Re: [Vserver] nfs mount

From: Xavier Montagutelli <xavier.montagutelli_at_unilim.fr>
Date: Tue 04 Apr 2006 - 22:35:45 BST
Message-Id: <200604042335.45478.xavier.montagutelli@unilim.fr>

On Tuesday 04 April 2006 18:40, Herbert Poetzl wrote:
> On Tue, Apr 04, 2006 at 01:27:43PM +0200, Albert Shih wrote:
> > Hi all
> >
> > I want my guest (yes the guest) mount some nfs partition from my central
> > NFS server.
> >
> > When I try this I got this message
> >
> > mount: permission denied
>
> you are very likely missing the secure_mount and
> binary_mount context capabilities for your guest,
> (see http://linux-vserver.org/Caps+and+Flags)

Just to be sure (personally, I don't use NFS inside a guest), I tried that :

[root@lame1 ~]# cat /etc/vservers/esup-test/ccapabilities
BINARY_MOUNT
SECURE_MOUNT

[root@lame1 ~]# cat /proc/virtual/206/status
UseCnt: 48
Tasks: 24
Flags: 00000002020f0010
BCaps: 00000000344c04ff
CCaps: 0000000000050101
Ticks: 0

[root@lame1 ~]# vserver esup-test enter

[root@esup-test /]# mount auth:/usr/local/dataprotector /tmp/a
mount: permission denied

Ethereal shows my NFS server responding with "Status: OK". I can mount the
share, exported to '*(ro,no_root_squash,insecure)', on the host.

Are there other requisities ?

If I give the SYS_ADMIN capability, it works (but of course, I don't want
that ;-)
Even "vattribute --bcap 0xFFFFFFFF --ccap 0xFFFFFFFF" is not enough ...

[root@lame1 ~]# vserver-info
Versions:
                   Kernel: 2.6.12.4-vs2.0-redhat
                   VS-API: 0x00020001
             util-vserver: 0.30.208; Sep 20 2005, 19:04:20

The same occurs on another host :

[root@www-hote ~]# vserver-info
Versions:
                   Kernel: 2.6.14.6-vs2.1.0-www
                   VS-API: 0x00020001
             util-vserver: 0.30.210; Feb 16 2006, 11:23:06

>
> > What's wrong ?
> >
> > I've google and some message tell me that's no really good idea to do
> > this because the guest can make new /dev. But I «don't care» because I
> > need nfs (home-dir).
>
> well, that's not the problem, secure_mount will
> take care of that by adding the nodev option,
> but still, if the server goes away, your host
> will experience timeouts, so it should be a
> trusted scenario for the guests ...
>
> HTH,
> Herbert
>
> > Any one can help me ?
> >
> > Regards.
> > --
> > Albert SHIH
> > Universite de Paris 7 (Denis DIDEROT)
> > U.F.R. de Mathematiques.
> > 7 ième étage, plateau D, bureau 10
> > Heure local/Local time:
> > Tue Apr 4 13:25:36 CEST 2006
> > _______________________________________________
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

-- 
Xavier Montagutelli                      Tel : +33 (0)5 55 45 77 20
Service Commun Informatique              Fax : +33 (0)5 55 45 77 60
Universite de Limoges
123, avenue Albert Thomas
87060 Limoges cedex
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Apr 4 22:36:27 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 04 Apr 2006 - 22:36:30 BST by hypermail 2.1.8