On Sun, Oct 02, 2005 at 10:34:04PM -0700, Robin Lee Powell wrote:
> On Sun, Oct 02, 2005 at 09:54:54PM -0700, Robin Lee Powell wrote:
> > I'm trying to get a program called mooix running in VServer and it
> > seems to need CAP_SYS_ADMIN or CAP_SYS_RESOURCE, and I don't
> > understand why.
> >
> > The error if both are turned off is:
> >
> > Starting Mooix: moodmood: uids.c:125: reclaim: Assertion `pid != -1'
> > failed.
> >
> > Digging into the code, that line is just the assert in:
> >
> > pid = fork();
> > assert(pid != -1);
> [snip]
>
> I think I figured out the problem. mooix tries to *reduce* its
> nproc, and it was doing so to a value that (for some reason I don't
> understand) was turning out to be too small inside VServer (that is:
> 10 :-).
>
> So this problem is solved. Nevermind.
okay, good to know, btw, giving CAP_SYS_RESOURCE with
recent stable and development is probably fine
(unverified), giving CAP_SYS_ADMIN is a big, big
security hole ...
best,
Herbert
> -Robin
>
> --
> http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/
> Reason #237 To Learn Lojban: "Homonyms: Their Grate!"
> Proud Supporter of the Singularity Institute - http://singinst.org/
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Oct 3 18:26:59 2005