Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors

2011-06-22 Thread marria 
Are you still trouble with which site you can trust to buy 
[url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Gold[/url] safely, 
I'll introduce one 

for you, I have bought 
[url=http://www.gameim.com/product/RuneScape_II_gold.html]Runescape Gold[/url] 
many times from here, if you want to buy 

[url=http://www.gameim.com/product/RuneScape_II_gold.html]RS Money[/url], trust 
me!!try!!
-- 
This message posted from opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors

2011-05-20 Thread Stefan Constantin 
Sorry to bump this very old thread however it's the first google result for 
this privilege problem so hopefully this will help somebody.

I have had a pretty similar issue, in my case the root user of a non-global 
zone had the SYS_IPC_CONFIG_PRIVILEGE but other users did not.

I've gotten around this in two ways:
1. You can use the ppriv command to set this privilege for the process that 
requests it (normally, you must be root to grant the privilege), e.g.:
ppriv -s A+SYS_IPC_CONFIG process_pid (you could use the shell of the logged in 
user for example so you can start any number of processes with that privilege 
for one session).

2. A more permanent solution is to grant this privilege to the user so that it 
would always be available:
usermod -K defaultpriv=basic,sys_ipc_config user_name
As far as I understand the -K switch will replace current privileges with the 
new value so if you have any other extra privileges for the user be sure to add 
them!

Hope this helps, cheers!
-- 
This message posted from opensolaris.org
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors

2010-04-06 Thread Casper . Dik 

msgctl says this

EPERMThe cmd argument is IPC_RMID  or  IPC_SET,  the
  {PRIV_SYS_IPC_OWNER}  privilege is not asserted
  in the effective set of  the  calling  process,
  and  is not equal to the value of msg_perm.cuid
  or msg_perm.uid in the data  structure  associ-
  ated with msqid.

  The cmd argument  is  IPC_SET,  an  attempt  is
  being   made   to  increase  to  the  value  of
  msg_qbytes,   and   the   {PRIV_SYS_IPC_CONFIG}
  privilege  is not asserted in the effective set
  of the calling process.


So clearly you're trying to either change the number of
msg_qbytes or you are changing the properties of a msg queue
without being the owner.  The SYS_IPC_CONFIG privileges is not
available in the zone (by default).

Perhaps we want to use a new privilege which is save to give to a
zone (modify message queues you don't own).

Casper
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] PRIV_SYS_IPC_CONFIG in non-global zones? Or: how to solve msgctl(2) IPC_SET errors

2010-04-06 Thread Alexander Skwar 
Casper,

the error message of the application is:

Failed to set queue size (have 65536 bytes).

And this is done in a function with the name setTotalQSize.

So, given that, I suppose that the application tries to change
the number of msg_qbytes.

Just to recap - the application would need the SYS_IPC_CONFIG
priv, but this privilege is not available in a non-global zone.

But you say, that it's not available by default. Could I grant
this priv to a non-global zone on Solaris 10?

Best regards,
Alexander

2010/4/6  casper@sun.com:

 msgctl says this

    EPERM        The cmd argument is IPC_RMID  or  IPC_SET,  the
                  {PRIV_SYS_IPC_OWNER}  privilege is not asserted
                  in the effective set of  the  calling  process,
                  and  is not equal to the value of msg_perm.cuid
                  or msg_perm.uid in the data  structure  associ-
                  ated with msqid.

                  The cmd argument  is  IPC_SET,  an  attempt  is
                  being   made   to  increase  to  the  value  of
                  msg_qbytes,   and   the   {PRIV_SYS_IPC_CONFIG}
                  privilege  is not asserted in the effective set
                  of the calling process.


 So clearly you're trying to either change the number of
 msg_qbytes or you are changing the properties of a msg queue
 without being the owner.  The SYS_IPC_CONFIG privileges is not
 available in the zone (by default).

 Perhaps we want to use a new privilege which is save to give to a
 zone (modify message queues you don't own).

 Casper




-- 
Alexander
-- 
↯    Lifestream (Twitter, Blog, …) ↣ http://alexs77.soup.io/ ↯
↯ Chat (Jabber/Google Talk) ↣ a.sk...@gmail.com , AIM: alexws77  ↯
___
zones-discuss mailing list
zones-discuss@opensolaris.org