[Vserver] chroot barrier problem when consolidating var and etc

From: Martin Fick <mogulguy_at_yahoo.com>
Date: Fri 02 Mar 2007 - 05:53:31 GMT
Message-ID: <822445.81935.qm@web36107.mail.mud.yahoo.com>

I have run into a chroot barrier problem when
consolidating a vserver's etc and var files under the
same parent directory. When the
/etc/init.d/util-vserver script runs it sets a chroot
barrier on the parent of the vserver's var directory.
If the etc and var directories share this parent the
barrier somehow prevents the vserver from accessing
its etc files. Specifically, when starting the
verserver, I get this error:

vlimit: fstat("/etc/vservers/<server-name>/rlimits"):
Permission denied

My layout is the following:

/etc/vservers/<server-name> ->
/vservers/<server-name>/etc
/var/lib/vservers/<server-name> ->
/vservers/<server-name>/var

/vservers/<server-name>/etc
/vservers/<server-name>/var

I have seen this error reported by others who have
also symlinked their etc directory, but I have not
seen any good solution given to this problem. My
workaround has been to simply put the vserver's var
directory in a subdirectory like this instead.

/etc/vservers/<server-name> ->
/vservers/<server-name>/etc
/var/lib/vservers/<server-name> ->
/vservers/<server-name>/var

/vservers/<server-name>/etc
/vservers/<server-name>/var ->
/vservers/<server-name>/barrier/var
/vservers/<server-name>/barrier/var

I am running on debian, util-vserver 0.30.211-1,

Is this normal behavior, should I just not be doing
this? Is my workaround a security problem? Is there
potentially a simple fix that should be implemented in
the way that the standard vserver directories are
layed out to allow a setup like this to function
without my workaround?

-Martin

 
____________________________________________________________________________________
The fish are biting.
Get more visitors on your site using Yahoo! Search Marketing.
http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Mar 2 06:30:12 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 02 Mar 2007 - 06:30:17 GMT by hypermail 2.1.8