Re: [Vserver] Re: Nagios 2.x on a vserver. Anyone?

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Fri 11 Nov 2005 - 19:07:41 GMT
Message-ID: <20051111190741.GB30467@MAIL.13thfloor.at>

On Fri, Nov 11, 2005 at 05:49:06PM +0100, Dennis Roos wrote:
> On Fri, 2005-11-11 at 10:25 -0600, Matthew Nuzum wrote:
> > > on 2.x kernels, the raw_icmp capability replaces the
> > > insecure CAP_NET_RAW. raw_icmp is given by default
> > > on mainline util-vserver since (at least) 0.30.208
> > > (and we now have 0.30.209)
> > >
> > > > What I did to get it to work was:
> > > > * Add CAP_NET_RAW to the capabilities of the vserver (in /etc/vservers)
>
> Well, I have 5 secs before I leave the office (weekend after all!), so
> here is some info on my (working) host, if anyone needs more info, I'll
> be back on monday ;) ):
>
> vserver-info
> Versions:
> Kernel: 2.6.11.6-grsec-vs1.9.5
> VS-API: 0x00010025
> util-vserver: 0.30.196; Apr 5 2005, 16:20:45

okay, if anyhow possible, please upgrade to

        Kernel 2.6.14.1-vs2.0.1-rc1
        util-vserver 0.30.208

and no, CAP_NET_RAW should _not_ be required for ping
with vs2.x kernels (2.6 with vs2.x patch)

HTH,
Herbert

> Features:
> CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc
> (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
> CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++
> (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
> CPPFLAGS: ''
> CFLAGS: '-O2 -march=i686 -fomit-frame-pointer
> -std=c99 -Wall -pedantic -W'
> CXXFLAGS: '-O2 -march=i686 -fomit-frame-pointer -ansi
> -Wall -pedantic -W -fmessage-length=0'
> build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
> Use dietlibc: yes (0.28)
> Build C++ programs: yes
> Build C99 programs: yes
> Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
> ext2fs Source: e2fsprogs
> syscall(2) invocation: fast
> vserver(2) syscall#: 273/default
>
>
> cat /proc/virtual/82/status (Nagios host)
> UseCnt: 85
> Tasks: 38
> Flags: 0000000202000015
> BCaps: ffffffffd44c04ff
> CCaps: 0000000000000101
> Ticks: 0
>
>
>
> --
> Regards,
> Dennis Roos
>
> Network Engineer @ InTouch N.V.
> Middenweg 76
> 1097 BS Amsterdam
> Tel: +31 (0)20 6752060
> Fax: +31 (0)20 6758429
>
> -=[Assumption is the mother of all f*ckups]=-
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Nov 11 19:08:00 2005

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 11 Nov 2005 - 19:08:05 GMT by hypermail 2.1.8