Hi, since 2.6.22-1-vs2.2.0.3-rc1, clone(..., CLONE_NEWNS) fails with -EPERM. Previous kernels allowed this when the VXC_SECURE_MOUNT ccap was set:
With 2.6.21.5-vs2.2.0-rc3: | # vcontext --create -- vattribute --secure --ccap VXC_SECURE_MOUNT -- \ | vcontext --migrate-self --endsetup -- vnamespace -n /bin/sh | New security context is 49157 | sh-3.1# With 2.6.22-1-vs2.2.0.3-rc1: | # vcontext --create -- vattribute --secure --ccap VXC_SECURE_MOUNT -- \ | vcontext --migrate-self --endsetup -- vnamespace -n /bin/sh | New security context is 49163 | vnamespace: clone(): Operation not permitted strace before 'vnamespace' shows | clone(child_stack=0, flags=CLONE_VFORK|CLONE_NEWNS|SIGCHLD) = -1 EPERM (Operation not permitted) Setting all ccaps does not help. Enrico _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
