Re: [Vserver] vserver traceroute
On Sun, Apr 30, 2006 at 10:22:22PM +0300, Nikolay Kichukov wrote: hello, what i DID try to temporarily fix the problem and that did not work was: vattribute --set --xid id --ccap raw_icmp --bcap -1 something else i wanted to ask was: Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Within the guest /etc/fstab is now empty. What caused that file to be erased? somehow I lost the overview about the changes and/or the effects you observed, I'd suggest to pay a visit to the IRC channel (#vserver @ irc.oftc.net) where we should be able to track down whatever causes your issues ... HTH, Herbert Regards, -nik - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Sunday, April 30, 2006 9:21 PM Subject: Re: [Vserver] vserver traceroute On Sun, Apr 30, 2006 at 10:54:26PM +0300, Nikolay Kichukov wrote: Hello, Just upgraded to the latest development util-vserver release. However, when I try to vattribute, I am getting exactly the same behaviour. sshd is again not accepting connections. When I try to temporary fix the problem with --bcap -1, there is no update. hmm, maybe you got that wrong, what I meant was: whenever you want to set the ccaps, also add the --bcaps -1 to that command line .. to work around the bug, btw, it works quite fine here with 0.30.210 + patches HTH, Herbert /usr/local/sbin/vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.210; Apr 30 2006, 20:31:56 Features: CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1) CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Regards, -nik On Sun, 2006-04-30 at 17:03 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 02:53:20PM +0300, Nikolay Kichukov wrote: Hello Herbert, I see now. So traceroute cannot be used within a guest environment. I will try tracepath instead. One more thing I'd like to comment on is that, every time I issue: vattribute --set --xid id --ccap raw_icmp on the host, I am getting the following error on the guest when I try to ssh to it: fatal: chroot(/var/run/sshd): Operation not permitted The only way I go around that is to reboot the guest. What am I doing wrong when I am setting the --ccap ? Do I reset some default ccaps or bcaps ? I only have the ccapabilities file and it only contain raw_icmp. So is the default startup of a vserver initializing some extra flags/capabilities that are not necessarily predefined withing flags/ccapabilities/bcapabilities? there was a tool bug regarding vattribute, where you ahd to specify the bcaps when you want to change the ccaps, so you might try the following instead vattribute --set --xid id --bcaps -1 --ccap raw_icmp or update
Re: [Vserver] vserver traceroute
Hello Herbert, I already joined irc and there were people there that helped me out resolve all the pending issues. Thanks and Regards, -Nikolay Kichukov On Wed, 2006-05-10 at 14:42 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 10:22:22PM +0300, Nikolay Kichukov wrote: hello, what i DID try to temporarily fix the problem and that did not work was: vattribute --set --xid id --ccap raw_icmp --bcap -1 something else i wanted to ask was: Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Within the guest /etc/fstab is now empty. What caused that file to be erased? somehow I lost the overview about the changes and/or the effects you observed, I'd suggest to pay a visit to the IRC channel (#vserver @ irc.oftc.net) where we should be able to track down whatever causes your issues ... HTH, Herbert Regards, -nik - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Sunday, April 30, 2006 9:21 PM Subject: Re: [Vserver] vserver traceroute On Sun, Apr 30, 2006 at 10:54:26PM +0300, Nikolay Kichukov wrote: Hello, Just upgraded to the latest development util-vserver release. However, when I try to vattribute, I am getting exactly the same behaviour. sshd is again not accepting connections. When I try to temporary fix the problem with --bcap -1, there is no update. hmm, maybe you got that wrong, what I meant was: whenever you want to set the ccaps, also add the --bcaps -1 to that command line .. to work around the bug, btw, it works quite fine here with 0.30.210 + patches HTH, Herbert /usr/local/sbin/vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.210; Apr 30 2006, 20:31:56 Features: CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1) CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Regards, -nik On Sun, 2006-04-30 at 17:03 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 02:53:20PM +0300, Nikolay Kichukov wrote: Hello Herbert, I see now. So traceroute cannot be used within a guest environment. I will try tracepath instead. One more thing I'd like to comment on is that, every time I issue: vattribute --set --xid id --ccap raw_icmp on the host, I am getting the following error on the guest when I try to ssh to it: fatal: chroot(/var/run/sshd): Operation not permitted The only way I go around that is to reboot the guest. What am I doing wrong when I am setting the --ccap ? Do I reset some default ccaps or bcaps ? I only have the ccapabilities file and it only contain raw_icmp. So is the default startup of a vserver
