Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Are you still trouble with which site you can trust to buy [url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Gold[/url] safely, I'll introduce one for you, I have bought [url=http://www.gameim.com/product/RuneScape_II_gold.html]Runescape Gold[/url] many times from here, if you want to buy [url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Money[/url], trust me!!try!! -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Sorry to bump this very old thread however it's the first google result for this privilege problem so hopefully this will help somebody. I have had a pretty similar issue, in my case the root user of a non-global zone had the SYS_IPC_CONFIG_PRIVILEGE but other users did not. I've gotten around this in two ways: 1. You can use the ppriv command to set this privilege for the process that requests it (normally, you must be root to grant the privilege), e.g.: ppriv -s A+SYS_IPC_CONFIG process_pid (you could use the shell of the logged in user for example so you can start any number of processes with that privilege for one session). 2. A more permanent solution is to grant this privilege to the user so that it would always be available: usermod -K defaultpriv=basic,sys_ipc_config user_name As far as I understand the -K switch will replace current privileges with the new value so if you have any other extra privileges for the user be sure to add them! Hope this helps, cheers! -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Casper,
the error message of the application is:
Failed to set queue size (have 65536 bytes).
And this is done in a "function" with the name "setTotalQSize".
So, given that, I suppose that the application tries to change
the number of msg_qbytes.
Just to recap - the application would need the SYS_IPC_CONFIG
priv, but this privilege is not available in a non-global zone.
But you say, that it's not available "by default". Could I "grant"
this priv to a non-global zone on Solaris 10?
Best regards,
Alexander
2010/4/6 :
>
> msgctl says this"
>
> EPERM The cmd argument is IPC_RMID or IPC_SET, the
> {PRIV_SYS_IPC_OWNER} privilege is not asserted
> in the effective set of the calling process,
> and is not equal to the value of msg_perm.cuid
> or msg_perm.uid in the data structure associ-
> ated with msqid.
>
> The cmd argument is IPC_SET, an attempt is
> being made to increase to the value of
> msg_qbytes, and the {PRIV_SYS_IPC_CONFIG}
> privilege is not asserted in the effective set
> of the calling process.
>
>
> So clearly you're trying to either change the number of
> msg_qbytes or you are changing the properties of a msg queue
> without being the owner. The SYS_IPC_CONFIG privileges is not
> available in the zone (by default).
>
> Perhaps we want to use a new privilege which is save to give to a
> zone (modify message queues you don't own).
>
> Casper
>
--
Alexander
--
↯ Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯
↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77 ↯
___
zones-discuss mailing list
zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
msgctl says this"
EPERMThe cmd argument is IPC_RMID or IPC_SET, the
{PRIV_SYS_IPC_OWNER} privilege is not asserted
in the effective set of the calling process,
and is not equal to the value of msg_perm.cuid
or msg_perm.uid in the data structure associ-
ated with msqid.
The cmd argument is IPC_SET, an attempt is
being made to increase to the value of
msg_qbytes, and the {PRIV_SYS_IPC_CONFIG}
privilege is not asserted in the effective set
of the calling process.
So clearly you're trying to either change the number of
msg_qbytes or you are changing the properties of a msg queue
without being the owner. The SYS_IPC_CONFIG privileges is not
available in the zone (by default).
Perhaps we want to use a new privilege which is save to give to a
zone (modify message queues you don't own).
Casper
___
zones-discuss mailing list
zones-discuss@opensolaris.org
[zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Hello.
I've got an application, which does a msgctl(2) call with cmd = IPC_SET.
This is a server application and I try to start it using SMF; in the manifest,
I've got:
[...]
[...]
But when I try to enable this service, it fails:
svc.startd could not set context for method: setppriv: Nicht Eigentümer
("Nicht Eigentümer" means "Not owner")
When I enable the service without (trying to) grant the sys_ipc_config
privilege, the app starts, but issues a warning:
setTotalQSize: Failed to set queue size (have 65536 bytes). errno=1
'Not owner'
Can I somehow grant the PRIV_SYS_IPC_CONFIG privilege
to the zone, so that this works? If I undestand
http://developers.sun.com/solaris/articles/zone_app_qualif.html
correctly, then this priv isn't in the list of privs a NGZ can have.
Is that correct? Or could I somehow grant this priv to the NGZ?
Best regards,
Alexander
--
↯ Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯
↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77 ↯
___
zones-discuss mailing list
zones-discuss@opensolaris.org
