Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Sat, May 12, 2007 at 08:20:01PM -0500, Corey Wright wrote: > On Sat, 12 May 2007 17:36:24 +0200 > Herbert Poetzl <[EMAIL PROTECTED]> wrote: > > > On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote: > > > The problem is caused by running out of space on /tmp. > > > You mount that on tmpfs, specified in fstab in the > > > vserver-config dir: > > > > > > none /tmptmpfs size=16m,mode=1777 0 0 > > > > > > If you remove or comment-out this line (or increase > > > the size), it works. > > > > nice one, tx, btw, 16MB for /tmp should be more > > than sufficient for properly written programs, > > (larger temporary files go to /var/tmp) > > i must respectfully disagree. i have never heard of such > a rule and the FHS > (http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE) > doesn't include that justification either. no, actually the FHS doesn't tell anything about large vs. small files and /tmp vs /var/tmp, except for the fact the /var/tmp must not be deleted on boot :) but it is 'common practice' that /tmp is often kept in memory and thus only provides limited space compared to ~/tmp or /var/tmp ... YMMV > and that is why i am on record as saying: > > > btw, i hate that useless default 16 MB tmpfs mount within the guests > > and removing it from /etc/vservers/guest/fstab is one of the first > > things i do upon creating a new guest. > - http://www.paul.sladen.org/vserver/archives/200702/0014.html well, the mount is not really useless, on the contrary, it can reduce the overall I/O bandwidth significantly, and thus improve system performance ... but of course, everybody is free to resize or remove it ... > when i last cared to check which directory applications used for > temporary files (to insure libpam-tmpdir, "automatic per-user > temporary directories", was effective) i only ever saw used "/tmp" > (hard-coded unfortunately), TMP, or TMPDIR and those variables do not > distinguish between maximum temporary file size. you must be using very old software ... $ mktemp /home/bertl/tmp/tmp.kNGjY29655 > i consider this the only "wart" of linux-vserver. feel free to remove it for your installations ... best, Herbert > corey > -- > [EMAIL PROTECTED] > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Sat, 12 May 2007 17:36:24 +0200 Herbert Poetzl <[EMAIL PROTECTED]> wrote: > On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote: > > The problem is caused by running out of space on /tmp. > > You mount that on tmpfs, specified in fstab in the > > vserver-config dir: > > > > none /tmptmpfs size=16m,mode=1777 0 0 > > > > If you remove or comment-out this line (or increase > > the size), it works. > > nice one, tx, btw, 16MB for /tmp should be more > than sufficient for properly written programs, > (larger temporary files go to /var/tmp) i must respectfully disagree. i have never heard of such a rule and the FHS (http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE) doesn't include that justification either. and that is why i am on record as saying: > btw, i hate that useless default 16 MB tmpfs mount within the guests and > removing it from /etc/vservers/guest/fstab is one of the first things i do > upon creating a new guest. - http://www.paul.sladen.org/vserver/archives/200702/0014.html when i last cared to check which directory applications used for temporary files (to insure libpam-tmpdir, "automatic per-user temporary directories", was effective) i only ever saw used "/tmp" (hard-coded unfortunately), TMP, or TMPDIR and those variables do not distinguish between maximum temporary file size. i consider this the only "wart" of linux-vserver. corey -- [EMAIL PROTECTED] ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Sat, May 12, 2007 at 09:13:19AM +0200, Jan Zuchhold wrote: > Hello, > > > I made a package of my guest 'gis' (about 465 MB): > > /etc/vservers/gis (config of the image) > > /vservers/gis (home of the guest images) > > > > http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2 > > ok, i've tried it. > > The problem is caused by running out of space on /tmp. > You mount that on tmpfs, specified in fstab in the > vserver-config dir: > > none /tmptmpfs size=16m,mode=1777 0 0 > > If you remove or comment-out this line (or increase > the size), it works. nice one, tx, btw, 16MB for /tmp should be more than sufficient for properly written programs, (larger temporary files go to /var/tmp) best, Herbert > Jan > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
Hello, > I made a package of my guest 'gis' (about 465 MB): > /etc/vservers/gis (config of the image) > /vservers/gis (home of the guest images) > > http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2 ok, i've tried it. The problem is caused by running out of space on /tmp. You mount that on tmpfs, specified in fstab in the vserver-config dir: none /tmptmpfs size=16m,mode=1777 0 0 If you remove or comment-out this line (or increase the size), it works. Jan pgpXCaBaYGobH.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Thu May 10 2007 09:14, Thomas Besser wrote: > Herbert Poetzl wrote: > >> Thanx for testing. I have no clue, what my problem is and no idea how to > >> resolve this. > > > > maybe you could package up your guest (maybe > > after some cleanups to preserve privacy and > > reduce size), and upload it somewhere, and > > maybe some folks who already had success with > > your installation do the same, then try each- > > others guests and see what happens ... > > I made a package of my guest 'gis' (about 465 MB): > /etc/vservers/gis (config of the image) > /vservers/gis (home of the guest images) > > http://www.archit.uni-karlsruhe.de/geoserver/vserver.tar.bz2 > > It would be great if Asier or Michael or somebody else have enough bandwith > for down-/uploading. > I can do that. Will post the url once I have moved a copy. Mike > > if the kernel/config is to blame, then your > > guest should work fine on another system and > > the other guest should fail on yours, no? > > Yepp, that should be like that ;-) > > TIA > Thomas > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > > ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
Herbert Poetzl escribió: not unexpected, giving any capabilities beyond the default set can be considered a (sometimes severe) reduction in guest security (i.e. you are handing over control to host specific parts which can be used either for DoS or in most cases direct control over host specific entities) Well... in a controlled environment -intranet server- I think it's safe. CAP_NET_BROADCAST is not critical, as it is currently unused :) Hmmm... That's why this email suggest to add a 'nodev' interface? http://www.mail-archive.com/vserver@list.linux-vserver.org/msg08832.html I've running samba guest servers and sometimes I've suffered problems related to nmbd. What is the point of the setup explained in that mail? begin:vcard fn:Asier Baranguan n:Baranguan;Asier org;quoted-printable:ELPA Gesti=C3=B3n adr;quoted-printable;dom:;;Henao 4 - 3=C2=BAA;Bilbao;Bizkaia;48009 email;internet:[EMAIL PROTECTED] title:A/P tel;work:944.23.01.66 tel;fax:944.23.01.78 x-mozilla-html:FALSE url:http://www.elpagestion.com version:2.1 end:vcard ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: Re: Re: Re: Re: Re: java crash in vserver...
On Wed, May 09, 2007 at 10:39:06AM +0200, Thomas Besser wrote: > Asier Baranguán wrote: > > > Thomas Besser escribió: > > > >>> Guest have the CAP_NET_BROADCAST and CAP_SYS_RESOURCE enabled. Perhaps > >>> you can try with other kernel. > >> > >> I tried several kernels till now. > >> > >> Whats about this CAP_SYS_RESOURCE and where/how to set it? In host or > >> guest? > > > > You must write it in the bcapabilities file under the vserver > > configuration folder. It's as simple as: > > > > root # echo CAP_SYS_RESOURCE > /etc/vservers//bcapabilities > > > > Or if you have the file, add it: > > > > root # echo CAP_SYS_RESOURCE >> /etc/vservers//bcapabilities > > > > And restart the vserver. You have some info about the capabilities and the > > meaning of this files in the linux-vserver page. > > > > http://linux-vserver.org/Capabilities_and_Flags > > > > http://linux-vserver.org/util-vserver:Capabilities_and_Flags > > Thanx, tried CAP_SYS_RESOURCE. Nothing changed. not unexpected, giving any capabilities beyond the default set can be considered a (sometimes severe) reduction in guest security (i.e. you are handing over control to host specific parts which can be used either for DoS or in most cases direct control over host specific entities) CAP_NET_BROADCAST is not critical, as it is currently unused :) best, Herbert > Regards > Thomas > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
