Re: [Vserver] Suddenly, no routing.

2005-10-14 Thread Herbert Poetzl 
On Thu, Oct 13, 2005 at 09:31:08PM -0700, Robin Lee Powell wrote:
 For no reason I'm aware of, I suddenly can't reach outside IPs from
 my VServer. The VServer has a non-routeable IP, but it's copied
 its interface config from the host, so its gateway is a regular
 net-routeable IP, which the VServer can't ping.

aha, why? does ping -I guest ip www.google.com fail?
if so, try the 'typical' snat command:

iptables -t nat -I POSTROUTING -s guest ip -j SNAT --to host ip

 It was working a while ago; I have no idea what's going on.

something changed :)

 I'd love tips on debugging this.  

have a look at, and/or provide a description of
your network setup including ip- and routing tables

 It seems like the VServer's gateway *should* be the host,

no, networking _is_ on the host, so the guest's
gateway _will_ be the gateway according to the
routing on the host ...

 but I can't figure out how to change it.

simple, with the 'route' and/or 'ip route' commands

 The host and VServer can reach each other just fine.

as they are one, not too unexpected ...
(see documentation/archived knowledge/networking)

best,
Herbert


 Thanks.
 
 -Robin
 
 -- 
 http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/
 Reason #237 To Learn Lojban: Homonyms: Their Grate!
 Proud Supporter of the Singularity Institute - http://singinst.org/
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Suddenly, no routing.

2005-10-14 Thread Robin Lee Powell 
On Fri, Oct 14, 2005 at 09:11:56AM +0200, Herbert Poetzl wrote:
 On Thu, Oct 13, 2005 at 09:31:08PM -0700, Robin Lee Powell wrote:
  For no reason I'm aware of, I suddenly can't reach outside IPs
  from my VServer. The VServer has a non-routeable IP, but it's
  copied its interface config from the host, so its gateway is a
  regular net-routeable IP, which the VServer can't ping.
 
 aha, why? does ping -I guest ip www.google.com fail? if so, try
 the 'typical' snat command:
 
 iptables -t nat -I POSTROUTING -s guest ip -j SNAT --to host ip

Beautiful!  Thank you.

-Robin

-- 
http://www.digitalkingdom.org/~rlpowell/ *** http://www.lojban.org/
Reason #237 To Learn Lojban: Homonyms: Their Grate!
Proud Supporter of the Singularity Institute - http://singinst.org/
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] unmount nfs with vserver

2005-10-14 Thread Herbert Poetzl 
On Fri, Oct 14, 2005 at 10:42:49AM -0600, [EMAIL PROTECTED] wrote:
 A while back I posted to the list about mounting nfs filesystem into a
 vserver. The only suggestion that I could get to work was adding the
 mount to fstab on host system.

 IE:
 cat /usr/local/etc/vservers/unixdev1/fstab
 none/proc   procdefaults0 0
 none/tmptmpfs   size=64m,mode=1777  0 0
 none/dev/ptsdevpts  gid=5,mode=620  0 0
 # added Sept 14, 2005 - common unix NFS filesystem -sig
 calnfs01.corporate.net:/nfs_unix_data /unix_data nfs hard,intr,nolock 0 0
 
 The one issue I came across was that I could not find a way to umount
 the NFS filesystem
 ssh unixdev1
 sudo umount /unix_data
 umount: /unix_data: must be superuser to umount
 umount: /unix_data: must be superuser to umount

hmm, looks like you are missing one of the
context capabilities for secure mount ...

#define VXC_SECURE_MOUNT0x0001
#define VXC_SECURE_REMOUNT  0x0002
#define VXC_BINARY_MOUNT0x0004

 I thought I would be fine with it that way but it turns out it is a
 bigger issue than I thought. Any suggestions on how to umount the NFS
 filesystem?

unmounting on the host should work quite fine ...

best,
Herbert

 I have access to host and vserver.
 thanks
 sig
 
 
 
 sudo ./vserver-testme.sh
 Linux-VServer Test [V0.13] Copyright (C) 2003-2005 H.Poetzl
 chcontext is working.
 chbind is working.
 Linux 2.6.12.4-vs2.0 i686/0.30.208/0.30.208 [Ea] (0)
 VCI:  0002:0001 273 0316
 ---
 [000]# succeeded.
 [001]# succeeded.
 [011]# succeeded.
 [031]# succeeded.
 [101]# succeeded.
 [102]# succeeded.
 [201]# succeeded.
 [202]# succeeded.
 
 sudo vserver-info
 Versions:
Kernel: 2.6.12.4-vs2.0
VS-API: 0x00020001
  util-vserver: 0.30.208; Aug 24 2005, 21:26:20
 
 Features:
CC: gcc, gcc (GCC) 3.4.3 (CRUX)
   CXX: g++, g++ (GCC) 3.4.3 (CRUX)
  CPPFLAGS: ''
CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W 
 -funit-at-a-time'
  CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W 
 -fmessage-length=0 -
 funit-at-a-time'
build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
  Use dietlibc: yes
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
 ext2fs Source: e2fsprogs
 syscall(2) invocation: alternative
   vserver(2) syscall#: 273/glibc
 
 Paths:
prefix: /usr/local
 sysconf-Directory: ${prefix}/etc
 cfg-Directory: ${prefix}/etc/vservers
  initrd-Directory: $(sysconfdir)/init.d
pkgstate-Directory: ${prefix}/var/run/vservers
 Kernelheaders: /lib/modules/2.6.12.4-vs2.0/build/include
   vserver-Rootdir: /vservers
 
 
 Assumed 'SYSINFO' as no other option given; try '--help' for more information.
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Problem pam update on centos4 et redhat es4

2005-10-14 Thread jcpetit 
Hello,

login via ssh on a vserver does not work anymore after the last new
nupdate of pam from Centos4/Redhat ES4: pam-0.77-66.11

After the user is logged on, the session dies with the following message:

Oct 14 00:00:01 sedna pam_loginuid[8627]: set_loginuid failed opening
loginuid
Oct 14 00:00:01 sedna pam_loginuid[8627]: set_loginuid failed
Oct 14 00:00:01 sedna crond[8627]: Cannot make/remove an entry for the
specified session

I found something on the redhat bug lists:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159974

It seems the new pam is using a /proc/pid/loginuid and for security
reasons, the vserver is not able to access it.