Re: [Vserver] vserver traceroute
-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. [EMAIL PROTECTED]:~# uname -a Linux nevir 2.6.14.4-vs2.1.0nevir #4 Thu Mar 16 19:43:43 EET 2006 i686 GNU/Linux Let me know if you need any more information to troubleshoot that matter. Thanks, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Friday, April 21, 2006 8:08 PM Subject: Re: [Vserver] vserver traceroute On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote: hi, the version is: util-vserver 0.30.209-2 Would you suggest an upgrade to get the traceroute going? It is not so important to make traceroute working. It is the idea that stays behind that. ;-) To have the guest at full operational power as if it is a real machine. can you provide a static binary of that traceroute tool for testing? it is supposed to work with ram_icmp capability enabled ... TIA, Herbert Thanks and regards, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 9:43 PM Subject: Re: [Vserver] vserver traceroute On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote: hello, even trying to traceroute -I is still giving that same error message. What could be wrong? Do I need to set some extra ccapabilities? Also, what does the --secure option of the vattribute do ? that really depends on the tool version, which one do you have? usually it removes most capabilites from the guest best, Herbert Regards, -Nikolay Kichukov - Original Message - From: Xavier Montagutelli [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 3:33 PM Subject: Re: [Vserver] vserver traceroute On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: Hello guys, Thanks for the advice, and sorry for taking me so long to respond. I tried setting: host# vattribute --set --xid xid --secure --ccap raw_icmp and when i try to traceroute a host I am again getting: traceroute: raw socket: Operation not permitted On my debian box, traceroute use by default UDP packets, not ICMP packets. Try -I icmp to use icmp. Any further ideas? Another problem has now appeared: When i try to ssh to the guest sshd, i am getting the following error: fatal: chroot(/var/run/sshd): Operation not permitted /var/run/sshd is rwx for root and r-x for the group and others Any ideas? Additional info: util-vserver 0.30.209-2 debian package kernel 1.6.14.4-vs2.1.0 On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax
Re: [Vserver] vserver traceroute
-20 Replaces: netstd Depends: libc6 (= 2.3.5-1) Conflicts: suidmanager ( 0.50) Description: traces the route taken by packets over a TCP/IP network The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Traceroute displays the IP number and host name (if possible) of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having network connectivity problems, traceroute will show you where the trouble is coming from along the route. . Install traceroute if you need a tool for diagnosing network connectivity problems. [EMAIL PROTECTED]:/usr/bin# [EMAIL PROTECTED]:/usr/bin# ls -alh traceroute lrwxrwxrwx 1 root root 28 Mar 17 00:38 traceroute - /etc/alternatives/traceroute [EMAIL PROTECTED]:/usr/bin# ls -alh /etc/alternatives/traceroute lrwxrwxrwx 1 root root 23 Mar 17 00:38 /etc/alternatives/traceroute - /usr/bin/traceroute.lbl [EMAIL PROTECTED]:/usr/bin# ls -alh traceroute.lbl -rwsr-xr-x 1 root root 18K Aug 30 2005 traceroute.lbl and again that same error message: [EMAIL PROTECTED]:/usr/bin# traceroute linux-vserver.org traceroute: raw socket: Operation not permitted I do have the raw_icmp ccapability enabled. Further information: [EMAIL PROTECTED]:~# vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.209; Jan 8 2006, 12:24:41 Features: CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i486-pc-linux-gnu/i486-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. [EMAIL PROTECTED]:~# uname -a Linux nevir 2.6.14.4-vs2.1.0nevir #4 Thu Mar 16 19:43:43 EET 2006 i686 GNU/Linux Let me know if you need any more information to troubleshoot that matter. Thanks, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Friday, April 21, 2006 8:08 PM Subject: Re: [Vserver] vserver traceroute On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote: hi, the version is: util-vserver 0.30.209-2 Would you suggest an upgrade to get the traceroute going? It is not so important to make traceroute working. It is the idea that stays behind that. ;-) To have the guest at full operational power as if it is a real machine. can you provide a static binary of that traceroute tool for testing? it is supposed to work with ram_icmp capability enabled ... TIA, Herbert Thanks and regards, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 9:43 PM Subject: Re: [Vserver] vserver traceroute On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote: hello, even trying to traceroute -I is still giving that same error message. What could be wrong? Do I need to set some extra ccapabilities? Also, what does the --secure option of the vattribute do ? that really depends on the tool version, which one do you have? usually it removes most capabilites from the guest
