Re: [vserver] vnamespace error

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Thu 10 Dec 2009 - 13:46:51 GMT
Message-ID: <20091210134651.GD9340@MAIL.13thfloor.at>

On Thu, Dec 10, 2009 at 06:22:44PM +0530, Chaitra Gorantla wrote:
> HI Herbert Poetzl,

> I have filled the actual data to the guest rootfile system. also,
> below is the result of testme.sh script

you might want to create a debian guest (via network build)
first to check that the actual isolation system works as
expected ...

> Linux-VServer Test [V0.17] Copyright (C) 2003-2006 H.Poetzl
> chcontext is working.
> chbind is working.
> chcontext 0.30.215 -- allocates/enters a security context
> This program is part of util-vserver 0.30.215

> Copyright (C) 2004 Enrico Scholz
> This program is free software; you may redistribute it under the terms of
> the GNU General Public License. This program has absolutely no warranty.
> Linux 2.6.27.18 #5 SMP PREEMPT Thu Dec 10 14:51:50 KST 2009 mips64
> Ea 0.30.215 273/default (Sa) <v13,net,v21,v22,v23,netv2>
> VCI: 0002:0304 5236 13000fb1 (KtTbsPHIW)
> (duke4001@ltelx)
> (gcc version 4.3.2 (Wind River Linux Sourcery G++ 4.3-85)
> )
> #5 SMP PREEMPT Thu Dec 10 14:51:50 KST 2009
> ---
> --xid 49151 *********
> [000]# chcontext --xid 49151 true && chcontext --xid 45678 true
> [000]# succeeded.
> [001]# chcontext --xid 45678 egrep 'context|VxID' /proc/self/status
> [001]# succeeded.
> [011]# chcontext --secure --xid 45678 mknod /tmp/testme.sh.Vw3400/node c 0 0
> [011]# succeeded.
> [031]# chcontext --xid 49151 --hostname zaphod.3396 uname -a | grep -q zaphod.3396
> [031]# failed.
~~~~~~~~~~~~~~~~~ this is the result of the old util-vserver
not being able to create a properly isolated guest, updating
to a newer version (preferably the latest pre2864) will fix
that problem

bus as I said, updating the kernel patch would be a good
idea too (for security and stability reasons :)

best,
Herbert

> [101]# chbind --nid 49151 --ip 192.168.0.42 true
> [101]# succeeded.
> [102]# chbind --nid 49151 --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true
> [102]# succeeded.
> [201]# chcontext --xid 45678 --flag fakeinit bash -c 'test $$ -eq 1'
> [201]# succeeded.
> [202]# chcontext --xid 49151 --flag fakeinit bash -c 'test $$ -eq 1'
> [202]# succeeded.
> ---
> [L01]# chcontext --xid 45601 bash -c 'true &'
> [L01]# succeeded.
> [L02]# chcontext --xid 45602 bash -c 'true | true'
> [L02]# succeeded.
> [L03]# chcontext --xid 45603 bash -c 'true & true'
> [L03]# succeeded.
> [L11]# chcontext --xid 45611 bash -c 'true >/dev/null' </dev/zero
> [L11]# succeeded.
> [L12]# chcontext --xid 45612 bash -c 'true </dev/zero' >/dev/null
> [L12]# succeeded.
> [L21]# chcontext --xid 45621 bash -c 'bash -c "true &"&'
> [L21]# succeeded.
> [L22]# chcontext --xid 45622 bash -c 'bash -c "false | true &"&'
> [L22]# succeeded.
> [L31]# chcontext --xid 45631 bash -c 'echo `ls`'
> [L31]# succeeded.
>
>
> The vserver-info is:
>
> vserver-info
> Versions:
> Kernel: 2.6.27.18
> VS-API: 0x00020304
> util-vserver: 0.30.215; Dec 10 2009, 14:17:13
>
> Features:
> CC: /opt/WindRiver3/workspace/ebt5800-64bit_prj/host-cross/mips-wrs-linux-gnu/bin/mips-wrs-linux-gnu-mips64_octeon-glibc_cgl-gcc, mips-wrs-linux-gnu-gcc (Wind River Linux Sourcery G++ 4.3-85) 4.3.2
> CXX: g++, g++ (GCC) 3.4.6 20060404 (Red Hat 3.4.6-9)
> CPPFLAGS: ''
