From: Bjoern Steinbrink (bjoern.steinbrink_at_isp4p.net)
Date: Sat 06 Mar 2004 - 02:44:01 GMT
On Sat, 2004-03-06 at 03:19, Kern Wolfgang wrote:
> Hello folks,
>
>
>
> today i have updated one of our development servers to kernel 2.4.25
> and vs-1.26 with enricos util-vserver-0.29 and have some problems.
>
> After we build up a v-child all works fine, if i would like to start
> one of the new build up v-childs it tells me only this:
>
>
>
> developmuc01:/# vserver vm1 start
>
> Starting the virtual server vm1
>
> Server vm1 is not running
>
> ipv4root is now 192.168.1.31
>
> Host name is now vm1
>
> New security context is 49159
>
> developmuc01:/#
>
>
Hmm... Had this once.... Actually something inside the vServer was
broken, but i didn't care to find out, as it was clearly my fault and
setting up a new vserver was fine...
>
> No process will be started. But, and this is if i wonder:
>
>
>
> developmuc01:/# vserver-stat
>
> CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME
> DESCRIPTION
>
> 0 34 802MB 15kB 4m32.51 1m22.41 8h26m11 root server
>
>
IIRC vserver-stat works by looking at the processes and in what context
they are running, so when no processes are started in a context,
vserver-stat won't show that context
>
> It seems like no vm1 v-child is running. But i can enter and ping this
> v-child without problems.
You can always enter a vServer, upon entering you basically just get a
bash in the context of the vServer, not matter if it is running or not.
The vServer is pingable, as the script brings up the interface (or just
adds an adress to an existing interface, don't know what's true für
0.29) upon starting the vServer. Normally that interface is brought down
when stopping the vServer but as the vServer does not start any process,
the script thinks it is already stopped. (To Enrico: Is there anything i
don't know that fixes this case?)
> So we need the output from „vserver-stat“ for our PBVSC (PHP Based
> vServer Control). If i would like to stop this v-child it tells me:
>
>
>
> developmuc01:/# vserver vm1 stop
>
> Stopping the virtual server vm1
>
> Server vm1 is not running
>
>
>
> But it’s still pingable and i can enter it… oh one thing, why only
> root can ping? ;)
>
>
> developmuc01:/# vserver vm1 enter
>
> ipv4root is now 192.168.1.31
>
> Host name is now vm1
>
> New security context is 49159
>
> root_at_vm1:/# ping 192.168.1.1
>
> ping: ping must run as root
>
The vServer 'lacks' the CAP_NET_RAW capability, actually this is a good
thing. You won't need this cap and it is a security leak as it allows
sniffing on the network interface. IIRC there was hping2 or something
that you can use instead of ping.
Björn
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver