From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 06 Jul 2005 - 15:26:32 BST
On Tue, Jul 05, 2005 at 11:40:43PM -0500, Micah Anderson wrote:
> Herbert Poetzl schrieb am Wednesday, den 06. July 2005:
> > On Wed, Jul 06, 2005 at 05:35:07AM +0200, Harald Kapper wrote:
> > > On Wed, 6 Jul 2005 04:59:27 +0200, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> > >
> > > >debian sarge is broken (at least regarding linux-vserver)
> > >
> > > hi
> > > uhm - if this is so why are there not bug-reports / package-maintainers
> > > notified, etc.?
> > >
> > > anyway, would you care to share your opinion on which
> > > distro vservers aren't broken?
> > they work just fine on almost all distros including debian,
> > it's just not advised to take the debian packages for now
> > (until debian folks have fixed them)
> So that we can know, can you give an idea of what the problems are?
sure, the following stuff comes to my mind:
- vshelper async/sync call
- 32/64 bit compatibility broken/missing
- vroot device cannot be built as module
- vc_wait_exit() required for stop/reboot
synchronization is broken
- mips/ppc64/hppa/um syscall support broken
- missing support for virtual syslog
- can't compile with proc disabled
- spectator context sees ghost inits
- xfs mount option (tagxid) broken
- alpha getxpid support missing
that means no pid virtualization :)
> I am using the debian kernel patch and util-vserver packages on 4
> different machines and I haven't had any problems.
probably most/all x86 machines with a legacy config
(i.e. the 2.4 kernel + tools would work fine there, no?)
> This does not mean
> that there are no problems, but I haven't seen any and would like to
> know what might be things I could encounter (and others probably want
> to know too).
also we did a lot of cleanups and added to the debug
information, so that we can easily hunt down issues
reported by folks, but that won't work with a debian
kernel, because the information there is just outdated
> > this means:
> > - get a vanilla kernel (220.127.116.11 is current)
> > - get the linux-vserver patch (vs2.0-rc5 is current)
> Additionally, I have updated kernel-patch-vserver so that patch
> vs2.0-rc4 is working for debian kernel 2.6.11-7. I am working on
> updating the 2.6.8 patch to also work with vs2.0. The Debian 2.6.12
> kernel is coming soon (it has been held up by the gcc-4.0 transition),
> and when it is available I will update the patch to work with that
> kernel as well.
so where is the point in using a debian kernel then,
if the only effect seems to be that you have to get
the kernel from unstable, and wait a few weeks until
you do get it :)
> If you wish to be more conservative, and play with a more "stable"
> situation, with less enhancements, the Debian vserver patch works
> against kernel-source-2.4.27 (in stable, using the vserver stable
> vs1.2.10 patch).
does that mean you get the exploits from 2.4.27 too?
(see /. article "Debian struggling with security")
> > - get the most recent tools (util-vserver-0.30.207)
> The util-vserver package in debian unstable has 0.30.207 available on
> all architectures except ia64 (0.30.204-6).
yes, which would be fine, if they'd actually work ...
unfortunately it seems that they _assume_ the x86
syscall number on _all_ archs, which makes them fail
on most non x86 archs ...
(see http://linux-vserver.org/Syscall+Switch+Info for
details about the correct syscall number)
a recompile of the 0.30.207 source fixes the issue,
so to me it is a debian bug, no?
> > PS: I'm pretty sure debian folks (including maintainers)
> > will soon catch up (and fix the issues) ... nevertheless
> > feel free to submit bug reports to the debian maintainers
> > for all your issues you encounter with the sarge version.
> Please do, dont bug Bertl because the debian packages are out of date,
> report the bugs using the Debian BTS (install package reportbug and
> run it!).
> Vserver mailing list
Vserver mailing list