> CFLAGS: '-I/opt/WindRiver3/workspace/ebt5800-64bit_prj/host-cross/include/ -std=c99 -Wall -pedantic -W -funit-at-a-time'
> CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time'
> build/host: i686-pc-linux-gnu/mips-unknown-elf
> Use dietlibc: no (you have been warned)
> Build C++ programs: yes
> Build C99 programs: yes
> Available APIs: v13,net,v21,v22,v23,netv2
> ext2fs Source: e2fsprogs
> syscall(2) invocation: alternative
> vserver(2) syscall#: 273/default
> crypto api: none
>
> Paths:
> prefix: /tmp/vserver_build
> sysconf-Directory: /tmp/vserver_build/etc
> cfg-Directory: /tmp/vserver_build/etc/vservers
> initrd-Directory: $(sysconfdir)/init.d
> pkgstate-Directory: ${prefix}/var/run/vservers
> vserver-Rootdir: /pkg/vservers
>
>
> ________________________________________
> From: Herbert Poetzl [herbert@13thfloor.at]
> Sent: Thursday, December 10, 2009 5:59 PM
> To: Chaitra Gorantla
> Cc: vserver@list.linux-vserver.org
> Subject: Re: [vserver] vnamespace error
>
> On Thu, Dec 10, 2009 at 05:35:52PM +0530, Chaitra Gorantla wrote:
> > Hi,
>
> > I am working on Cavium board, with MIPS architecture.
> > Wind River Linux kernel : 2.6.27.18
> > and applied linux vserver patch-2.6.27.19-vs2.3.0.36.4.diff.
>
> you might want to update to a more recent kernel
> (at least from the 2.6.27.x range) and a more recent
> Linux-VServer patch, even if you have to stick to
> the old 2.6.27.18 (for whatever reason)
>
> > util-vserver-0.30.215 is being used.
>
> you also want to update util-vserver to a recent pre
>
> > I have built the vserver container using skeleton method.
>
> you are aware that the skeleton build method build
> a 'skeleton' (how unexpected) which cannot be started
> before you fill it with actual guest data?
>
> > when i start a vserver container,
> > I am getting the below error.
>
> > vnamespace: vc_set_namespace(): No such process
>
> > An error occured while executing the vserver startup sequence; when
> > there are no other messages, it is very likely that the init-script
> > (/etc/rc.d/rc 3) failed.
>
> > Common causes are:
> > * /etc/rc.d/rc on Fedora Core 1 and RH9 fails always; the 'apt-rpm' build
> > method knows how to deal with this, but on existing installations,
> > appending 'true' to this file will help.
>
> > Failed to start vserver 'vps2'
>
> kind of expected (except for the namespace part)
>
> > Please help me regarding this error.
>
> besides the updates mentioned above, I'd start with
> running testme.sh and reporting back the results.
>
> > Thanks in advance
>
> HTH,
> Herbert
>
> > This Email may contain confidential or privileged information for
> > the intended recipient (s) If you are not the intended recipient,
> > please do not use or disseminate the information, notify the sender
> > and delete it from your system.
> >
> > ______________________________________________________________________
>
> ______________________________________________________________________
>
> This Email may contain confidential or privileged information for
> the intended recipient (s) If you are not the intended recipient,
> please do not use or disseminate the information, notify the sender
> and delete it from your system.
>
> ______________________________________________________________________
Received on Thu Dec 10 13:47:09 2009

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 10 Dec 2009 - 13:47:11 GMT by hypermail 2.1.8