About this list Date view Thread view Subject view Author view Attachment view

From: Luís Miguel Silva (lms_at_ispgaya.pt)
Date: Tue 06 Jan 2004 - 21:41:14 GMT

Hello all,

Today I updated my servers kernel to 2.4.24-vs1.22 and im having some
trouble when I try to stop the vserver.

root_at_leonardo-root /usr/src/installs/new-vserver# vserver srmi stop
Stopping the virtual server srmi
Server srmi is running
ipv4root is now
Can't set the new security context
: Invalid argument
sleeping 5 seconds
Killing all processes
chcontext version 0.29
chcontext [ options ] command arguments ...
chcontext allocate a new security context and executes
a command in that context.
By default, a new/unused context is allocated
--cap CAP_NAME
        Add a capability from the command. This option may be
        repeated several time.
        See /usr/include/linux/capability.h
        In general, this option is used with the --secure option
        --secure removes most critical capabilities and --cap
        adds specific ones.
--cap !CAP_NAME
        Remove a capability from the command. This option may be
        repeated several time.
        See /usr/include/linux/capability.h
--ctx num
        Select the context. On root in context 0 is allowed to
        select a specific context.
        Context number 1 is special. It can see all processes
        in any contexts, but can't kill them though.
        Option --ctx may be repeated several times to specify up to 16
        Start the command in background and make the process
        a child of process 1.
--domainname new_domainname
        Set the domainname (NIS) in the new security context.
        Use "none" to unset the domain name.
        Set one flag in the new or current security context. The following
        flags are supported. The option may be used several time.

        fakeinit: The new process will believe it is process number 1.
            Useful to run a real /sbin/init in a vserver.
        lock: The new process is trapped and can't use chcontext anymore.
        sched: The new process and its children will share a common
         execution priority.
        nproc: Limit the number of process in the vserver according to
         ulimit setting. Normally, ulimit is a per user thing.
         With this flag, it becomes a per vserver thing.
        private: No one can join this security context once created.
        ulimit: Apply the current ulimit to the whole context
--hostname new_hostname
        Set the hostname in the new security context
        This is need because if you create a less privileged
        security context, it may be unable to change its hostname
        Remove all the capabilities to make a virtual server trustable
        Do not print the allocated context number.

Information about context is found in /proc/self/status
root_at_leonardo-root /usr/src/installs/new-vserver# uname -a
Linux leonardo-root.ispgaya.pt 2.4.24-vs1.22 #1 SMP Tue Jan 6 09:52:07 WET
2004 i686 unknown unknown GNU/Linux
root_at_leonardo-root /usr/src/installs/new-vserver#

Is this the problem with vkill you mention on your site (Herbert)?

| Luís Miguel Silva
| Network Administrator@ ISPGaya.pt
| Rua António Rodrigues da Rocha, 291/341
| Sto. Ovídio • 4400-025 V. N. de Gaia
| Portugal
| T: +351 22 3745730/3/5 F: +351 22 3745738
| G: +351 93 6371253 E: lms_at_ispgaya.pt
| H: http://lms.ispgaya.pt/

Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 06 Jan 2004 - 21:36:31 GMT by hypermail 2.1.3