[Vserver] copy-on-write after unification?
Hello,I have trouble when unifying vservers and then trying to personalize unified filesExample:Unification of vservers vtest6 and vtest5 (vtest5 as the reference server for vtest6)I did: Copy from vtest5 to vtest6:# vserver vtest6 build -m skeleton --hostname vtest6 --interface eth0:127.0.0.1 --interface t1=eth0:10.200.0.6 --context 6 # cp -pr vtest5/* vtest6/ Reference server declaration as described in http://linux-vserver.org/alpha+util-vserver :# mkdir -p /etc/vservers/vtest5/apps/vunify # mkdir -p /etc/vservers/vtest6/apps/vunify # ln -s /etc/vservers/vtest6 /etc/vservers/vtest5/apps/vunify/refserver.00Unification:# /usr/lib/util-vserver/vunify vtest6It seems to work fine as files in both directories have same inode But trying to modify unified files is not transparent and I have to manually copy, delete and rename the copy:vserver:/# vserver vtest5 entermesg: /dev/pts/1: Operation not permittedvtest5:/# ls -i /tests 508984 testfile 508985 testfile2vtest5:/# exitlogoutvserver:/# vserver vtest6 entermesg: /dev/pts/1: Operation not permittedvtest6:/# ls -i /tests508984 testfile 508985 testfile2vtest6:/# cat /tests/testfile bash: /tests/testfile: Permission deniedvtest6:/#Is there a way to make it automatic?And would you have any info about that mesg: /dev/pts/1: Operation not permitted occuring each time I enter a vserver? Thanks a lotMehdi Bennani=System info:Debian 3.1 with precompiled 2.6.12lvs kernel and apt-get'ed 0.30.204 util-vserver (no vserver-debiantools because it seems not to respect new config of vserver). vserver:/# vserver-infoVersions: Kernel: 2.6.12lvs VS-API: 0x00020001 util-vserver: 0.30.204; Dec 20 2005, 16:58:50Features: CC: gcc, gcc (GCC) 3.3.5 (Debian 1:3.3.5-13) CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0' build/host: i386-pc-linux-gnu/i386-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: fast vserver(2) syscall#: 273/glibcPaths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers Kernelheaders: /usr/include vserver-Rootdir: /var/lib/vservers ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: forcedeth module for 2.6.14-amd64-smp-vs
Matvey Gladkikh schrieb: On 19/04/06 18:22 +0200, Eugen Leitl wrote: May be you wish to build debian kernel like a mainstream with all include? 1. Install 2.6.14-amd64-smp kernel 2. Download source package for 2.6.14-amd64-smp 3. cat /boot/config.2.6.14-amd64-smp /usr/src/2.6.14-amd64-smp/.config cd /usr/src/2.6.14-amd64-smp/ patch -p1 2.6.14-vs-patch make oldconfig make menuconfig (to check modules) if you want to do it manual, but use the kpgk, you may cd /usr/src/linux ../kernel-patches/all/apply/vserver 4. (later I used make-kpkg --initrd kernel-image and build my own kernel with ONLY difference to debian kernel - vserver applied ) I ve done this for i386 2.6.12 kernel - you can try for your one. That exactly, how I do my kernels - but I want them to be as small and simple as possible. It is not very good to make kernels with reduced ammount of drivers - because they will not be portable across different hardware. Whatever module is laying around may bring a security risk, that's why I use only few modules. A missing module can not be loaded. Some, like me, do not need this kernel on _every_ Hardware but *only* on server machines (btw they compile a lot quicker). greets Markus ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] copy-on-write after unification?
joeytrviano wrote: And would you have any info about that mesg: /dev/pts/1: Operation not permitted occuring each time I enter a vserver? Not really a problem, but recent distribution packages shouldn't have that, such as util-vserver from backports.org. vserver:/# vserver-info Versions: Kernel: 2.6.12lvs VS-API: 0x00020001 Copy-on-write is only supported by the development branch, i.e. 2.1.0 or 2.1.1-rc18. -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] copy-on-write after unification?
On Wed, May 03, 2006 at 12:08:06PM +0200, Daniel Hokka Zakrisson wrote: joeytrviano wrote: And would you have any info about that mesg: /dev/pts/1: Operation not permitted occuring each time I enter a vserver? Not really a problem, but recent distribution packages shouldn't have that, such as util-vserver from backports.org. vserver:/# vserver-info Versions: Kernel: 2.6.12lvs VS-API: 0x00020001 Copy-on-write is only supported by the development branch, i.e. 2.1.0 or 2.1.1-rc18. and the hard-links have to have unification characteristics (i.e. the immutable but unlink flag set) best, Herbert -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] how to made dummy interface for fedora core 4
you should have created an interface in /etc/vservers/vservername/interfaces/1 . not/etc/vservers/vservername/1. On 5/3/06, jmp [EMAIL PROTECTED] wrote:Rebonsoir,My purpose is to have 127.1.0.1 as localhost address on my vserver(I followed the idea ofhttp://levinux.org/?q=node/151)I v'made in /etc/vserver/vservername/1 ip 127.1.0.1dev dummy0netmask 24name vservernamedum0and/etc/modprobe.conf*options dummy numdummies=5*I try to reduce lo netmask to 255.255.255 in/etc/sysconfig/network-scripts/ifcfg-lobut after a reboot I have always:loLink encap:Boucle localeinet adr:127.0.0.1Masque: 255.0.0.0fedora seems to ignore my change.I must restart the vserver to see dummy0 in my interfaceifconfig -adummy0Link encap:EthernetHWaddr F3:63:4C:04:7E:75UP BROADCAST RUNNING NOARPMTU:1500Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:3 errors:0 dropped:0 overruns:0 carrier:0collisions:0 lg file transmission:0RX bytes:0 (0.0 b)TX bytes:210 ( 210.0 b)dummy0:vservername du Link encap:EthernetHWaddr F3:63:4C:04:7E:75inet adr:127.1.0.1Bcast:127.1.0.255Masque:255.255.255.0UP BROADCAST RUNNING NOARPMTU:1500Metric:1 and I can ping all 127 network except 127.0.0.1What is the recipe to make this correctly ?___Vserver mailing list Vserver@list.linux-vserver.orghttp://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] report comparing vserver w/ xen
That's a great paper, I enjoyed reading it. I would almost suggest forwarding it to the LKML, expecially the part about dd cache spoiling. Good benchmarks can impact the way kernel developers think. You never know, with a good benchmark to show a specific problem, you might find a fix for that dd spoiling soon. :) -Martin --- Marc E. Fiuczynski [EMAIL PROTECTED] wrote: Hello, The following URL is for a paper that we wrote on Container-based Operating System Virtualization: A Scalable, High-performance alternative to Hypervisors. At the performance, scale, and isolation level it compares vserver with xen. We chose vserver simply because we use it on 600+ servers for PlanetLab (www.planet-lab.org). The comparison is primarily between container-based OSes (like vserver, virtuozzo, openvz, etc.) with hypervisor-based systems (like xen, vmware esx, etc.). http://www.cs.princeton.edu/~mef/research/vserver/paper.pdf The paper is in draft form at the moment, but was submitted to the USENIX Operating System Design and Implementation conference. We plan to make updates to the paper periodically, especially to section 3. You'll see what I mean when you read that. Please send feedback to both the list as well as to me directly (i.e., reply all). Best regards, Marc ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Problems compiling 2.0.2-rc18
Hi, I'm having troubles compiling the Ubuntu dapper 2.6.15 kernel with vserver patch 2.0.2-rc18 I'm starting with the 2.6.15-vs2.0.2-rc13 vserver patch and use interdiff to catch up with the latest vserver 2.0.2-rc18 This has worked without bigger problems so far - but with the latest 2.0.2-rc18 interdiff compiling fails quickly in include/linux/sched.h CHK include/linux/version.h UPD include/linux/version.h SYMLINK include/asm - include/asm-x86_64 SPLIT include/linux/autoconf.h - include/config/* CC arch/x86_64/kernel/asm-offsets.s In file included from arch/x86_64/kernel/asm-offsets.c:7: include/linux/sched.h:1141: error: syntax error before '||' token make[2]: *** [arch/x86_64/kernel/asm-offsets.s] Error 1 make[1]: *** [prepare0] Error 2 make[1]: Leaving directory `/home/debuild/dapper/linux-vserver-2.6.15/linux-source-2.6.15-2.6.15/debian/build/linux-source-2.6.15' make: *** [build] Error 2 debuild: fatal error at line 768: dpkg-buildpackage failed! The problem is the vxcapable fix in rc18 --- linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h 2006-03-20 17:34:50 +0100 +++ linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h 2006-04-28 02:00:37 +0200 @@ -97,6 +97,9 @@ (current-vx_info \ (current-vx_info-vx_initpid == (n))) +#define vx_capable(b,c) (capable(b) || \ + ((current-euid == 0) vx_ccaps(c))) + vx_capable is replaced by a macro but on my system include/linux/sched.h still contains a function definition from the 2.6.15-vs2.0.2-rc13 patch (maybe a problem with my interdiffs) @@ -1105,15 +1125,28 @@ static inline int sas_ss_flags(unsigned #ifdef CONFIG_SECURITY /* code is in security.c */ extern int capable(int cap); +extern int vx_capable(int cap, int ccap); #else static inline int capable(int cap) { + if (vx_check_bit(VXC_CAP_MASK, cap) !vx_mcaps(1L cap)) + return 0; if (cap_raised(current-cap_effective, cap)) { current-flags |= PF_SUPERPRIV; return 1; } return 0; } + +static inline int vx_capable(int cap, int ccap) +{ + if (cap_raised(current-cap_effective, cap) + vx_ccaps(ccap)) { + current-flags |= PF_SUPERPRIV; + return 1; + } + return 0; +} #endif When I remove the static inline int vx_capable declaration and definition from sched.h the kernel compiles again. Could somebody please tell me: * is it ok to simply remove the static inline int vx_capable function from sched.h ? * but the patch from above to inline int capable must be kept ? static inline int capable(int cap) { + if (vx_check_bit(VXC_CAP_MASK, cap) !vx_mcaps(1L cap)) + return 0; if (cap_raised(current-cap_effective, cap)) { Thanks, Gerald ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] copy-on-write after unification?
2006/5/3, Herbert Poetzl [EMAIL PROTECTED]: and the hard-links have to have unification characteristics(i.e. the immutable but unlink flag set)best,HerbertDoesn't vunify set those --iunlink file attributes on unification? Best regards,Mehdi Bennani ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Problems compiling 2.0.2-rc18
On Wed, May 03, 2006 at 05:11:28PM +0200, Gerald Hochegger wrote: Hi, I'm having troubles compiling the Ubuntu dapper 2.6.15 kernel with vserver patch 2.0.2-rc18 I'm starting with the 2.6.15-vs2.0.2-rc13 vserver patch and use interdiff to catch up with the latest vserver 2.0.2-rc18 This has worked without bigger problems so far - but with the latest 2.0.2-rc18 interdiff compiling fails quickly in include/linux/sched.h CHK include/linux/version.h UPD include/linux/version.h SYMLINK include/asm - include/asm-x86_64 SPLIT include/linux/autoconf.h - include/config/* CC arch/x86_64/kernel/asm-offsets.s In file included from arch/x86_64/kernel/asm-offsets.c:7: include/linux/sched.h:1141: error: syntax error before '||' token make[2]: *** [arch/x86_64/kernel/asm-offsets.s] Error 1 make[1]: *** [prepare0] Error 2 make[1]: Leaving directory `/home/debuild/dapper/linux-vserver-2.6.15/linux-source-2.6.15-2.6.15/debian/build/linux-source-2.6.15' make: *** [build] Error 2 debuild: fatal error at line 768: dpkg-buildpackage failed! The problem is the vxcapable fix in rc18 --- linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h 2006-03-20 17:34:50 +0100 +++ linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h 2006-04-28 02:00:37 +0200 @@ -97,6 +97,9 @@ (current-vx_info \ (current-vx_info-vx_initpid == (n))) +#define vx_capable(b,c) (capable(b) || \ + ((current-euid == 0) vx_ccaps(c))) + vx_capable is replaced by a macro but on my system include/linux/sched.h still contains a function definition from the 2.6.15-vs2.0.2-rc13 patch (maybe a problem with my interdiffs) @@ -1105,15 +1125,28 @@ static inline int sas_ss_flags(unsigned #ifdef CONFIG_SECURITY /* code is in security.c */ extern int capable(int cap); +extern int vx_capable(int cap, int ccap); #else static inline int capable(int cap) { + if (vx_check_bit(VXC_CAP_MASK, cap) !vx_mcaps(1L cap)) + return 0; if (cap_raised(current-cap_effective, cap)) { current-flags |= PF_SUPERPRIV; return 1; } return 0; } + +static inline int vx_capable(int cap, int ccap) +{ + if (cap_raised(current-cap_effective, cap) + vx_ccaps(ccap)) { + current-flags |= PF_SUPERPRIV; + return 1; + } + return 0; +} #endif When I remove the static inline int vx_capable declaration and definition from sched.h the kernel compiles again. Could somebody please tell me: * is it ok to simply remove the static inline int vx_capable function from sched.h ? * but the patch from above to inline int capable must be kept ? static inline int capable(int cap) { + if (vx_check_bit(VXC_CAP_MASK, cap) !vx_mcaps(1L cap)) + return 0; if (cap_raised(current-cap_effective, cap)) { Answering my own questions... after evaluating the interdiffs it seems the problem is the difference between kernel 2.6.15 and 2.6.16 2.6.16 has no static inline int vx_capable in sched.h anymore and therefore I think the above suggestions about manually applying the neccessary bits of the rc18 vx_capable patch the 2.6.15 sched.h also - are correct. Greeting, Gerald ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver