[Vserver] copy-on-write after unification?

[joeytrviano]

Hello,I have trouble when unifying vservers and then trying to personalize unified filesExample:Unification of vservers vtest6 and vtest5 (vtest5 as the reference server for vtest6)I did:
Copy from vtest5 to vtest6:# vserver vtest6 build -m skeleton --hostname vtest6 --interface eth0:127.0.0.1 --interface t1=eth0:10.200.0.6 --context 6
# cp -pr vtest5/* vtest6/ Reference server declaration as described in http://linux-vserver.org/alpha+util-vserver :# mkdir -p /etc/vservers/vtest5/apps/vunify
# mkdir -p /etc/vservers/vtest6/apps/vunify # ln -s /etc/vservers/vtest6 /etc/vservers/vtest5/apps/vunify/refserver.00Unification:# /usr/lib/util-vserver/vunify vtest6It seems to work fine as files in both directories have same inode
But trying to modify unified files is not transparent and I have to manually copy, delete and rename the copy:vserver:/# vserver vtest5 entermesg: /dev/pts/1: Operation not permittedvtest5:/# ls -i /tests
508984 testfile 508985 testfile2vtest5:/# exitlogoutvserver:/# vserver vtest6 entermesg: /dev/pts/1: Operation not permittedvtest6:/# ls -i /tests508984 testfile 508985 testfile2vtest6:/# cat  /tests/testfile
bash: /tests/testfile: Permission deniedvtest6:/#Is there a way to make it automatic?And would you have any info about that mesg: /dev/pts/1: Operation not permitted occuring each time I enter a vserver?
Thanks a lotMehdi Bennani=System info:Debian 3.1 with precompiled 2.6.12lvs kernel and apt-get'ed 0.30.204 util-vserver (no vserver-debiantools because it seems not to respect new config of vserver).
vserver:/# vserver-infoVersions: Kernel: 2.6.12lvs VS-API: 0x00020001 util-vserver: 0.30.204; Dec 20 2005, 16:58:50Features: CC: gcc, gcc (GCC) 
3.3.5 (Debian 1:3.3.5-13) CXX: g++, g++ (GCC) 3.3.5 (Debian 1:3.3.5-13) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0'
 build/host: i386-pc-linux-gnu/i386-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
 ext2fs Source: e2fsprogs syscall(2) invocation: fast vserver(2) syscall#: 273/glibcPaths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers
 initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers Kernelheaders: /usr/include vserver-Rootdir: /var/lib/vservers
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Re: forcedeth module for 2.6.14-amd64-smp-vs

[Markus Neubauer]

Matvey Gladkikh schrieb:
 On 19/04/06 18:22 +0200, Eugen Leitl wrote:
   
 May be you wish to build debian kernel like a mainstream with all include?

 1. Install 2.6.14-amd64-smp kernel
 2. Download source package for 2.6.14-amd64-smp
 3. cat /boot/config.2.6.14-amd64-smp  /usr/src/2.6.14-amd64-smp/.config 
 cd /usr/src/2.6.14-amd64-smp/  patch -p1  2.6.14-vs-patch  make
 oldconfig  make menuconfig (to check modules)
   
if you want to do it manual, but use  the kpgk, you may

cd /usr/src/linux
../kernel-patches/all/apply/vserver
 4. (later I used make-kpkg --initrd kernel-image and build my own kernel
 with ONLY difference to debian kernel - vserver applied )

 I ve done this for i386 2.6.12 kernel - you can try for your one.
   
That exactly, how I do my kernels - but I want them to be as small and
simple as possible.
 It is not very good to make kernels with reduced ammount of drivers - because
 they will not be portable across different hardware.

   
Whatever module is laying around may bring a security risk, that's why I
use only few modules. A missing module can not be loaded. Some, like me,
do not need this kernel on _every_ Hardware but *only* on server
machines (btw they compile a lot quicker).


greets Markus
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] copy-on-write after unification?

[Daniel Hokka Zakrisson]

joeytrviano wrote:
And would you have any info about that mesg: /dev/pts/1: Operation not 
permitted occuring each time I enter a vserver?


