Author: arekm Date: Wed Jun 25 10:41:31 2008 GMT
Module: PLDWWW URL:
http://www.pld-linux.org/Vserver?action=diff&rev2=112&rev1=111
---- Log message:
---- Page affected: Vserver
---- Diffs:
================================================================
{{{
echo "~single_ip" >> /etc/vservers/xyz/nflags
+ }}}
+
+ === SMACK enabled kernels ===
+
+ Smack enabled kernels (in PLD default kernel >= 2.6.25) use security.SMACK64
to store some data. Unfortunately vserver by default doesn't allow to change
xattr. This can lead to problems like this:
+
+ {{{
+ # pwconv
+ Cannot set attribute security.SMACK64 for `/etc/passwd.tmpbPZiEN': Operation
not permitted
+ Error while converting `root' to shadow account.
+ }}}
+
+ There are two solutions for this. First enables setfcap capability (NOTE: it
enables in guest much more than is needed by smack so consider security
implications for that):
+
+ {{{
+ echo SETFCAP >> /etc/vservers/xyz/bcapabilities
+ }}}
+
+ Second one is disabling SMACK if not needed. This can be done by using kernel
boot command line option:
+
+ {{{
+ security=FIXME
}}}
_______________________________________________
pld-cvs-commit mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
