On Sat, Jan 31, 2004 at 12:37:59PM +0100, Sascha Silbe wrote: > On Sat, Jan 31, 2004 at 12:35:17AM +0100, Herbert Poetzl wrote: > > [reducecap working on 2.4.25-pre7-vs1.24] > > Interesting... So it's either fixed in 2.4.25-pre7 or caused by one of > the patches I'm using. > > >what kernel aptch/tool version do you use > ftp://ftp.silbe.org/linux/kernel/linux-2.4.21.tar.bz2 > === Begin PATCHES === > ftp://ftp.silbe.org/linux/fs/xfs/xfs-2.4.21-all-i386.bz2 > ftp://ftp.silbe.org/linux/kernel/09_linux-2.4.21-pp-ctx17.patch.bz2 > ftp://ftp.silbe.org/linux/kernel/user-mode-linux/host-skas3.patch > ftp://ftp.silbe.org/linux/fs/linux-2.4.21-ea.diff.gz (some conflicts due > to ACL fragments from xfs-2.4.21-all-i386.bz2 resolved manually) > change: IS_IMMUTABLE -> IS_IMMUTABLE_FILE (changed by > 09_linux-2.4.21-pp-ctx17.patch.bz2, but partly reintroduced by > linux-2.4.21-ea.diff.gz) > change: include/linux/capability.h: CAP_INIT_INH_SET: to_cap_t(0) -> > to_cap_t(~0 & ~CAP_TO_MASK(CAP_SETPCAP)) > === End PATCHES === > > > http://vserver.13thfloor.at/Stuff/testme.sh > === Begin screenshot === > [EMAIL PROTECTED]:~# bash testme.sh -vvvvvv > Linux-VServer Test [V0.06] (C) 2003-2004 H.Poetzl > chcontext is working. > s_context: 1 [ 1] __NR_new_s_context: 259 > chbind is working. > ipv4root: 0100007f ipv4root_bcast: ffffffff ipv4root_refcnt: 1 > __NR_set_ipv4root: 260 rev2 > ipv4root: 0100007f ipv4root_bcast: ffffffff ipv4root_refcnt: 1 > __NR_set_ipv4root: 260 rev2 > Linux 2.4.21-hybrid-1 i586/chcontext 0.22/chbind 0.22 [J] > Linux hybrid.sascha.silbe.org 2.4.21-hybrid-1 #2 SMP Tue Jun 24 21:24:15 > CEST 2003 i586 AMD-K6(tm) 3D processor AuthenticAMD GNU/Linux > --- > 591a01a41f800adbda289788adfa1135 /usr/local/sbin/chbind > 85e7d3cb0793981973a4340d9aae293a /usr/local/sbin/chcontext > fcec10a1c438dfa1ffee6d30776ff414 /usr/local/sbin/vserver > eb44ade6adee2da1da744297a543b0c0 /etc/init.d/vservers > --- > [001]# chcontext --ctx 100 grep context /proc/self/status > New security context is 100 > s_context: 100 [ 100] > __NR_new_s_context: 259 > [001]# succeeded. > [011]# chcontext --secure --ctx 100 mknod /tmp/x c 0 0 > New security context is 100
this means, context security/capabilities are not working (basically) > [011]# failed. > [031]# chcontext --hostname zaphod uname -a > Host name is now zaphod > New security context is 72 > Linux zaphod 2.4.21-hybrid-1 #2 SMP Tue Jun 24 21:24:15 CEST 2003 i586 > AMD-K6(tm) 3D processor AuthenticAMD GNU/Linux > [031]# succeeded. > [101]# chbind --ip 192.168.0.42 true > ipv4root is now 192.168.0.42 > [101]# succeeded. > [102]# chbind --ip 192.168.0.1/255.255.255.0 --ip 10.0.0.1/24 true > Invalid IP number or host name: 192.168.0.1/255.255.255.0 > chbind version 0.22 > chbind [ --silent ] [ --ip ip_num ] [ --bcast broadcast ] command > argument > [102]# failed. this means that network masks are not supported > [201]# chcontext --ctx 100 --flag fakeinit grep 'initpid: 0' > /proc/self/status > New security context is 100 > initpid: 0 > [201]# failed. this means, that fakeinit with static contexts is not support (this is the only failure which is expected on the stable branch) > [202]# chcontext --flag fakeinit grep 'initpid: 0' /proc/self/status > New security context is 73 > [202]# succeeded. > [EMAIL PROTECTED]:~# ls -l /tmp/x > crw-r--r-- 1 root root 0, 0 Jan 31 12:13 /tmp/x > [EMAIL PROTECTED]:~# > === End screenshot === HTH, Herbert > CU/Lnx Sascha > > -- > Registered Linux User #77587 (http://counter.li.org/) > > bomb terrorist afghanistan PGP encrypt CIA FBI BND MAD StaSi anschlag > strike sex pussy xxx kill bj hitler Gates MS Windows ZV ZDV _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
