Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
>The integrated CIFS server project made running a server >on port 445 (which CIFS uses) a privileged operation - the >process needs to have PRIV_SYS_SMB (see privileges(5)). >Samba knows how to operate with this privilege, but the >privilege is not in the default set that is considered >safe in a zone. You can adjust the zone config to get >this to work - here's an example: Unfortunately, that change was made incompatibly. Whenever you change the privilege needed for a particular operation, you generally should check for the old privilege also. PRIV_SYS_SMB is also used to allow starting the in-kernel CIFS server but the kernel should allow processes with PRIV_NET_PRIVADDR to bind to the CIFS ports. The code says: /* * NBT and SMB ports, these are extra privileged ports, * allow bind only if the SYS_SMB privilege is present. */ but clearly the NBT and SMB ports are NOT extra privileged ports as they're all < 1024. Casper ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
Wes Mauer wrote: OpenSolaris 0609. I've managed to get Samba installed in a non global zone, but it will not start. If you truss smbd, I expect that this is failing due to a missing privilege: # truss -f /usr/sfw/sbin/smbd ... 15231: so_socket(PF_INET, SOCK_STREAM, IPPROTO_IP, 0x, SOV_DEFAULT) = 1 9 15231: setsockopt(19, SOL_SOCKET, SO_REUSEADDR, 0xFFBFE86C, 4, SOV_DEFAULT) = 0 15231: bind(19, 0xFFBFE870, 16, SOV_SOCKBSD) Err#13 EACCES [sys_smb] The integrated CIFS server project made running a server on port 445 (which CIFS uses) a privileged operation - the process needs to have PRIV_SYS_SMB (see privileges(5)). Samba knows how to operate with this privilege, but the privilege is not in the default set that is considered safe in a zone. You can adjust the zone config to get this to work - here's an example: # zonecfg -z internal zonecfg:internal> info limitpriv limitpriv: default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection zonecfg:internal> set limitpriv=default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb zonecfg:internal> info limitpriv limitpriv: default,file_downgrade_sl,file_upgrade_sl,sys_trans_label,win_colormap,win_config,win_dac_read,win_dac_write,win_devices,win_fontpath,win_mac_read,win_mac_write,win_selection,sys_smb Rob T ___ zones-discuss mailing list zones-discuss@opensolaris.org
Re: [zones-discuss] Starting Samba in Open Solaris Non Global Zone
Wes
Do you have /var (or some part of the /var/samba/locks/s... tree)
mounted read only?
Trevor
Wes Mauer wrote:
OpenSolaris 0609.
I've managed to get Samba installed in a non global zone, but it will not start.
When I run svcadm enable samba, I get the following message:
r...@zone1:~# Aug 15 00:37:09 zone1 svc.startd[2938]: network/samba:default
failed: transitioned to maintenance (see 'svcs -xv' for details)
Here is the output of svcs -xv:
svc:/network/samba:default (SMB file server)
State: maintenance since Sat Aug 15 00:37:09 2009
Reason: Method failed repeatedly.
See: http://sun.com/msg/SMF-8000-8Q
See: man -M /usr/sfw/man -s 1m smbd
See: man -M /usr/sfw/man -s 4 smb.conf
See: /var/svc/log/network-samba:default.log
Impact: This service is not running.
Here is /var/svc/log/network-samba:default.log:
[ Aug 15 00:03:08 Enabled. ]
[ Aug 15 00:03:25 Executing start method ("/usr/sfw/sbin/smbd -D"). ]
[ Aug 15 00:03:29 Method "start" exited with status 0. ]
[ Aug 15 00:03:29 Stopping because all processes in service exited. ]
bd.pid`"). ]03:29 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm
kill: 3038: no such process
[ Aug 15 00:03:30 Method "stop" exited with status 1. ]
bd.pid`"). ]03:31 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm
kill: 3038: no such process
[ Aug 15 00:03:32 Method "stop" exited with status 1. ]
Any help would be greatly appreciated.
===
www.eagle.co.nz
This email is confidential and may be legally privileged.
If received in error please destroy and immediately notify us.
___
zones-discuss mailing list
zones-discuss@opensolaris.org
[zones-discuss] Starting Samba in Open Solaris Non Global Zone
OpenSolaris 0609.
I've managed to get Samba installed in a non global zone, but it will not
start.
When I run svcadm enable samba, I get the following message:
r...@zone1:~# Aug 15 00:37:09 zone1 svc.startd[2938]: network/samba:default
failed: transitioned to maintenance (see 'svcs -xv' for details)
Here is the output of svcs -xv:
svc:/network/samba:default (SMB file server)
State: maintenance since Sat Aug 15 00:37:09 2009
Reason: Method failed repeatedly.
See: http://sun.com/msg/SMF-8000-8Q
See: man -M /usr/sfw/man -s 1m smbd
See: man -M /usr/sfw/man -s 4 smb.conf
See: /var/svc/log/network-samba:default.log
Impact: This service is not running.
Here is /var/svc/log/network-samba:default.log:
[ Aug 15 00:03:08 Enabled. ]
[ Aug 15 00:03:25 Executing start method ("/usr/sfw/sbin/smbd -D"). ]
[ Aug 15 00:03:29 Method "start" exited with status 0. ]
[ Aug 15 00:03:29 Stopping because all processes in service exited. ]
bd.pid`"). ]03:29 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm
kill: 3038: no such process
[ Aug 15 00:03:30 Method "stop" exited with status 1. ]
bd.pid`"). ]03:31 Executing stop method ("/usr/bin/kill `cat /var/samba/locks/sm
kill: 3038: no such process
[ Aug 15 00:03:32 Method "stop" exited with status 1. ]
Any help would be greatly appreciated.
--
This message posted from opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org
