=
>
> From: "Charles Dale" <bug_at_aphid.net>
> Date: 2003/11/25 Tue PM 08:16:37 EST
> To: <vserver_at_list.linux-vserver.org>
> Subject: RE: RE: [Vserver] Rpms for vserver 0.27 (got it)
>
> [snip]
>
> > Nov 24 12:00:13 redhat9 named: named: capset failed: Operation not
> permitted
> > Nov 24 12:00:13 redhat9 named: named startup failed
>
> Looks to me like CAP_SYS_RESOURCE hasn't been enabled for some reason for
> that vserver. Please post contents of the vserver conf file.
>
> BTW, (to list in general), how do I easily find out which caps a particular
> context has?
>
> Chuck
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver