Here's my BCapabilities -> I've been running X inside a vserver for quite some time. This is what I use.
CAP_CHOWN CAP_DAC_READ_SEARCH -> needed for X CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP -> I use this for ethereal CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT -> needed for vserver scripts AFAICT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_MKNOD -> for creating the dev/card/xxx CAP_LEASE Cheers, Liam On Sun, 2004-12-19 at 12:30 -0500, Benoit des Ligneris wrote: > Hello, > > Well, the vserver has some CAP : I tried initially with > CAP_NET_ADMIN and CAP_SYS_ADMIN but with no success. > > After a bit of RTFS, I still believe that no additional CAP should be > necessary but maybe am I wrong ? > > Any suggestion ? > > Ben > > > * Herbert Poetzl <[EMAIL PROTECTED]> [04-12-19 11:12]: > > On Fri, Dec 17, 2004 at 11:17:29PM -0500, Benoit des Ligneris wrote: > > > Hello, > > > > > > We are trying to run an X server inside a vserver. We found some > > > messages on the mailing list but no know success ;-) > > > > > > The errror we have is the following : > > > ========= Extract of XFree86 log ============== > > > * BIOS: Failed to open /dev/mem (Operation not permitted) > > > Using vt 7 > > > (--) using VT number 7 > > > > > > (WW) Open APM failed (/dev/apm_bios) (No such device) > > > > > > Fatal server error: > > > xf86EnableIOPorts: Failed to set IOPL for I/O > > > ====End of Extract of XFree86 log ============== > > > > > > > > > I noticed that it is not possible to access /dev/mem from inside a > > > vserver. I think this is needed because X try to directly access the > > > memory. > > > > > > Any idea to achieve that ? > > > > hmm, did you try to give proper capabilities to that > > vserver? > > > > no need to mention that access to /dev/mem or /proc/mem > > will allow to wipe out your host machine ... > > > > best, > > Herbert > > > > > Thanks by advance, > > > > > > Ben > > > > > > -- > > > Benoit des Ligneris Ph. D. > > > President de Revolution Linux http://www.revolutionlinux.com/ > > > OSCAR Chair http://oscar.openclustergroup.org/ > > > Chef de projet EduLinux http://www.edulinux.org/ > > > _______________________________________________ > > > Vserver mailing list > > > [EMAIL PROTECTED] > > > http://list.linux-vserver.org/mailman/listinfo/vserver -- StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly" _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