Maybe RedHat will have a solution in the near future?
I hope so, but for the moment, anybody knows how to resolve the problem
with some config (CAP ?)

regards,
Jess

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problem pam update on centos4 et redhat es4

2005-10-14 Thread Eric Jorgensen 
Hi,

This appears to be the same problem I was having a
couple of days ago:

http://list.linux-vserver.org/archive/vserver/msg11023.html

Comment out the pam_loginuid.so in /etc/pam.d/* and
I believe your problem will go away.

jorgy



--- [EMAIL PROTECTED] wrote:

 Hello,
 
 login via ssh on a vserver does not work anymore
 after the last new
 nupdate of pam from Centos4/Redhat ES4:
 pam-0.77-66.11
 
 After the user is logged on, the session dies with
 the following message:
 
 Oct 14 00:00:01 sedna pam_loginuid[8627]:
 set_loginuid failed opening
 loginuid
 Oct 14 00:00:01 sedna pam_loginuid[8627]:
 set_loginuid failed
 Oct 14 00:00:01 sedna crond[8627]: Cannot
 make/remove an entry for the
 specified session
 
 I found something on the redhat bug lists:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159974
 
 It seems the new pam is using a /proc/pid/loginuid
 and for security
 reasons, the vserver is not able to access it.
 
 Maybe RedHat will have a solution in the near
 future?
 I hope so, but for the moment, anybody knows how to
 resolve the problem
 with some config (CAP ?)
 
 regards,
 Jess
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org

http://list.linux-vserver.org/mailman/listinfo/vserver
 

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problem pam update on centos4 et redhat es4

2005-10-14 Thread jcpetit 
Thanks a lot, it now works.

have a good week-end,
Jess


 Hi,

 This appears to be the same problem I was having a
 couple of days ago:

 http://list.linux-vserver.org/archive/vserver/msg11023.html

 Comment out the pam_loginuid.so in /etc/pam.d/* and
 I believe your problem will go away.

 jorgy



 --- [EMAIL PROTECTED] wrote:

 Hello,

 login via ssh on a vserver does not work anymore
 after the last new
 nupdate of pam from Centos4/Redhat ES4:
 pam-0.77-66.11

 After the user is logged on, the session dies with
 the following message:

 Oct 14 00:00:01 sedna pam_loginuid[8627]:
 set_loginuid failed opening
 loginuid
 Oct 14 00:00:01 sedna pam_loginuid[8627]:
 set_loginuid failed
 Oct 14 00:00:01 sedna crond[8627]: Cannot
 make/remove an entry for the
 specified session

 I found something on the redhat bug lists:

 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=159974

 It seems the new pam is using a /proc/pid/loginuid
 and for security
 reasons, the vserver is not able to access it.

 Maybe RedHat will have a solution in the near
 future?
 I hope so, but for the moment, anybody knows how to
 resolve the problem
 with some config (CAP ?)

 regards,
 Jess

 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org

 http://list.linux-vserver.org/mailman/listinfo/vserver





___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

RE: [Vserver] unmount nfs with vserver

2005-10-14 Thread smagnuson 

 unmounting on the host should work quite fine ...

what would be the command(s) to unmount the vserver NFS mount through the host? 
 The nfs mount is not visible on the host.




___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Done with building guest server on FC4 and now what?

2005-10-14 Thread Steven Truong 
Hi, all. Thank all for the helps that got me to successfully build these two guest servers (FC4 and Debian Sarge).

My questions are:
1. I already got FC4 built with yum method, but then within the
guest server I could not find yum command anywhere despite having the
/etc/yum.repos.d/* in place. The guest server does not have
anything beside syslog running. I would like to set it up with
openssh, apache as the start. Btw, there is no rpm / yum commands
in the guest server, so installing from these two are not
possible. The guest server doesn't have gcc or any compilers for
that matter. I already got networking to work in the guest server.

2. So what should I do now? Go and download gcc, rpm,yum
and install them from source. Once I got these working, I could
start installing openssh and apache from rpm or yum, or I just install
these two from souces too. What are your recommendations for
these matters? Could I share anything else from the hosts?

3. Could somebody outline the steps neccessary to set up the
guest server to be useful in some services after one built it?

Thank you all for your helps.
Steven.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Done with building guest server on FC4 and now what?

2005-10-14 Thread Enrico Scholz 
[EMAIL PROTECTED] (Steven Truong) writes:

 1. I already got FC4 built with yum method, but then within the guest server
 I could not find yum command anywhere despite having the /etc/yum.repos.d/*
 in place. The guest server does not have anything beside syslog running. 
 ...
 3. Could somebody outline the steps neccessary to set up the guest server to
 be useful in some services after one built it?

It depends on the wanted functionality; for a webserver, at good start
would be

| vyum vservername -- install httpd mod_ssl



Enrico
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver