Hello Herbert (and all others), Here are my configurations and tools versions: [EMAIL PROTECTED] /usr/src/installs/new-vserver# ls patch-vserver-0.29-fix01.diff util-vserver-0.26/ util-vserver-0.26.tar.bz2 vserver-0.29/ vserver-0.29.src.tar.gz [EMAIL PROTECTED] /usr/src/installs/new-vserver# cat /etc/vservers.conf # Configuration file for the vservers service # BACKGROUND=yes # start the vservers on tty9, in background so the rest of the # boot process end early BACKGROUND=no # This variable controls where the vservers are stored. # This file is sourced by the various vservers configuration files # in /etc/vservers. Each vserver may redefine the value so it points # elsewhere. So vservers may be located in various places on the system. # To make it simple, when you want to learn what is the vserver root # source one vserver configuration and you will learn what is the # actual vserver root for this vserver VSERVERS_ROOT=/vservers # When starting or entering a vserver, its /etc/mtab is generated on # the fly so it matches the various volumes mounted inside the vserver GENERATEMTAB=yes
[EMAIL PROTECTED] /usr/src/installs/new-vserver# cat /etc/vservers/srmi.conf # Description: sapienflex-rmi # Select an unused context (this is optional) # The default is to allocate a free context on the fly # In general you don't need to force a context #S_CONTEXT= # Select the IP number assigned to the virtual server # This IP must be one IP of the server, either an interface # or an IP alias IPROOT=192.168.3.86 # You can define on which device the IP alias will be done # The IP alias will be set when the server is started and unset # when the server is stopped # The netmask and broadcast are computed by default from IPROOTDEV #IPROOTMASK= #IPROOTBCAST= IPROOTDEV=eth0 # Uncomment the onboot line if you want to enable this # virtual server at boot time ONBOOT=yes # You can set a different host name for the vserver # If empty, the host name of the main server is used S_HOSTNAME=sapienflex-rmi.server.pt # You can set a different NIS domain for the vserver # If empty, the current on is kept # Set it to "none" to have no NIS domain set S_DOMAINNAME= # You can set the priority level (nice) of all process in the vserver # Even root won't be able to raise it S_NICE= # You can set various flags for the new security context # lock: Prevent the vserver from setting new security context # sched: Merge scheduler priority of all processes in the vserver # so that it acts a like a single one. # nproc: Limit the number of processes in the vserver according to ulimit # (instead of a per user limit, this becomes a per vserver limit) # private: No other process can join this security context. Even root # Do not forget the quotes around the flags S_FLAGS="lock nproc" # You can set various ulimit flags and they will be inherited by the # vserver. You enter here various command line argument of ulimit # ULIMIT="-HS -u 200" # The example above, combined with the nproc S_FLAGS will limit the # vserver to a maximum of 200 processes ULIMIT="-HS -u 500" # You can set various capabilities. By default, the vserver are run # with a limited set, so you can let root run in a vserver and not # worry about it. He can\'t take over the machine. In some cases # you can to give a little more capabilities \(such as CAP_NET_RAW\) #S_CAPS="CAP_NET_RAW" S_CAPS="" [EMAIL PROTECTED] /usr/src/installs/new-vserver# ls /var/run/vservers/ -l total 28 -rw-r--r-- 1 root root 27 Jan 6 21:57 ciisp.ctx -rw-r--r-- 1 root root 27 Jan 6 21:57 lsmb-nss.ctx -rw-r--r-- 1 root root 27 Jan 6 21:57 ns2.ctx -rw-r--r-- 1 root root 27 Jan 6 21:57 shares.ctx -rw-r--r-- 1 root root 27 Jan 6 21:58 srmi.ctx -rw-r--r-- 1 root root 27 Jan 6 21:58 sweb.ctx -rw-r--r-- 1 root root 27 Jan 6 21:58 www.ctx [EMAIL PROTECTED] /usr/src/installs/new-vserver# ls -ld /var/run/vservers drwx------ 2 root root 4096 Jan 6 21:58 /var/run/vservers/ [EMAIL PROTECTED] /usr/src/installs/new-vserver# To sum it all up: a) I didn�t change any configuration from version 2.4.23-vs1.00 to 2.4.24-vs1.22 b) I changed the /etc/vservers.conf cause it couldn�t find my /vservers dir c) iam using the versions of the tools you recommend on your site Do you need any extra information I can provide? :o) Thanks, +------------------------------------------- | Lu�s Miguel Silva | Network Administrator@ ISPGaya.pt | Rua Ant�nio Rodrigues da Rocha, 291/341 | Sto. Ov�dio � 4400-025 V. N. de Gaia | Portugal | T: +351 22 3745730/3/5 F: +351 22 3745738 | G: +351 93 6371253 E: [EMAIL PROTECTED] | H: http://lms.ispgaya.pt/ +------------------------------------------- -----Original Message----- From: Herbert Poetzl [mailto:[EMAIL PROTECTED] Sent: quarta-feira, 7 de Janeiro de 2004 0:02 To: Lu�s Miguel Silva Cc: [EMAIL PROTECTED] Subject: Re: [Vserver] Problem with kernel 2.4.24 + vs1.22 On Tue, Jan 06, 2004 at 09:41:14PM -0000, Lu�s Miguel Silva wrote: > Hello all, > > Today I updated my servers kernel to 2.4.24-vs1.22 and im having some > trouble when I try to stop the vserver. could you provide the type and version of your tools and the config for that vserver, please? TIA, Herbert > [EMAIL PROTECTED] /usr/src/installs/new-vserver# vserver srmi stop > Stopping the virtual server srmi > Server srmi is running > ipv4root is now 192.168.3.86 > Can't set the new security context > : Invalid argument > sleeping 5 seconds > Killing all processes > chcontext version 0.29 > chcontext [ options ] command arguments ... > chcontext allocate a new security context and executes > a command in that context. > By default, a new/unused context is allocated > --cap CAP_NAME > Add a capability from the command. This option may be > repeated several time. > See /usr/include/linux/capability.h > In general, this option is used with the --secure option > --secure removes most critical capabilities and --cap > adds specific ones. > --cap !CAP_NAME > Remove a capability from the command. This option may be > repeated several time. > See /usr/include/linux/capability.h > --ctx num > Select the context. On root in context 0 is allowed to > select a specific context. > Context number 1 is special. It can see all processes > in any contexts, but can't kill them though. > Option --ctx may be repeated several times to specify up to 16 > contexts. > --disconnect > Start the command in background and make the process > a child of process 1. > --domainname new_domainname > Set the domainname (NIS) in the new security context. > Use "none" to unset the domain name. > --flag > Set one flag in the new or current security context. The following > flags are supported. The option may be used several time. > > fakeinit: The new process will believe it is process number 1. > Useful to run a real /sbin/init in a vserver. > lock: The new process is trapped and can't use chcontext anymore. > sched: The new process and its children will share a common > execution priority. > nproc: Limit the number of process in the vserver according to > ulimit setting. Normally, ulimit is a per user thing. > With this flag, it becomes a per vserver thing. > private: No one can join this security context once created. > ulimit: Apply the current ulimit to the whole context > --hostname new_hostname > Set the hostname in the new security context > This is need because if you create a less privileged > security context, it may be unable to change its hostname > --secure > Remove all the capabilities to make a virtual server trustable > --silent > Do not print the allocated context number. > > Information about context is found in /proc/self/status > [EMAIL PROTECTED] /usr/src/installs/new-vserver# uname -a > Linux leonardo-root.ispgaya.pt 2.4.24-vs1.22 #1 SMP Tue Jan 6 09:52:07 WET > 2004 i686 unknown unknown GNU/Linux > [EMAIL PROTECTED] /usr/src/installs/new-vserver# > > > Is this the problem with vkill you mention on your site (Herbert)? > > Best, > +------------------------------------------- > | Lu�s Miguel Silva > | Network Administrator@ ISPGaya.pt > | Rua Ant�nio Rodrigues da Rocha, 291/341 > | Sto. Ov�dio � 4400-025 V. N. de Gaia > | Portugal > | T: +351 22 3745730/3/5 F: +351 22 3745738 > | G: +351 93 6371253 E: [EMAIL PROTECTED] > | H: http://lms.ispgaya.pt/ > +------------------------------------------- > > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
