Hello Herbert,
Sorry for the long delay in replying again.
Here is some further info about the traceroute tool I am using on the GUEST:
root@vn:/usr/bin# dpkg --status traceroute
Package: traceroute
Status: install ok installed
Priority: important
Section: net
Installed-Size: 60
Maintainer: Graham Wilson <graham@debian.org>
Architecture: i386
Version: 1.4a12-20
Replaces: netstd
Depends: libc6 (>= 2.3.5-1)
Conflicts: suidmanager (<< 0.50)
Description: traces the route taken by packets over a TCP/IP network
The traceroute utility displays the route used by IP packets on their way
to a
specified network (or Internet) host. Traceroute displays the IP number
and
host name (if possible) of the machines along the route taken by the
packets.
Traceroute is used as a network debugging tool. If you're having network
connectivity problems, traceroute will show you where the trouble is coming
from along the route.
.
Install traceroute if you need a tool for diagnosing network connectivity
problems.
root@vn:/usr/bin#
root@vn:/usr/bin# ls -alh traceroute
lrwxrwxrwx 1 root root 28 Mar 17 00:38 traceroute ->
/etc/alternatives/traceroute
root@vn:/usr/bin# ls -alh /etc/alternatives/traceroute
lrwxrwxrwx 1 root root 23 Mar 17 00:38 /etc/alternatives/traceroute ->
/usr/bin/traceroute.lbl
root@vn:/usr/bin# ls -alh traceroute.lbl
-rwsr-xr-x 1 root root 18K Aug 30 2005 traceroute.lbl
and again that same error message:
root@vn:/usr/bin# traceroute linux-vserver.org
traceroute: raw socket: Operation not permitted
I do have the raw_icmp ccapability enabled.
Further information:
root@nevir:~# vserver-info
Versions:
Kernel: 2.6.14.4-vs2.1.0nevir
VS-API: 0x00020001
util-vserver: 0.30.209; Jan 8 2006, 12:24:41
Features:
CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease)
(Debian 4.0.2-5)
CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease)
(Debian 4.0.2-5)
CPPFLAGS: ''
CFLAGS:
'-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time'
CXXFLAGS:
'-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
build/host: i486-pc-linux-gnu/i486-pc-linux-gnu
Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: alternative
vserver(2) syscall#: 273/glibc
Paths:
prefix: /usr
sysconf-Directory: /etc
cfg-Directory: /etc/vservers
initrd-Directory: $(sysconfdir)/init.d
pkgstate-Directory: /var/run/vservers
vserver-Rootdir: /var/lib/vservers
Assumed 'SYSINFO' as no other option given; try '--help' for more
information.
root@nevir:~# uname -a
Linux nevir 2.6.14.4-vs2.1.0nevir #4 Thu Mar 16 19:43:43 EET 2006 i686
GNU/Linux
Let me know if you need any more information to troubleshoot that matter.
Thanks,
-Nikolay Kichukov
----- Original Message -----
From: "Herbert Poetzl" <herbert@13thfloor.at>
To: "Nikolay Kichukov" <hijacker@oldum.net>
Cc: <vserver@list.linux-vserver.org>
Sent: Friday, April 21, 2006 8:08 PM
Subject: Re: [Vserver] vserver traceroute
> On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote:
> > hi, the version is:
> >
> > util-vserver 0.30.209-2
> >
> > Would you suggest an upgrade to get the traceroute going? It is not so
> > important to make traceroute working. It is the idea that stays behind
> > that. ;-) To have the guest at full operational power as if it is a
> > real machine.
>
> can you provide a static binary of that traceroute tool
> for testing? it is supposed to work with ram_icmp
> capability enabled ...
>
> TIA,
> Herbert
>
> >
> > Thanks and regards,
> > -Nikolay Kichukov
> >
> >
> > ----- Original Message -----
> > From: "Herbert Poetzl" <herbert@13thfloor.at>
> > To: "Nikolay Kichukov" <hijacker@oldum.net>
> > Cc: <vserver@list.linux-vserver.org>
> > Sent: Thursday, April 20, 2006 9:43 PM
> > Subject: Re: [Vserver] vserver traceroute
> >
> >
> > > On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote:
> > > > hello,
> > > > even trying to traceroute -I is still giving that same error
message.
> > > > What could be wrong? Do I need to set some extra ccapabilities?
> > > >
> > > > Also, what does the --secure option of the vattribute do ?
> > >
> > > that really depends on the tool version, which
> > > one do you have?
> > >
> > > usually it removes most capabilites from the guest
> > >
> > > best,
> > > Herbert
> > >
> > > >
> > > > Regards,
> > > > -Nikolay Kichukov
> > > >
> > > > ----- Original Message -----
> > > > From: "Xavier Montagutelli" <xavier.montagutelli@unilim.fr>
> > > > To: <vserver@list.linux-vserver.org>
> > > > Sent: Thursday, April 20, 2006 3:33 PM
> > > > Subject: Re: [Vserver] vserver traceroute
> > > >
> > > >
> > > > > On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote:
> > > > > > Hello guys,
> > > > > > Thanks for the advice, and sorry for taking me so long to
respond.
> > > > > >
> > > > > > I tried setting:
> > > > > >
> > > > > > host# vattribute --set --xid <xid> --secure --ccap raw_icmp
> > > > > >
> > > > > > and when i try to traceroute a host I am again getting:
> > > > > >
> > > > > > traceroute: raw socket: Operation not permitted
> > > > >
> > > > > On my debian box, traceroute use by default UDP packets, not ICMP
> > packets.
> > > > >
> > > > > Try "-I icmp" to use icmp.
> > > > >
> > > > > >
> > > > > > Any further ideas?
> > > > > >
> > > > > > Another problem has now appeared:
> > > > > > When i try to ssh to the guest sshd, i am getting the following
> > error:
> > > > > >
> > > > > > fatal: chroot("/var/run/sshd"): Operation not permitted
> > > > > >
> > > > > > /var/run/sshd is rwx for root and r-x for the group and others
> > > > > >
> > > > > > Any ideas?
> > > > > >
> > > > > > Additional info:
> > > > > >
> > > > > > util-vserver 0.30.209-2 debian package
> > > > > > kernel 1.6.14.4-vs2.1.0
> > > > > >
> > > > > > On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote:
> > > > > > > Nikolay Kichukov wrote:
> > > > > > > > Hi,
> > > > > > > > Thanks for the advise,
> > > > > > > > I'd like to test that and I already have raw_icmp in the
flags
> > file
> > > > for
> > > > > > > > the vserver, but is there a way i can set that without
rebooting
> > the
> > > > > > > > vserver?
> > > > > > >
> > > > > > > It's a context capability, so you should put it in
ccapabilities
> > file.
> > > > > > >
> > > > > > > > I've searched for information about chcontext and did not
find a
> > lot
> > > > > > > > about setting those caps and flags dynamically. Is that
> > possible? If
> > > > > > > > yes, how?
> > > > > > >
> > > > > > > vattribute --set --xid <name or xid of the
guest> --secure --ccap
> > > > > > > raw_icmp (add additional --bcaps here if you have any, as
they'll
> > be
> > > > > > > reset otherwise)
> > > > > > >
> > > > > > > > Also, another question is, i have already created(built) the
> > vserver
> > > > > > > > without --context NNN, and now I would like to get the
vserver
> > > > running
> > > > > > > > only in a specified context, ie. 444. How can i implement
that?
> > > > > > >
> > > > > > > echo NNN > /etc/vservers/<name>/context
> > > > > > >
> > > > > > > http://www.nongnu.org/util-vserver/doc/conf/configuration.html
> > > > > >
> > > > > > _______________________________________________
> > > > > > Vserver mailing list
> > > > > > Vserver@list.linux-vserver.org
> > > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > > >
> > > > > --
> > > > > Xavier Montagutelli Tel : +33 (0)5 55 45 77
20
> > > > > Service Commun Informatique Fax : +33 (0)5 55 45 77
60
> > > > > Universite de Limoges
> > > > > 123, avenue Albert Thomas
> > > > > 87060 Limoges cedex
> > > > > _______________________________________________
> > > > > Vserver mailing list
> > > > > Vserver@list.linux-vserver.org
> > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > > >
> > > >
> > > > _______________________________________________
> > > > Vserver mailing list
> > > > Vserver@list.linux-vserver.org
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > >
>
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Apr 28 20:48:11 2006