On Tue, 2010-03-02 at 19:00 +0100, Herbert Poetzl wrote:
> On Tue, Mar 02, 2010 at 12:02:16AM -0500, John A. Sullivan III wrote:
> > Hello, all. I'm struggling to get sshfs working in a vserver for use
> > with X2Go (www.x2go.org). I am running kernel 2.6.28.7 with
> > vs2.3.0.36.7 on CentOS 5.4 with a Debian Lenny guest.
>
> I'd suggest to try with a more recent kernel, also
> make sure that you have recent enough util-vserver
> (i.e. not 0.30.215)
>
> > I am able to mount the sshfs file system but I am not able to do an
> > fusermount -u.
> > It returns:
>
> > fusermount: failed to clone namespace: Operation not permitted
>
> strace -fF of the command in question might sched
> some light on it ...
>
> > Current ccapabilities are:
> > SECURE_MOUNT
> > SECURE_REMOUNT
> > BINARY_MOUNT
>
> > The user attempting to do the fusermount -u is a member of fuse group
> > which has rw access to /dev/fuse.
>
> > How do I get this to work?
<snip>
I tried the strace. I'm not entirely sure of what I'm looking at but I
think this is telling me the user has rights to execute the file but
then doesn't??? The ultimate error is with umount at the end:
simple1@simple1:~$ strace -fF fusermount -u /tmp/simple1_media/_home_jsullivan_
execve("/usr/bin/fusermount", ["fusermount", "-u", "/tmp/simple1_media/_home_jsulliv"...], [/* 11 vars */]) = 0
brk(0) = 0x606000
fcntl(0, F_GETFD) = 0
fcntl(1, F_GETFD) = 0
fcntl(2, F_GETFD) = 0
access("/etc/suid-debug", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9aa0449000
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9aa0447000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=108043, ...}) = 0
mmap(NULL, 108043, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f9aa042c000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\342\1\0\0\0\0\0@"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1375536, ...}) = 0
mmap(NULL, 3482232, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f9a9fedc000
mprotect(0x7f9aa0026000, 2093056, PROT_NONE) = 0
mmap(0x7f9aa0225000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x149000) = 0x7f9aa0225000
mmap(0x7f9aa022a000, 17016, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f9aa022a000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9aa042b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f9aa042a000
arch_prctl(ARCH_SET_FS, 0x7f9aa042a6e0) = 0
mprotect(0x7f9aa0225000, 12288, PROT_READ) = 0
munmap(0x7f9aa042c000, 108043) = 0
brk(0) = 0x606000
brk(0x627000) = 0x627000
getuid() = 2001
getuid() = 2001
setfsuid(2001) = 2001
getgid() = 2001
setfsgid(2001) = 2001
lstat("/tmp", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=180, ...}) = 0
lstat("/tmp/simple1_media", {st_mode=S_IFDIR|0700, st_size=60, ...}) = 0
getuid() = 2001
setfsuid(2001) = 2001
setfsgid(2001) = 2001
umask(033) = 07
geteuid() = 2001
umount("/tmp/simple1_media/_home_jsulliv"..., 0) = -1 EPERM (Operation not permitted)
write(2, "fusermount: failed to unmount /tm"..., 91fusermount: failed to unmount /tmp/simple1_media/_home_jsullivan_: Operation not permitted
) = 91
exit_group(1) = ?
umount is suid root as is mount. mount works but umount does not.
We've tried setting all of the available ccaps but with the same
results. We do not have the option right now of updating the kernel and
hence updating util-vserver. We tried and the guests would not start
with the newer utils. Any help would be greatly appreciated. Thanks -
John
Received on Thu Mar 4 23:06:19 2010