Hi,
Here is the Debug output. There is no corresponding line for bcap, as
"++ OPTS_VATTRIBUTE=("[EMAIL PROTECTED]" --ccap "$cap")" for ccap.Hope this helps. Andy
++ local cap_opts
++ local flag
++ test '(' '!' -e /etc/vservers/apache2server/hostname -o -e /etc/vservers/apac
he2server/uts/nodename ')' -a '(' '!' -e /etc/vservers/apache2server/domainname
-o -e /etc/vservers/apache2server/uts/domainname ')'
++ test -z ''
++ _generateCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ _generateBCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ local f=/etc/vservers/apache2server/bcapabilities
++ test -e /etc/vservers/apache2server/bcapabilities
++ read cap
++ _generateCCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ local f=/etc/vservers/apache2server/ccapabilities
++ test -e /etc/vservers/apache2server/ccapabilities
++ read cap
++ OPTS_VATTRIBUTE=("[EMAIL PROTECTED]" --ccap "$cap")
++ read cap
++ test -e /etc/vservers/apache2server/capabilities
++ return 0
++ _generateFlagOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ CHCONTEXT_FLAG_OPTS=()
++ test '!' -e /etc/vservers/apache2server/flags
Herbert Poetzl wrote:
On Fri, Jan 14, 2005 at 06:34:02PM -0800, Andrew Mendelsohn wrote:
Hi,
Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling util-vserver 0.30.196, it seems that I can't remove capabilities via the /usr/local//etc/vservers/webserver/bcapabilities configuration file using ~ALL. The /usr/local//etc/vservers/webserver/ccapabilities file does what it is supposed to when set to ~ALL.
Output of cat /proc/self/vinfo before config files are set to ~ALL
XID: 10 BCaps: ffffffffd44c04ff CCaps: 0000000000000101 CFlags: 0000000202000010 CIPid: 0
Output of cat /proc/self/vinfo after both config files are set to ~ALL
XID: 10 BCaps: ffffffffd44c04ff CCaps: 0000000000000000 CFlags: 0000000202000010 CIPid: 0
Is it a bug, or do I need an additional configuration step?
hmm, didn't test with the config setup, but a quick check with vxc showed that it is working as expected
$ vxc --xid 100 -- grep Cap /proc/self/status New security context is 100 CapInh: 0000000000000000 CapPrm: 00000000fffffeff CapEff: 00000000fffffeff
$ vxc --xid 100 --bcap ~ALL -- cat /proc/self/vinfo New security context is 100
XID: 100
BCaps: 0000000000000000
CCaps: 0000000000000000
CFlags: 0000000200000000
CIPid: 0
$ vxc --xid 100 --bcap ~ALL -- grep Cap /proc/self/status New security context is 100 CapInh: 0000000000000000 CapPrm: 0000000000000000 CapEff: 0000000000000000
(kernel) 2.6.11-rc1-vs1.9.4-rc1 no relevant changes to 2.6.10-vs1.9.3.17
please check with --debug if the --bcap arg is passed properly to vattribue ...
TIA, Herbert
Thanks, Andy
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