Re: [Vserver] vserver traceroute
hello, what i DID try to temporarily fix the problem and that did not work was: vattribute --set --xid id --ccap raw_icmp --bcap -1 something else i wanted to ask was: Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Within the guest /etc/fstab is now empty. What caused that file to be erased? Regards, -nik - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Sunday, April 30, 2006 9:21 PM Subject: Re: [Vserver] vserver traceroute On Sun, Apr 30, 2006 at 10:54:26PM +0300, Nikolay Kichukov wrote: Hello, Just upgraded to the latest development util-vserver release. However, when I try to vattribute, I am getting exactly the same behaviour. sshd is again not accepting connections. When I try to temporary fix the problem with --bcap -1, there is no update. hmm, maybe you got that wrong, what I meant was: whenever you want to set the ccaps, also add the --bcaps -1 to that command line .. to work around the bug, btw, it works quite fine here with 0.30.210 + patches HTH, Herbert /usr/local/sbin/vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.210; Apr 30 2006, 20:31:56 Features: CC: gcc, gcc (GCC) 4.0.3 (Debian 4.0.3-1) CXX: g++, g++ (GCC) 4.0.3 (Debian 4.0.3-1) CPPFLAGS: '' CFLAGS: '-g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i686-pc-linux-gnu/i686-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: v13,net ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr/local sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Another point that i noticed is, that the df command is no longer listing the /dev/hdv device. The output is something like: df -ha FilesystemSize Used Avail Use% Mounted on proc 0 0 0 - /proc devpts 0 0 0 - /dev/pts What could be causing this? Regards, -nik On Sun, 2006-04-30 at 17:03 +0200, Herbert Poetzl wrote: On Sun, Apr 30, 2006 at 02:53:20PM +0300, Nikolay Kichukov wrote: Hello Herbert, I see now. So traceroute cannot be used within a guest environment. I will try tracepath instead. One more thing I'd like to comment on is that, every time I issue: vattribute --set --xid id --ccap raw_icmp on the host, I am getting the following error on the guest when I try to ssh to it: fatal: chroot(/var/run/sshd): Operation not permitted The only way I go around that is to reboot the guest. What am I doing wrong when I am setting the --ccap ? Do I reset some default ccaps or bcaps ? I only have the ccapabilities file and it only contain raw_icmp. So is the default startup of a vserver initializing some extra flags/capabilities that are not necessarily predefined withing flags/ccapabilities/bcapabilities? there was a tool bug regarding vattribute, where you ahd to specify the bcaps when you want to change the ccaps, so you might try the following instead vattribute --set --xid id --bcaps -1 --ccap raw_icmp or update to a more recent version HTH, Herbert Regards, -Nikolay Kichukov On Sat, 2006-04-29 at 19:28 +0200, Herbert Poetzl wrote: On Fri, Apr 28, 2006 at 10:47:25PM +0300, Nikolay Kichukov wrote: Hello Herbert, Sorry for the long delay in replying again. Here is some further info about the traceroute tool I am using on the GUEST: ah, obviously confused that because I do not use traceroute myself, just
Re: [Vserver] vserver traceroute
Hello Herbert, Sorry for the long delay in replying again. Here is some further info about the traceroute tool I am using on the GUEST: [EMAIL PROTECTED]:/usr/bin# dpkg --status traceroute Package: traceroute Status: install ok installed Priority: important Section: net Installed-Size: 60 Maintainer: Graham Wilson [EMAIL PROTECTED] Architecture: i386 Version: 1.4a12-20 Replaces: netstd Depends: libc6 (= 2.3.5-1) Conflicts: suidmanager ( 0.50) Description: traces the route taken by packets over a TCP/IP network The traceroute utility displays the route used by IP packets on their way to a specified network (or Internet) host. Traceroute displays the IP number and host name (if possible) of the machines along the route taken by the packets. Traceroute is used as a network debugging tool. If you're having network connectivity problems, traceroute will show you where the trouble is coming from along the route. . Install traceroute if you need a tool for diagnosing network connectivity problems. [EMAIL PROTECTED]:/usr/bin# [EMAIL PROTECTED]:/usr/bin# ls -alh traceroute lrwxrwxrwx 1 root root 28 Mar 17 00:38 traceroute - /etc/alternatives/traceroute [EMAIL PROTECTED]:/usr/bin# ls -alh /etc/alternatives/traceroute lrwxrwxrwx 1 root root 23 Mar 17 00:38 /etc/alternatives/traceroute - /usr/bin/traceroute.lbl [EMAIL PROTECTED]:/usr/bin# ls -alh traceroute.lbl -rwsr-xr-x 1 root root 18K Aug 30 2005 traceroute.lbl and again that same error message: [EMAIL PROTECTED]:/usr/bin# traceroute linux-vserver.org traceroute: raw