Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Are you still trouble with which site you can trust to buy [url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Gold[/url] safely, I'll introduce one for you, I have bought [url=http://www.gameim.com/product/RuneScape_II_gold.html]Runescape Gold[/url] many times from here, if you want to buy [url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Money[/url], trust me!!try!! -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Sorry to bump this very old thread however it's the first google result for this privilege problem so hopefully this will help somebody. I have had a pretty similar issue, in my case the root user of a non-global zone had the SYS_IPC_CONFIG_PRIVILEGE but other users did not. I've gotten around this in two ways: 1. You can use the ppriv command to set this privilege for the process that requests it (normally, you must be root to grant the privilege), e.g.: ppriv -s A+SYS_IPC_CONFIG process_pid (you could use the shell of the logged in user for example so you can start any number of processes with that privilege for one session). 2. A more permanent solution is to grant this privilege to the user so that it would always be available: usermod -K defaultpriv=basic,sys_ipc_config user_name As far as I understand the -K switch will replace current privileges with the new value so if you have any other extra privileges for the user be sure to add them! Hope this helps, cheers! -- This message posted from opensolaris.org ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Casper, the error message of the application is: Failed to set queue size (have 65536 bytes). And this is done in a "function" with the name "setTotalQSize". So, given that, I suppose that the application tries to change the number of msg_qbytes. Just to recap - the application would need the SYS_IPC_CONFIG priv, but this privilege is not available in a non-global zone. But you say, that it's not available "by default". Could I "grant" this priv to a non-global zone on Solaris 10? Best regards, Alexander 2010/4/6 : > > msgctl says this" > > EPERM The cmd argument is IPC_RMID or IPC_SET, the > {PRIV_SYS_IPC_OWNER} privilege is not asserted > in the effective set of the calling process, > and is not equal to the value of msg_perm.cuid > or msg_perm.uid in the data structure associ- > ated with msqid. > > The cmd argument is IPC_SET, an attempt is > being made to increase to the value of > msg_qbytes, and the {PRIV_SYS_IPC_CONFIG} > privilege is not asserted in the effective set > of the calling process. > > > So clearly you're trying to either change the number of > msg_qbytes or you are changing the properties of a msg queue > without being the owner. The SYS_IPC_CONFIG privileges is not > available in the zone (by default). > > Perhaps we want to use a new privilege which is save to give to a > zone (modify message queues you don't own). > > Casper > -- Alexander -- ↯ Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯ ↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77 ↯ ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
msgctl says this" EPERMThe cmd argument is IPC_RMID or IPC_SET, the {PRIV_SYS_IPC_OWNER} privilege is not asserted in the effective set of the calling process, and is not equal to the value of msg_perm.cuid or msg_perm.uid in the data structure associ- ated with msqid. The cmd argument is IPC_SET, an attempt is being made to increase to the value of msg_qbytes, and the {PRIV_SYS_IPC_CONFIG} privilege is not asserted in the effective set of the calling process. So clearly you're trying to either change the number of msg_qbytes or you are changing the properties of a msg queue without being the owner. The SYS_IPC_CONFIG privileges is not available in the zone (by default). Perhaps we want to use a new privilege which is save to give to a zone (modify message queues you don't own). Casper ___ zones-discuss mailing list zones-discuss@opensolaris.org
[zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors
Hello. I've got an application, which does a msgctl(2) call with cmd = IPC_SET. This is a server application and I try to start it using SMF; in the manifest, I've got: [...] [...] But when I try to enable this service, it fails: svc.startd could not set context for method: setppriv: Nicht Eigentümer ("Nicht Eigentümer" means "Not owner") When I enable the service without (trying to) grant the sys_ipc_config privilege, the app starts, but issues a warning: setTotalQSize: Failed to set queue size (have 65536 bytes). errno=1 'Not owner' Can I somehow grant the PRIV_SYS_IPC_CONFIG privilege to the zone, so that this works? If I undestand http://developers.sun.com/solaris/articles/zone_app_qualif.html correctly, then this priv isn't in the list of privs a NGZ can have. Is that correct? Or could I somehow grant this priv to the NGZ? Best regards, Alexander -- ↯ Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯ ↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77 ↯ ___ zones-discuss mailing list zones-discuss@opensolaris.org