Not really a problem, but recent distribution packages shouldn't have 
that, such as util-vserver from backports.org.



vserver:/# vserver-info
Versions:
   Kernel: 2.6.12lvs
   VS-API: 0x00020001


Copy-on-write is only supported by the development branch, i.e. 2.1.0 or 
2.1.1-rc18.


--
Daniel Hokka Zakrisson
GPG id: 06723412
GPG fingerprint: A455 4DF3 990A 431F FECA  7947 6136 DDA2 0672 3412
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] copy-on-write after unification?

[Herbert Poetzl]

On Wed, May 03, 2006 at 12:08:06PM +0200, Daniel Hokka Zakrisson wrote:
 joeytrviano wrote:
 And would you have any info about that mesg: /dev/pts/1: Operation not 
 permitted occuring each time I enter a vserver?
 
 Not really a problem, but recent distribution packages shouldn't have 
 that, such as util-vserver from backports.org.
 
 vserver:/# vserver-info
 Versions:
Kernel: 2.6.12lvs
VS-API: 0x00020001
 
 Copy-on-write is only supported by the development branch, i.e. 2.1.0 or 
 2.1.1-rc18.

and the hard-links have to have unification characteristics
(i.e. the immutable but unlink flag set)

best,
Herbert

 
 -- 
 Daniel Hokka Zakrisson
 GPG id: 06723412
 GPG fingerprint: A455 4DF3 990A 431F FECA  7947 6136 DDA2 0672 3412
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] how to made dummy interface for fedora core 4

[jepa kazol]

you should have created an interface in /etc/vservers/vservername/interfaces/1 . not/etc/vservers/vservername/1. On 5/3/06, jmp 
[EMAIL PROTECTED] wrote:Rebonsoir,My purpose is to have 
127.1.0.1 as localhost address on my vserver(I followed the idea ofhttp://levinux.org/?q=node/151)I v'made in /etc/vserver/vservername/1
ip 127.1.0.1dev dummy0netmask 24name vservernamedum0and/etc/modprobe.conf*options dummy numdummies=5*I try to reduce lo netmask to 255.255.255
 in/etc/sysconfig/network-scripts/ifcfg-lobut after a reboot I have always:loLink encap:Boucle localeinet adr:127.0.0.1Masque:
255.0.0.0fedora seems to ignore my change.I must restart the vserver to see dummy0 in my interfaceifconfig -adummy0Link encap:EthernetHWaddr F3:63:4C:04:7E:75UP BROADCAST RUNNING NOARPMTU:1500Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0TX packets:3 errors:0 dropped:0 overruns:0 carrier:0collisions:0 lg file transmission:0RX bytes:0 (0.0 b)TX bytes:210 (
210.0 b)dummy0:vservername du Link encap:EthernetHWaddr F3:63:4C:04:7E:75inet
adr:127.1.0.1Bcast:127.1.0.255Masque:255.255.255.0UP BROADCAST RUNNING NOARPMTU:1500Metric:1
and I can ping all 127 network except 127.0.0.1What is the recipe to make this correctly ?___Vserver mailing list
Vserver@list.linux-vserver.orghttp://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] report comparing vserver w/ xen

[Martin Fick]

That's a great paper, I enjoyed reading it.  I would
almost suggest forwarding it to the LKML, expecially
the part about dd cache spoiling.  Good benchmarks can
impact the way kernel developers think.  You never
know, with a good benchmark to show a specific
problem, you might find a fix for that dd spoiling
soon. :)

-Martin

--- Marc E. Fiuczynski [EMAIL PROTECTED] wrote:

 Hello,
 
 The following URL is for a paper that we wrote on
 Container-based Operating
 System Virtualization: A Scalable, High-performance
 alternative to
 Hypervisors.  At the performance, scale, and
 isolation level it compares
 vserver with xen.  We chose vserver simply because
 we use it on 600+ servers
 for PlanetLab (www.planet-lab.org).  The comparison
 is primarily between
 container-based OSes (like vserver, virtuozzo,
 openvz, etc.) with
 hypervisor-based systems (like xen, vmware esx,
 etc.).
 

http://www.cs.princeton.edu/~mef/research/vserver/paper.pdf
 
 The paper is in draft form at the moment, but was
 submitted to the USENIX
 Operating System Design and Implementation
 conference.  We plan to make
 updates to the paper periodically, especially to
 section 3.  You'll see what
 I mean when you read that.
 
 Please send feedback to both the list as well as to
 me directly (i.e., reply
 all).
 
 Best regards,
 Marc
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org

http://list.linux-vserver.org/mailman/listinfo/vserver
 


__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Problems compiling 2.0.2-rc18

[Gerald Hochegger]

Hi,

I'm having troubles compiling the Ubuntu dapper 2.6.15 kernel
with vserver patch 2.0.2-rc18

I'm starting with the 2.6.15-vs2.0.2-rc13 vserver patch
and use interdiff to catch up with the latest vserver 2.0.2-rc18

This has worked without bigger problems so far - but with
the latest 2.0.2-rc18 interdiff compiling fails quickly in
include/linux/sched.h 

  CHK include/linux/version.h
  UPD include/linux/version.h
  SYMLINK include/asm - include/asm-x86_64
  SPLIT   include/linux/autoconf.h - include/config/*
  CC  arch/x86_64/kernel/asm-offsets.s
In file included from arch/x86_64/kernel/asm-offsets.c:7:
include/linux/sched.h:1141: error: syntax error before '||' token
make[2]: *** [arch/x86_64/kernel/asm-offsets.s] Error 1
make[1]: *** [prepare0] Error 2
make[1]: Leaving directory
`/home/debuild/dapper/linux-vserver-2.6.15/linux-source-2.6.15-2.6.15/debian/build/linux-source-2.6.15'
make: *** [build] Error 2
debuild: fatal error at line 768:
dpkg-buildpackage failed!

The problem is the vxcapable fix in rc18

--- linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h 2006-03-20
17:34:50 +0100
+++ linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h
2006-04-28 02:00:37 +0200
@@ -97,6 +97,9 @@ 
(current-vx_info  \
(current-vx_info-vx_initpid == (n)))

+#define vx_capable(b,c) (capable(b) || \
+   ((current-euid == 0)  vx_ccaps(c)))
+


vx_capable is replaced by a macro but on my system include/linux/sched.h
still contains a function definition from the 2.6.15-vs2.0.2-rc13 patch
(maybe a problem with my interdiffs)

@@ -1105,15 +1125,28 @@ static inline int sas_ss_flags(unsigned 
 #ifdef CONFIG_SECURITY
 /* code is in security.c */
 extern int capable(int cap);
+extern int vx_capable(int cap, int ccap);
 #else
 static inline int capable(int cap)
 {
+   if (vx_check_bit(VXC_CAP_MASK, cap)  !vx_mcaps(1L  cap))
+   return 0;
if (cap_raised(current-cap_effective, cap)) {
current-flags |= PF_SUPERPRIV;
return 1;
}
return 0;
 }
+
+static inline int vx_capable(int cap, int ccap)
+{
+   if (cap_raised(current-cap_effective, cap) 
+   vx_ccaps(ccap)) {
+   current-flags |= PF_SUPERPRIV;
+   return 1;
+   }
+   return 0;
+}
 #endif


When I remove the static inline int vx_capable declaration and
definition from sched.h the kernel compiles again.

Could somebody please tell me:

 * is it ok to simply remove the
   static inline int vx_capable function from sched.h ?

 * but the patch from above to inline int capable must be kept ?

 static inline int capable(int cap)
 {
+   if (vx_check_bit(VXC_CAP_MASK, cap)  !vx_mcaps(1L  cap))
+   return 0;
if (cap_raised(current-cap_effective, cap)) {
  
 
Thanks,
Gerald

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] copy-on-write after unification?

[joeytrviano]

2006/5/3, Herbert Poetzl [EMAIL PROTECTED]:
and the hard-links have to have unification characteristics(i.e. the immutable but unlink flag set)best,HerbertDoesn't vunify set those --iunlink file attributes  on unification?
Best regards,Mehdi Bennani
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problems compiling 2.0.2-rc18

[Gerald Hochegger]

On Wed, May 03, 2006 at 05:11:28PM +0200, Gerald Hochegger wrote:
 Hi,
 
 I'm having troubles compiling the Ubuntu dapper 2.6.15 kernel
 with vserver patch 2.0.2-rc18
 
 I'm starting with the 2.6.15-vs2.0.2-rc13 vserver patch
 and use interdiff to catch up with the latest vserver 2.0.2-rc18
 
 This has worked without bigger problems so far - but with
 the latest 2.0.2-rc18 interdiff compiling fails quickly in
 include/linux/sched.h 
 
   CHK include/linux/version.h
   UPD include/linux/version.h
   SYMLINK include/asm - include/asm-x86_64
   SPLIT   include/linux/autoconf.h - include/config/*
   CC  arch/x86_64/kernel/asm-offsets.s
 In file included from arch/x86_64/kernel/asm-offsets.c:7:
 include/linux/sched.h:1141: error: syntax error before '||' token
 make[2]: *** [arch/x86_64/kernel/asm-offsets.s] Error 1
 make[1]: *** [prepare0] Error 2
 make[1]: Leaving directory
 `/home/debuild/dapper/linux-vserver-2.6.15/linux-source-2.6.15-2.6.15/debian/build/linux-source-2.6.15'
 make: *** [build] Error 2
 debuild: fatal error at line 768:
 dpkg-buildpackage failed!
 
 The problem is the vxcapable fix in rc18
 
 --- linux-2.6.16.8-vs2.0.2-rc17/include/linux/vs_base.h 2006-03-20
 17:34:50 +0100
 +++ linux-2.6.16.11-vs2.0.2-rc18/include/linux/vs_base.h
 2006-04-28 02:00:37 +0200
 @@ -97,6 +97,9 @@ 
 (current-vx_info  \
 (current-vx_info-vx_initpid == (n)))
 
 +#define vx_capable(b,c) (capable(b) || \
 +   ((current-euid == 0)  vx_ccaps(c)))
 +
 
 
 vx_capable is replaced by a macro but on my system include/linux/sched.h
 still contains a function definition from the 2.6.15-vs2.0.2-rc13 patch
 (maybe a problem with my interdiffs)
 
 @@ -1105,15 +1125,28 @@ static inline int sas_ss_flags(unsigned 
  #ifdef CONFIG_SECURITY
  /* code is in security.c */
  extern int capable(int cap);
 +extern int vx_capable(int cap, int ccap);
  #else
  static inline int capable(int cap)
  {
 +   if (vx_check_bit(VXC_CAP_MASK, cap)  !vx_mcaps(1L  cap))
 +   return 0;
 if (cap_raised(current-cap_effective, cap)) {
 current-flags |= PF_SUPERPRIV;
 return 1;
 }
 return 0;
  }
 +
 +static inline int vx_capable(int cap, int ccap)
 +{
 +   if (cap_raised(current-cap_effective, cap) 
 +   vx_ccaps(ccap)) {
 +   current-flags |= PF_SUPERPRIV;
 +   return 1;
 +   }
 +   return 0;
 +}
  #endif
 
 
 When I remove the static inline int vx_capable declaration and
 definition from sched.h the kernel compiles again.
 
 Could somebody please tell me:
 
  * is it ok to simply remove the
static inline int vx_capable function from sched.h ?
 
  * but the patch from above to inline int capable must be kept ?
 
  static inline int capable(int cap)
  {
 +   if (vx_check_bit(VXC_CAP_MASK, cap)  !vx_mcaps(1L  cap))
 +   return 0;
 if (cap_raised(current-cap_effective, cap)) {
   

Answering my own questions...

after evaluating the interdiffs it seems the problem
is the difference between kernel 2.6.15 and 2.6.16

2.6.16 has no static inline int vx_capable in sched.h
anymore and therefore I think the above suggestions about manually
applying the neccessary bits of the rc18 vx_capable patch
the 2.6.15 sched.h also - are correct.


Greeting,
Gerald

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver