From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 13 Jan 2005 - 16:12:43 GMT
On Thu, Jan 13, 2005 at 03:27:19PM +0100, Thomas Weber wrote:
> Hi there,
> after setting up a remote box (no console access) i always lost connection
> after a vserver stop. first i thought it was a kernel crash, but then i
> figured that it was only the network interface beeing turned off.
> after finaly cloning the whole box to a local machine (ever tried to
> solve such a problem remote only without network ;) and a couple of
> hours pulling my hair (i run plenty of vservers at diffrent locations
> for quite some time) i figured that the machine didn't have the capability
> module loaded.
yep, known issue ...
> No capability module/support in kernel -> the shutdown scripts inside
> the vserver shut down all my network interfaces of the whole box.
now the question arises, why do the shutdown scripts
do that at all?
> So I think the util-vserver package should make sure that there is
> capability support in the kernel before starting the vserver or else it
> will silently run insecure vservers!
well, IMHO that is something beyond the scope of
util-vserver. why? simple, you would encounter the
same issues on a vanilla system, if you do not load
or compile in the capability stuff, similar to the
issues you will encounter if you do not compile in
support for ipv4, which clearly is _not_ something
util-vserver should take care of when starting a
new vserver ...
> this was with 2.6.9+vs1.9.3 and util-vserver 0.30.196
as beforementioned a clean vserver config should not
touch the hardware (and therefore not take down the
interfaces) regardless of the capabilities (i.e. the
admin should have cleaned them up)
> Vserver mailing list
Vserver mailing list