Re: [Vserver] chcontext not permitted

From: Lyn St George <lyn_at_zolotek.net>
Date: Tue 06 Feb 2007 - 13:51:47 GMT
Message-ID: <0049908500.0000015S@mailserver3.zolotek.net>

On Tue, 6 Feb 2007 05:42:48 +0100, Herbert Poetzl wrote:

>On Mon, Feb 05, 2007 at 01:14:24PM +0000, Lyn St George wrote:
>> Hallo all
>>
>> I've just had a hard disk replaced with a fresh installtion of
>> CentOS4.4 and so I also built a new kernel, and for the first
>> time am getting this error:
>> chcontext: vc_new_s_context(): Operation not permitted
>> when trying to enter or stop a vserver.
>
>EPERM means that you do not have the proper
>capability (CAP_SYS_ADMIN and xid=0) or that
>the guest is running with VX_INFO_PRIVATE
>
>(probably the latter is true in your case)
>
>> Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The
>> vservers are using the legacy configs, ie a single config
>> file under /etc/vservers per vserver.
>
>this config is deprecated for a long time now
>(several years, IIRC, please upgrade that)
>
>> Tools are built with 'ALL' as the target apis.
>>
>> This host is using LVM, and while I can't see how this could
>> contribute towards this problem I can't see anything else
>> that is different from all other kernels and installations that
>> have gone without a hitch.
>
>I guess you have this one enabled:
> CONFIG_VSERVER_PRIVACY=y
>
>which is on by default, and honored with
>new tools/configs ... probably not correctly
>by the old legacy interfaces though ...
>
>> The testme.sh script shows that everything tested is OK.
>> At the moment these vservers are not working properly, ie
>> they don't start up most daemons and I have to enter them
>> with chroot and manually get things going. A 'ps ax' shows
>> all the host's processes visible inside the vserver, so plainly
>> the separation has failed.
>
>that is jumping to conclusions, as chroot will
>not change the process context, so naturally
>you will see host processess ...
>
>> Would anyone have any clues to point me to a solution?
>
>fast solution: disable the privacy
>long term solution: upgrade to the new config

In the end, it seems that it was LVM. I eventually found this
page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6
which specifically mentions that LVM needs a different
configuration. So I did that - and with the new-style config
so the LVM fix would work - and now the vservers start and
can be entered properly. They still don't stop properly, and
'ps -ax' does not show all processes, so I guess things need
to be tweaked. But at least they run.

>HTH,
>Herbert

-
Lyn

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Feb 6 15:36:04 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 06 Feb 2007 - 15:36:07 GMT by hypermail 2.1.8