From: Ramiro Brito Willmersdorf (rbw_at_demec.ufpe.br)
Date: Tue 05 Oct 2004 - 14:42:22 BST
Em Mon, Oct 04, 2004 at 09:22:05PM +0200, Herbert Poetzl escreveu:
> On Mon, Oct 04, 2004 at 01:23:45PM -0300, Ramiro Brito Willmersdorf wrote:
> > Hi,
> > I need loopback mounts inside a vserver.
> > Security is probably not a concern since the root of this vserver
> > will always be the same as the the host's root (me).
> > I created the loop device loop0 and loop1, but I get
> usually providing some info about the kernel and
> patches used, maybe even the tools involved provides
> valuable information, so that is a good idea ;)
Ops, sorry about that.
Host kernel: 2.4.26 (Linus) + openwall patches + vserver 1.27
Host os: Fedora 1 (with latest updates)
Guest os: Fedora 2 (with latest updates)
> > memlock: Operation not permitted
> > When I try to do a loopback mount.
> I have no idea why losetup does lock the memory, and
> I consider it a little weird, but nevertheless the
> required capability is ..
Thanks, it was really dumb not _looking at the source_.
I used to do that, before google deformed my analytical
I tried to attach an strace log of the mount operation, but
something locks up during the trace inside the vserver, and I can't
kill the mount process, and have to reboot the system to get rid
of it, so I'm not doing it anymore...
I can do it on the host system, if you'd think it'd be useful.
> > Is there an extra capability that needs to be set?
> /* Allow locking of shared memory segments */
> /* Allow mlock and mlockall (which doesn't really have anything to do
> with IPC) */
> #define CAP_IPC_LOCK 14
Well, with this capability set, at least the problem changed :)
I also had to set CAP_SYS_ADMIN (which seems to open up _a lot of stuff_,
but, as I said above, this is not a real problem in this context).
Things are working fine now.
-- Ramiro Brito Willmersdorf rbw_at_demec.ufpe.br GPG key: http://www.demec.ufpe.br/~rbw/GPG/gpg_key.txt _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver