Re: [Vserver] interpretation of igneg_nice (Mailscanner not starting up):
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] interpretation of igneg_nice (Mailscanner not starting up)

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Mon 14 Aug 2006 - 04:36:30 BST
Message-ID: <20060814033630.GB654@MAIL.13thfloor.at>

On Fri, Aug 11, 2006 at 10:22:24AM +0200, Thorsten Büker wrote:
> Dear all,
>
> The daemon mailscanner (http://www.mailscanner.info/) is not starting up
> during the boot process of a vserver using the original script inside
> vserver's /etc/init.d/, linked from /etc/rc2.d for sure ;-)
>
> Changing the relevant lines from
>
> /usr/bin/nice -$run_nice start-stop-daemon --start --quiet \
>
> --exec $DAEMON >/dev/null 2>&1
>
> to
>
> start-stop-daemon --start --quiet --nicelevel $run_nice \
> --exec $DAEMON >/dev/null 2>&1
>
> at least fixes the problem during the startup of the vserver. But as
> Mailscanner uses to restart itself periodically, it stops running at
> this moment.
>
> I don't prefer to fix all calls as shown above to stay compatible with
> future updates. Google led me to these pages:
>
> -> http://www.tgunkel.de/it/software/doc/linux_server
> -> http://linux-vserver.org/linux-vserver_administrators_guide
> -> http://linux-vserver.org/Caps+and+Flags
>
> I tried the line "IGNEG_NICE" in /etc/vservers/mail/flags as well as the
> line "CAP_SYS_NICE" in /etc/vserver/mail/bcapabilities. But both options
> didn't lead to success, yet. Has anybody an idea? Btw, we are talking
> about 2.6.17.7-grsec2.1.9-vs2.0.2-rc26.

well, either grsec is blocking you here, or you are
doing something wrong, here is a test for 2.0.x and
2.1.x to verify that feature:

2.0.x:

 NOCAPS="vcmd -i -1 -BC set_ccaps_v0 bcaps=0 --"
 ENDINI="vcmd -i -1 -BC set_cflags .mask=^32 --"

 vcmd -i 42 -BC ctx_create .flagword=^34^32^8 -- $NOCAPS $ENDINI renice -10 $$

        renice: 20: setpriority: Permission denied

 vcmd -i 42 -BC ctx_create .flagword=^52^34^32^8 -- $NOCAPS $ENDINI renice -10 $$

        20: old priority 0, new priority 0
                ~~~~~~~~~~~~~~~~~~~~~~~~~~

as you can see, the priority raise was _simply_ ignored

and for 2.1.x you simply use:

 NOCAPS="vcmd -i -1 -BC set_bcaps .bmask=~0 --"

instead of the above, with the same vcmd commands ...

vcmd is a hack tool, designed for testing the vserver API,
you can find it here:

 http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.04.tar.bz2

HTH,
Herbert

> kind regards, thanks in advance,
> Thorsten
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Aug 14 04:36:53 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 14 Aug 2006 - 04:37:00 BST by hypermail 2.1.8