socket: Operation not permitted I do have the raw_icmp ccapability enabled. Further information: [EMAIL PROTECTED]:~# vserver-info Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.209; Jan 8 2006, 12:24:41 Features: CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i486-pc-linux-gnu/i486-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. [EMAIL PROTECTED]:~# uname -a Linux nevir 2.6.14.4-vs2.1.0nevir #4 Thu Mar 16 19:43:43 EET 2006 i686 GNU/Linux Let me know if you need any more information to troubleshoot that matter. Thanks, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Friday, April 21, 2006 8:08 PM Subject: Re: [Vserver] vserver traceroute On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote: hi, the version is: util-vserver 0.30.209-2 Would you suggest an upgrade to get the traceroute going? It is not so important to make traceroute working. It is the idea that stays behind that. ;-) To have the guest at full operational power as if it is a real machine. can you provide a static binary of that traceroute tool for testing? it is supposed to work with ram_icmp capability enabled ... TIA, Herbert Thanks and regards, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 9:43 PM Subject: Re: [Vserver] vserver traceroute On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote: hello, even trying to traceroute -I is still giving that same error message. What could be wrong? Do I need to set some extra ccapabilities? Also, what does the --secure option of the vattribute do ? that really depends on the tool version, which one do you have? usually it removes most capabilites from the guest best, Herbert Regards, -Nikolay Kichukov - Original Message - From: Xavier Montagutelli [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 3:33 PM Subject: Re: [Vserver] vserver traceroute On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: Hello guys, Thanks for the advice, and sorry for taking me so long
Re: [Vserver] vserver traceroute
On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote: hi, the version is: util-vserver 0.30.209-2 Would you suggest an upgrade to get the traceroute going? It is not so important to make traceroute working. It is the idea that stays behind that. ;-) To have the guest at full operational power as if it is a real machine. can you provide a static binary of that traceroute tool for testing? it is supposed to work with ram_icmp capability enabled ... TIA, Herbert Thanks and regards, -Nikolay Kichukov - Original Message - From: Herbert Poetzl [EMAIL PROTECTED] To: Nikolay Kichukov [EMAIL PROTECTED] Cc: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 9:43 PM Subject: Re: [Vserver] vserver traceroute On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote: hello, even trying to traceroute -I is still giving that same error message. What could be wrong? Do I need to set some extra ccapabilities? Also, what does the --secure option of the vattribute do ? that really depends on the tool version, which one do you have? usually it removes most capabilites from the guest best, Herbert Regards, -Nikolay Kichukov - Original Message - From: Xavier Montagutelli [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 3:33 PM Subject: Re: [Vserver] vserver traceroute On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: Hello guys, Thanks for the advice, and sorry for taking me so long to respond. I tried setting: host# vattribute --set --xid xid --secure --ccap raw_icmp and when i try to traceroute a host I am again getting: traceroute: raw socket: Operation not permitted On my debian box, traceroute use by default UDP packets, not ICMP packets. Try -I icmp to use icmp. Any further ideas? Another problem has now appeared: When i try to ssh to the guest sshd, i am getting the following error: fatal: chroot(/var/run/sshd): Operation not permitted /var/run/sshd is rwx for root and r-x for the group and others Any ideas? Additional info: util-vserver 0.30.209-2 debian package kernel 1.6.14.4-vs2.1.0 On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
Hello guys, Thanks for the advice, and sorry for taking me so long to respond. I tried setting: host# vattribute --set --xid xid --secure --ccap raw_icmp and when i try to traceroute a host I am again getting: traceroute: raw socket: Operation not permitted Any further ideas? Another problem has now appeared: When i try to ssh to the guest sshd, i am getting the following error: fatal: chroot(/var/run/sshd): Operation not permitted /var/run/sshd is rwx for root and r-x for the group and others Any ideas? Additional info: util-vserver 0.30.209-2 debian package kernel 1.6.14.4-vs2.1.0 On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: Hello guys, Thanks for the advice, and sorry for taking me so long to respond. I tried setting: host# vattribute --set --xid xid --secure --ccap raw_icmp and when i try to traceroute a host I am again getting: traceroute: raw socket: Operation not permitted On my debian box, traceroute use by default UDP packets, not ICMP packets. Try -I icmp to use icmp. Any further ideas? Another problem has now appeared: When i try to ssh to the guest sshd, i am getting the following error: fatal: chroot(/var/run/sshd): Operation not permitted /var/run/sshd is rwx for root and r-x for the group and others Any ideas? Additional info: util-vserver 0.30.209-2 debian package kernel 1.6.14.4-vs2.1.0 On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
