From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 17 Feb 2005 - 01:33:57 GMT
On Thu, Feb 17, 2005 at 02:23:53AM +0100, Christoph Kuhles wrote:
> I encountered a strange problem today on a SuSE 9.0 machine (SMP).
> After compiling util-vserver as usual and trying to start a vserver, I
> got the following error:
> New security context is XXXX
> Can't chroot to directory . (Operation not permitted)
> Debugging the problem together with Herbert, we found out that, for
> some reason, the utilities drop capabilities when they shouldn't.
> Herbert suspected this was a compiler problem and suggested I
> recompile util-vserver on another machine - and it worked indeed.
> The box this problem happened on was SuSE 9.0 as said above, with gcc
> 3.3.1 (RPM release 3.3.1-29).
additional info: how to detect this?
$ chcontext grep Cap /proc/self/status
New security context is 49152
$ chcontext --secure grep Cap /proc/self/status
New security context is 49153
if you get something different for the Cap*
lines, I would compile the tools somewhere
(btw, this happened with util-vserver 0.30)
> I might need to mention this worked fine on another SuSE 9.0 with the
> only difference being SMP - so my guess would be this is a problem
> when using SuSE's gcc to compile util-vserver on SMP machines.
> Just in case someone else should encounter this problem... The fix is
> simple: Compile util-vserver somewhere else. ;-)
> Vserver mailing list
Vserver mailing list