About this list Date view Thread view Subject view Author view Attachment view

From: Bert De Vuyst (bert.devuyst_at_intec.UGent.be)
Date: Fri 09 Jan 2004 - 10:15:02 GMT


I think this problem is not related to the kernel, but to the vserver tools.
Running vserver tools 0.29 + patch-vserver-0.29-fix01.diff on a machine
running kernel 2.4.23-vs1.22, did give the same problem.

Bert.

On Tuesday 06 January 2004 22:41, Luís Miguel Silva wrote:
> Hello all,
>
> Today I updated my servers kernel to 2.4.24-vs1.22 and im having some
> trouble when I try to stop the vserver.
>
> root_at_leonardo-root /usr/src/installs/new-vserver# vserver srmi stop
> Stopping the virtual server srmi
> Server srmi is running
> ipv4root is now 192.168.3.86
> Can't set the new security context
>
> : Invalid argument
>
> sleeping 5 seconds
> Killing all processes
> chcontext version 0.29
> chcontext [ options ] command arguments ...
> chcontext allocate a new security context and executes
> a command in that context.
> By default, a new/unused context is allocated
> --cap CAP_NAME
> Add a capability from the command. This option may be
> repeated several time.
> See /usr/include/linux/capability.h
> In general, this option is used with the --secure option
> --secure removes most critical capabilities and --cap
> adds specific ones.
> --cap !CAP_NAME
> Remove a capability from the command. This option may be
> repeated several time.
> See /usr/include/linux/capability.h
> --ctx num
> Select the context. On root in context 0 is allowed to
> select a specific context.
> Context number 1 is special. It can see all processes
> in any contexts, but can't kill them though.
> Option --ctx may be repeated several times to specify up to 16
> contexts.
> --disconnect
> Start the command in background and make the process
> a child of process 1.
> --domainname new_domainname
> Set the domainname (NIS) in the new security context.
> Use "none" to unset the domain name.
> --flag
> Set one flag in the new or current security context. The following
> flags are supported. The option may be used several time.
>
> fakeinit: The new process will believe it is process number 1.
> Useful to run a real /sbin/init in a vserver.
> lock: The new process is trapped and can't use chcontext anymore.
> sched: The new process and its children will share a common
> execution priority.
> nproc: Limit the number of process in the vserver according to
> ulimit setting. Normally, ulimit is a per user thing.
> With this flag, it becomes a per vserver thing.
> private: No one can join this security context once created.
> ulimit: Apply the current ulimit to the whole context
> --hostname new_hostname
> Set the hostname in the new security context
> This is need because if you create a less privileged
> security context, it may be unable to change its hostname
> --secure
> Remove all the capabilities to make a virtual server trustable
> --silent
> Do not print the allocated context number.
>
> Information about context is found in /proc/self/status
> root_at_leonardo-root /usr/src/installs/new-vserver# uname -a
> Linux leonardo-root.ispgaya.pt 2.4.24-vs1.22 #1 SMP Tue Jan 6 09:52:07 WET
> 2004 i686 unknown unknown GNU/Linux
> root_at_leonardo-root /usr/src/installs/new-vserver#
>
>
> Is this the problem with vkill you mention on your site (Herbert)?
>
> Best,
> +-------------------------------------------
>
> | Luís Miguel Silva
> | Network Administrator@ ISPGaya.pt
> | Rua António Rodrigues da Rocha, 291/341
> | Sto. Ovídio • 4400-025 V. N. de Gaia
> | Portugal
> | T: +351 22 3745730/3/5 F: +351 22 3745738
> | G: +351 93 6371253 E: lms_at_ispgaya.pt
> | H: http://lms.ispgaya.pt/
>
> +-------------------------------------------
>
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 09 Jan 2004 - 10:16:38 GMT by hypermail 2.1.3