hello, even trying to traceroute -I is still giving that same error message. What could be wrong? Do I need to set some extra ccapabilities? Also, what does the --secure option of the vattribute do ? Regards, -Nikolay Kichukov - Original Message - From: Xavier Montagutelli [EMAIL PROTECTED] To: vserver@list.linux-vserver.org Sent: Thursday, April 20, 2006 3:33 PM Subject: Re: [Vserver] vserver traceroute On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: Hello guys, Thanks for the advice, and sorry for taking me so long to respond. I tried setting: host# vattribute --set --xid xid --secure --ccap raw_icmp and when i try to traceroute a host I am again getting: traceroute: raw socket: Operation not permitted On my debian box, traceroute use by default UDP packets, not ICMP packets. Try -I icmp to use icmp. Any further ideas? Another problem has now appeared: When i try to ssh to the guest sshd, i am getting the following error: fatal: chroot(/var/run/sshd): Operation not permitted /var/run/sshd is rwx for root and r-x for the group and others Any ideas? Additional info: util-vserver 0.30.209-2 debian package kernel 1.6.14.4-vs2.1.0 On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver -- Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 Service Commun Informatique Fax : +33 (0)5 55 45 77 60 Universite de Limoges 123, avenue Albert Thomas 87060 Limoges cedex ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? Thanks and regards, -Nikolay Kichukov On Tue, 2006-04-11 at 00:33 +0200, Herbert Poetzl wrote: On Tue, Apr 11, 2006 at 02:31:09AM +0300, Nikolay Kichukov wrote: Hi everybody, I am having a problem tracerouting from a guest. Here is the output: As root: traceroute 192.168.0.2 traceroute: raw socket: Operation not permitted please try with the raw_icmp context capability (http://linux-vserver.org/Caps+and+Flags) assigned to your guest, if that still fails, please let me know ... TIA, Herbert Some further information: Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.209; Jan 8 2006, 12:24:41 Features: CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i486-pc-linux-gnu/i486-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Thanks, -Nikolay Kichukov ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver traceroute
Nikolay Kichukov wrote: Hi, Thanks for the advise, I'd like to test that and I already have raw_icmp in the flags file for the vserver, but is there a way i can set that without rebooting the vserver? It's a context capability, so you should put it in ccapabilities file. I've searched for information about chcontext and did not find a lot about setting those caps and flags dynamically. Is that possible? If yes, how? vattribute --set --xid name or xid of the guest --secure --ccap raw_icmp (add additional --bcaps here if you have any, as they'll be reset otherwise) Also, another question is, i have already created(built) the vserver without --context NNN, and now I would like to get the vserver running only in a specified context, ie. 444. How can i implement that? echo NNN /etc/vservers/name/context http://www.nongnu.org/util-vserver/doc/conf/configuration.html -- Daniel Hokka Zakrisson GPG id: 06723412 GPG fingerprint: A455 4DF3 990A 431F FECA 7947 6136 DDA2 0672 3412 ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vserver traceroute
Hi everybody, I am having a problem tracerouting from a guest. Here is the output: As root: traceroute 192.168.0.2 traceroute: raw socket: Operation not permitted Some further information: Versions: Kernel: 2.6.14.4-vs2.1.0nevir VS-API: 0x00020001 util-vserver: 0.30.209; Jan 8 2006, 12:24:41 Features: CC: gcc, gcc (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CXX: g++, g++ (GCC) 4.0.3 20051201 (prerelease) (Debian 4.0.2-5) CPPFLAGS: '' CFLAGS: '-Wall -g -O2 -std=c99 -Wall -pedantic -W -funit-at-a-time' CXXFLAGS: '-g -O2 -ansi -Wall -pedantic -W -fmessage-length=0 -funit-at-a-time' build/host: i486-pc-linux-gnu/i486-pc-linux-gnu Use dietlibc: yes Build C++ programs: yes Build C99 programs: yes Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts ext2fs Source: e2fsprogs syscall(2) invocation: alternative vserver(2) syscall#: 273/glibc Paths: prefix: /usr sysconf-Directory: /etc cfg-Directory: /etc/vservers initrd-Directory: $(sysconfdir)/init.d pkgstate-Directory: /var/run/vservers vserver-Rootdir: /var/lib/vservers Assumed 'SYSINFO' as no other option given; try '--help' for more information. Thanks, -Nikolay Kichukov ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver