From: Luís Miguel Silva (lms_at_ispgaya.pt)
Date: Tue 06 Jan 2004 - 21:41:14 GMT
Hello all,
Today I updated my servers kernel to 2.4.24-vs1.22 and im having some
trouble when I try to stop the vserver.
root_at_leonardo-root /usr/src/installs/new-vserver# vserver srmi stop
Stopping the virtual server srmi
Server srmi is running
ipv4root is now 192.168.3.86
Can't set the new security context
: Invalid argument
sleeping 5 seconds
Killing all processes
chcontext version 0.29
chcontext [ options ] command arguments ...
chcontext allocate a new security context and executes
a command in that context.
By default, a new/unused context is allocated
--cap CAP_NAME
Add a capability from the command. This option may be
repeated several time.
See /usr/include/linux/capability.h
In general, this option is used with the --secure option
--secure removes most critical capabilities and --cap
adds specific ones.
--cap !CAP_NAME
Remove a capability from the command. This option may be
repeated several time.
See /usr/include/linux/capability.h
--ctx num
Select the context. On root in context 0 is allowed to
select a specific context.
Context number 1 is special. It can see all processes
in any contexts, but can't kill them though.
Option --ctx may be repeated several times to specify up to 16
contexts.
--disconnect
Start the command in background and make the process
a child of process 1.
--domainname new_domainname
Set the domainname (NIS) in the new security context.
Use "none" to unset the domain name.
--flag
Set one flag in the new or current security context. The following
flags are supported. The option may be used several time.
fakeinit: The new process will believe it is process number 1.
Useful to run a real /sbin/init in a vserver.
lock: The new process is trapped and can't use chcontext anymore.
sched: The new process and its children will share a common
execution priority.
nproc: Limit the number of process in the vserver according to
ulimit setting. Normally, ulimit is a per user thing.
With this flag, it becomes a per vserver thing.
private: No one can join this security context once created.
ulimit: Apply the current ulimit to the whole context
--hostname new_hostname
Set the hostname in the new security context
This is need because if you create a less privileged
security context, it may be unable to change its hostname
--secure
Remove all the capabilities to make a virtual server trustable
--silent
Do not print the allocated context number.
Information about context is found in /proc/self/status
root_at_leonardo-root /usr/src/installs/new-vserver# uname -a
Linux leonardo-root.ispgaya.pt 2.4.24-vs1.22 #1 SMP Tue Jan 6 09:52:07 WET
2004 i686 unknown unknown GNU/Linux
root_at_leonardo-root /usr/src/installs/new-vserver#
Is this the problem with vkill you mention on your site (Herbert)?
Best,
+-------------------------------------------
| Luís Miguel Silva
| Network Administrator@ ISPGaya.pt
| Rua António Rodrigues da Rocha, 291/341
| Sto. Ovídio • 4400-025 V. N. de Gaia
| Portugal
| T: +351 22 3745730/3/5 F: +351 22 3745738
| G: +351 93 6371253 E: lms_at_ispgaya.pt
| H: http://lms.ispgaya.pt/
+-------------------------------------------
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver