[Vserver] Problem with nice inside a vserver
I have a problem with the find cron job inside a debian vserver.
The find cron job runs the updatedb script as follows:
#! /bin/sh
#
# cron script to update the `locatedb' database.
#
# Written by Ian A. Murdock <[EMAIL PROTECTED]> and
#Kevin Dalley <[EMAIL PROTECTED]>
LOCALUSER="nobody"
export LOCALUSER
if [ -f /etc/updatedb.conf ]; then
. /etc/updatedb.conf
fi
if getent passwd $LOCALUSER > /dev/null ; then
cd / && nice -n ${NICE:-10} updatedb 2>/dev/null
# cd / && updatedb 2>/dev/null
else
echo "User $LOCALUSER does not exist."
exit 1
fi
The updatedb script tries to su to the nobody user, but this fails with
the following messages logged in /var/log/auth.log
Mar 10 14:55:02 secure su[26501]: + pts/1 root:nobody
Mar 10 14:55:02 secure su[26501]: (pam_unix) session opened for user
nobody by root(uid=0)
Mar 10 14:55:02 secure su[26501]: pam_open_session: Permission denied
If I comment in the line with the # in the above script (and comment out
the line above), things work fine (i.e. I don't get the
"pam_open_session: Permission denied" logged in the auth.log). So it
seems to be something to do with nice. Note that even if I remove the
"-n ${NICE:-10}" things still don't work.
Would enabling CAP_SYS_NICE help in this case even though a lower
priority is being set? Or is there something else causing this problem?
Cheers,
Russell Kliese
--
[Vserver] [x86_64] (AMD64) 2.6.15.4-vs2.0.2-rc10 works with FC4
Hi there, # ./testme.sh -Lv Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. chcontext 0.30.210 -- allocates/enters a security context This program is part of util-vserver 0.30.210 Copyright (C) 2004 Enrico Scholz This program is free software; you may redistribute it under the terms of the GNU General Public License. This program has absolutely no warranty. Linux 2.6.15.4-vs2.0.2-rc10 #1 Thu Mar 9 20:08:07 CET 2006 x86_64 Ea 0.30.210 236/glibc (DSa) VCI: 0002:0001 236 0366 (TbLgn) ([EMAIL PROTECTED]) (gcc-Version 4.0.2 20051125 (Red Hat 4.0.2-8)) #1 Thu Mar 9 20:08:07 CET 2006 --- [000]# chcontext true && chcontext --xid 45678 true [000]# succeeded. [001]# chcontext --xid 45678 egrep 'context|VxID' /proc/self/status [001]# succeeded. [011]# chcontext --secure --xid 45678 mknod /tmp/testme.sh.RV1163/node c 0 0 [011]# succeeded. [031]# chcontext --hostname zaphod.1160 uname -a | grep -q zaphod.1160 [031]# succeeded. [101]# chbind --ip 192.168.0.42 true [101]# succeeded. [102]# chbind --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true [102]# succeeded. [201]# chcontext --xid 45678 --flag fakeinit bash -c 'test $$ -eq 1' [201]# succeeded. [202]# chcontext --flag fakeinit bash -c 'test $$ -eq 1' [202]# succeeded. --- [L01]# chcontext --xid 45601 bash -c 'true &' [L01]# succeeded. [D01]# chcontext bash -c 'true &' [D01]# succeeded. [L02]# chcontext --xid 45602 bash -c 'true | true' [L02]# succeeded. [D02]# chcontext bash -c 'true | true' [D02]# succeeded. [L03]# chcontext --xid 45603 bash -c 'true & true' [L03]# succeeded. [D03]# chcontext bash -c 'true & true' [D03]# succeeded. [L11]# chcontext --xid 45611 bash -c 'true >/dev/null' /dev/null' /dev/null [L12]# succeeded. [D12]# chcontext bash -c 'true /dev/null [D12]# succeeded. [L21]# chcontext --xid 45621 bash -c 'bash -c "true &"&' [L21]# succeeded. [D21]# chcontext bash -c 'bash -c "true &"&' [D21]# succeeded. [L22]# chcontext --xid 45622 bash -c 'bash -c "false | true &"&' [L22]# succeeded. [D22]# chcontext bash -c 'bash -c "false | true &"&' [D22]# succeeded. [L31]# chcontext --xid 45631 bash -c 'echo `ls`' [L31]# succeeded. [D31]# chcontext bash -c 'echo `ls`' [D31]# succeeded. -- regards 'n greez, Guenther Fuchs (aka "muh" and "powerfox") ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] COW Patch: Support For chmod + chown
On Wed, Mar 08, 2006 at 10:23:52PM -0800, EKC wrote: > Hi, > > Just wondering whether or not anyone is working on getting the COW > patch to support chmod and chown operations? the CoW stuff still could use some cleanup and better error handling. AFAIK nobody is working on that right now ... > I'm thinking of using vserver to sell virtual hosting, and I don't > want to place any restrictions on the ability of clients to > transparently modify files. I also want to retain the space-saving > benefits of vhashify. So, basically, I want to have my cake and eat it > too. > > If no one is working on adding chmod and chown support to the COW > patch, how hard would it be to make such modifications? I recently > completed taking an Operating Systems class at University > (implementing virtual memory in C code, file systems, > multiprogramming, threads, etc...); I'm not sure if that qualifies me > to hack the vserver code. I'm also not familiar with the Vserver code > at all. How difficult would it be for me to add this functionality? have a look at the broken out version, it will probably help to get a feeling for the code ... > I'm also concerned about breaking my upgrade path to future versions > of vserver. if you do a nice job, I don't see much issues with getting the functionality into mainline ... > I'm currently using the vserver kernel patch at: > http://vserver.13thfloor.at/Experimental/patch-2.6.16-rc5-vs2.1.1-rc10.diff > > Should I be using a different patch? nope, that one is probably the best choice ... > Thanks in advance. > > BTW, vserver is awesome! second that :) best, Herbert > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] testme.sh on Athlon 2X 3800
On Wed, Mar 08, 2006 at 08:25:41PM -0500, Rich Estill wrote:
> Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl
> chcontext is working.
> chbind is working.
> Linux 2.6.15-1.1833_FC%{fedora}.vs2.0.2.0.rc10.1smp #1 SMP Fri Mar 3
ah, that's an interesting one %{fedora} ;)
> 10:46:47 EST 2006 x86_64
> Ea 0.30.210 236/glibc (DSa)
> VCI: 0002:0001 236 0336 (KtTbLgnP)
> ---
> [000]# succeeded.
> [001]# succeeded.
> [011]# succeeded.
> [031]# succeeded.
> [101]# succeeded.
> [102]# succeeded.
> [201]# succeeded.
> [202]# succeeded.
>
>
> Let me know if you want me to test more.
testing is always appreciated, so you can give
the testme.sh -L a try and/or play with the testfs.sh
(usually testfs.sh -tx ... )
and of course the best testing is with actual guests,
but I guess that kind of testing comes naturally :)
thanks,
Herbert
> --Rich
>
> ___
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] testme.sh on Athlon 2X 3800
Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl
chcontext is working.
chbind is working.
Linux 2.6.15-1.1833_FC%{fedora}.vs2.0.2.0.rc10.1smp #1 SMP Fri Mar 3
10:46:47 EST 2006 x86_64
Ea 0.30.210 236/glibc (DSa)
VCI: 0002:0001 236 0336 (KtTbLgnP)
---
[000]# succeeded.
[001]# succeeded.
[011]# succeeded.
[031]# succeeded.
[101]# succeeded.
[102]# succeeded.
[201]# succeeded.
[202]# succeeded.
Let me know if you want me to test more.
--Rich
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] reboot faied because of nfs
Title: Nachricht Hi litte tricky but maybe good to know! vserver xx1 mount a nfs share by scipt for backup and umout failed case not shoud happend: (already fixed) node make a rsync from this vserver xx1 and sync the mount too =>sync failed and stop because hdd is full /not so big to sync the backuphdd too so vserver xx1 can't umount anymore his mount also restart or stop from the vserver xx1 failed kill all pids => no solution only node restart fix it BRG Roman ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
