On Fri, Jan 28, 2005 at 05:57:08PM +0100, Werner Schalk wrote:
> Hi guys,

*oh boy* ...

> I am trying to get my vserver running on Gentoo and when I try 
> to start it I get the following error message:

most of them are because your 'gentoo-template'
is broken in several aspects ...

> # vserver --verbose gentoo-template start
> ipv4root is now 10.0.5.1
> ipv4root is now 10.0.5.1
> New security context is 49153

you should not use dynamic contexts, switch to
static ones ...

>  * Checking all filesystems...
> /dev/hda1: clean, 36/24576 files, 11275/98248 blocks                          
>                                         
hum, how is it possible that the guest does filesystem
checking? looks like you forget to cleanup the /dev
directory, it should only contain:

$ ls /dev/
full  log=  null  ptmx  pts/  random  tty  urandom  zero

> [ ok ]
>  * Mounting local filesystems...
> mount: permission denied

mounting inside the guest is forbidden for security
resons (this might change in the future, but no need
to 'mount' anything IMHO)

>  * Some local filesystem failed to mount                                      
>                                         
> [ !! ]
> 
> grep: /proc/filesystems: No such file or directory
> grep: /proc/filesystems: No such file or directory
>  * Activating (possibly) more swap...                                         
>                                         
activating swap from inside a guest is a bad idea

> [ ok ]
> grep: /proc/cpuinfo: No such file or directory
>  * Setting system clock to hardware clock [UTC]...
>  * Failed to set system clock to hardware clock                               
>                                         
of course, messing with the hardware clock is not
allowed inside a guest, what use would it have?

> [ !! ]
> 
>  * ERROR:  Problem starting needed services.
>  *         "syslog-ng" was not started.
>  * Bringing eth0 up (10.0.5.1)...
> SIOCSIFADDR: Permission denied
> SIOCSIFFLAGS: Permission denied
> SIOCSIFBRDADDR: Permission denied
> SIOCSIFFLAGS: Permission denied
> SIOCSIFNETMASK: Permission denied                                             
>                                         
bringing up/down interfaces is done on the host,
this is no job for a guest. all required ips have
been assigned and the chbind has been configured

> [ !! ]
> 
>  * ERROR:  Problem starting needed services.
>  *         "sshd" was not started.
>  * ERROR:  Problem starting needed services.
>  *         "vixie-cron" was not started.
> Error: /proc must be mounted
>   To mount /proc at boot you need an /etc/fstab line like:
>       /proc   /proc   proc    defaults
>   In the meantime, mount /proc /proc -t proc

this means that you are on 2.6.x and did 'forget'
to run the vprocunhide script which configures the
procfs in a secure way ...

(see http://linux-vserver.org/Proc-Security
for details)

> How can I make /proc available in the vserver environment? Can somebody 
> provide with a sample configuration file for Gentoo and where to put that 
> file?

probably gentoo folks will provide that ...

> Thanks.

HTH,
Herbert

> Bye,
> Werner.
> _______________________________________________
> Vserver mailing list
> [email protected]
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to