On Wed, Oct 27, 2004 at 11:20:52AM -0400, [EMAIL PROTECTED] wrote: > > >> When I try to start the vserver I get the following. > > >> Can't set the ipv4 root (Function not implemented) > > > that doesn't sound like a working vserver kernel, > > let's give the testme.sh script a run please, and > > let us know what it prints ... > > > > http://vserver.13thfloor.at/Stuff/testme.sh > > It seems as though you are correct... I have various vserver header files > and what not in the include directory under my running kernel's module > directory, so I believe the patch was applied cleanly and there were no > issues with the compile. That said, the testme script fails pretty > catastrophically. Clearly I have something very fundamentally broken. Is > there a particular set of config variables I should check for in my kernel > build?
> Thanks, > Tad > > Here are the test results... > > > [EMAIL PROTECTED] root]# ./testme.sh -v > Linux-VServer Test [V0.07] (C) 2003-2004 H.Poetzl > Can't set the new security context > : Function not implemented > chcontext failed! hmm, okay .. so the kernel does not respond to the syscall at all ... > Can't set the ipv4 root (Function not implemented) > chbind failed! same for the second function (networking) > chcontext version 0.30 > chcontext [ options ] command arguments ... > > chcontext allocate a new security context and executes > a command in that context. > By default, a new/unused context is allocated > > --cap CAP_NAME > Add a capability from the command. This option may be > repeated several time. > See /usr/include/linux/capability.h > In general, this option is used with the --secure option > --secure removes most critical capabilities and --cap > adds specific ones. > > --cap !CAP_NAME > Remove a capability from the command. This option may be > repeated several time. > See /usr/include/linux/capability.h > > --ctx num > Select the context. On root in context 0 is allowed to > select a specific context. > Context number 1 is special. It can see all processes > in any contexts, but can't kill them though. > Option --ctx may be repeated several times to specify up to 16 contexts. > --disconnect > Start the command in background and make the process > a child of process 1. > --domainname new_domainname > Set the domainname (NIS) in the new security context. > Use "none" to unset the domain name. > --flag > Set one flag in the new or current security context. The following > flags are supported. The option may be used several time. > > fakeinit: The new process will believe it is process number 1. > Useful to run a real /sbin/init in a vserver. > lock: The new process is trapped and can't use chcontext anymore. > sched: The new process and its children will share a common > execution priority. > nproc: Limit the number of process in the vserver according to > ulimit setting. Normally, ulimit is a per user thing. > With this flag, it becomes a per vserver thing. > private: No one can join this security context once created. > ulimit: Apply the current ulimit to the whole context > --hostname new_hostname > Set the hostname in the new security context > This is need because if you create a less privileged > security context, it may be unable to change its hostname > --secure > Remove all the capabilities to make a virtual server trustable > --silent > Do not print the allocated context number. > > Information about context is found in /proc/self/status hmm, hmm, the tools use a different syntax? > Linux 2.6.8.1-vs1.9.2-2 i686/0.30/0.30 [E] hmm, (checking http://vserver.13thfloor.at/Experimental/) there was no vs1.9.2-2 release? so what patch is that? please try to describe what you did to get this setup, it will probably need a few email exchanges or a short Q&A at the irc channel to identify the issue ... of special interest would be: - distribution (debian?) - tools (version) and where are they from - compiler, linker and libraries used to build them - kernel configuration (especially all CONFIG_VSERVER* ) best, Herbert > Linux bertha.oldtools.org 2.6.8.1-vs1.9.2-2 #3 SMP Tue Oct 26 17:00:49 EDT > 2004 i686 i686 i386 GNU/Linux > --- > 98bad5c5681abf9c7afbff01e718eaf3 /usr/sbin/chbind > 15d3b8889c8fe51a03dfcc11c7c1aab8 /usr/sbin/chcontext > 4379a40fe738f9fce5c62d0fdbb0355c /usr/sbin/vserver > 25f14e97d84299a43ed3d63fabd2eb1f /etc/init.d/vservers > --- _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
