From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 27 Oct 2004 - 20:50:16 BST
On Wed, Oct 27, 2004 at 11:20:52AM -0400, tad_at_oldtools.org wrote:
>
> >> When I try to start the vserver I get the following.
>
> >> Can't set the ipv4 root (Function not implemented)
>
> > that doesn't sound like a working vserver kernel,
> > let's give the testme.sh script a run please, and
> > let us know what it prints ...
> >
> > http://vserver.13thfloor.at/Stuff/testme.sh
>
> It seems as though you are correct... I have various vserver header files
> and what not in the include directory under my running kernel's module
> directory, so I believe the patch was applied cleanly and there were no
> issues with the compile. That said, the testme script fails pretty
> catastrophically. Clearly I have something very fundamentally broken. Is
> there a particular set of config variables I should check for in my kernel
> build?
> Thanks,
> Tad
>
> Here are the test results...
>
>
> [root_at_bertha root]# ./testme.sh -v
> Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl
> Can't set the new security context
> : Function not implemented
> chcontext failed!
hmm, okay .. so the kernel does not respond to the
syscall at all ...
> Can't set the ipv4 root (Function not implemented)
> chbind failed!
same for the second function (networking)
> chcontext version 0.30
> chcontext [ options ] command arguments ...
>
> chcontext allocate a new security context and executes
> a command in that context.
> By default, a new/unused context is allocated
>
> --cap CAP_NAME
> Add a capability from the command. This option may be
> repeated several time.
> See /usr/include/linux/capability.h
> In general, this option is used with the --secure option
> --secure removes most critical capabilities and --cap
> adds specific ones.
>
> --cap !CAP_NAME
> Remove a capability from the command. This option may be
> repeated several time.
> See /usr/include/linux/capability.h
>
> --ctx num
> Select the context. On root in context 0 is allowed to
> select a specific context.
> Context number 1 is special. It can see all processes
> in any contexts, but can't kill them though.
> Option --ctx may be repeated several times to specify up to 16 contexts.
> --disconnect
> Start the command in background and make the process
> a child of process 1.
> --domainname new_domainname
> Set the domainname (NIS) in the new security context.
> Use "none" to unset the domain name.
> --flag
> Set one flag in the new or current security context. The following
> flags are supported. The option may be used several time.
>
> fakeinit: The new process will believe it is process number 1.
> Useful to run a real /sbin/init in a vserver.
> lock: The new process is trapped and can't use chcontext anymore.
> sched: The new process and its children will share a common
> execution priority.
> nproc: Limit the number of process in the vserver according to
> ulimit setting. Normally, ulimit is a per user thing.
> With this flag, it becomes a per vserver thing.
> private: No one can join this security context once created.
> ulimit: Apply the current ulimit to the whole context
> --hostname new_hostname
> Set the hostname in the new security context
> This is need because if you create a less privileged
> security context, it may be unable to change its hostname
> --secure
> Remove all the capabilities to make a virtual server trustable
> --silent
> Do not print the allocated context number.
>
> Information about context is found in /proc/self/status
hmm, hmm, the tools use a different syntax?
> Linux 2.6.8.1-vs1.9.2-2 i686/0.30/0.30 [E]
hmm, (checking http://vserver.13thfloor.at/Experimental/)
there was no vs1.9.2-2 release? so what patch is that?
please try to describe what you did to get this
setup, it will probably need a few email exchanges
or a short Q&A at the irc channel to identify the
issue ...
of special interest would be:
- distribution (debian?)
- tools (version) and where are they from
- compiler, linker and libraries used to build them
- kernel configuration (especially all CONFIG_VSERVER* )
best,
Herbert
> Linux bertha.oldtools.org 2.6.8.1-vs1.9.2-2 #3 SMP Tue Oct 26 17:00:49 EDT
> 2004 i686 i686 i386 GNU/Linux
> ---
> 98bad5c5681abf9c7afbff01e718eaf3 /usr/sbin/chbind
> 15d3b8889c8fe51a03dfcc11c7c1aab8 /usr/sbin/chcontext
> 4379a40fe738f9fce5c62d0fdbb0355c /usr/sbin/vserver
> 25f14e97d84299a43ed3d63fabd2eb1f /etc/init.d/vservers
> ---
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver