Le vendredi 2 Septembre 2005 03:06, Herbert Poetzl a écrit : > > I tried, it works on the host. > good, that _is_ half the way ...
I couldn't get Atalkd to work inside a vserver, although someone on the list or IRC seems to have succeded on Debian. Maybe this is Mandriva-related, but Atalkd (And apfd...) run fine on the host. The tcp part (afpd) works in the vserver, and the Appletalk part (Atalkd) not. So I tought of a capability issue, but giving all CAPS to the guest did not solve anything... > > Well, I tried writing CAP_NET_ADMIN and CAP_NET_RAW in the vserver's > > bcapabilities file, and this does apparently nothing. > check with 'grep Cap /proc/self/status' > from inside the guest ... > (and don't forget to restart the guest) Well, there was nothing really interesting/understandable inside it... Well nothing I found related to CAPS. I gonna check agin. > > > > # cat /etc/vservers/filesrv/bcapabilities > > > > CAP_NET_ADMIN > > > > CAP_NET_RAW > > > > I tried too by writing there "NET_ADMIN" and "NET_RAW", there is no > > > > error nor success. > > > yep, but udp, tcp and special icmp are the only > > > ones supported 'by default' ... > > Which means ? > which means, other protocoly, other requirements > (mostly capability wise) Ok, so I set ALL capabilities on that guest, and it still doesn't work :( : Nothing changes ! > > One has got to activate something to use another protocol ? > yes, the cap stuff and it might be a problem > with missing and/or too strict virtualization > (but as I said, we can look into that) I'd like to help, and I've got a few hosts available. > > > > One more thing : Netatalk tries to load the appletalk kernel > > > > module on startup, which apparently fails because being inside a > > > > vserver. Anyway, the module is actually loaded when I start or > > > > stop the service ! (There is no need for it in the host server, > > > > but it appears there to. "One kernel to rule the all", huh ?) > > > yep, that's the main idea behind linux-vserver. > > > contrary to Xen or UML you have only one kernel > > > running on the host, no guest kernel, no guest > > > modules jsut pure 100% userspace there ... > > This is good ;-) ! But what is fun, is that when /etc/init.d/atalkd > > is run (From inside the vserver), it "fails" to load the module, but > > actually the kernel loads it at this very moment !!! > > Maybe the kernel detects an access to some devices and loads the > > module from the host ? > yes, that is possible and likely ... > (maybe we have to 'restrict' this ... Well, restrict, but if that prevents hosted programs to run ;-)... Well, as I think of it, it's really a strange behaviour. Maybe something is needed to deal with programs that need a particular module to be loaded at run time... From inside a guest. The problem is, you use vservers to isolate processes, but the whole (kernel|processes)? will "see" a module that they do not need. Is it dangerous ? > > > > But atalkd still fails to start arguing that it cannot find any > > > > net device. > > > maybe it needs special devices and/or capabilities > > > don't know yet, never tried to get it working ... > > > but we can investigate this soon, if you find some > > > time ... I've got some, mainly at home after work, but I have access to IRC only at home. I can reach the IRC logs at work, which can be useful to make tests on other hosts. > > > > This means the appletalk module isn't working. > > > not necessarily, but might be the cause, did you > > > load it on the host? It is loaded and the whole thing works. Gone into production yesterdays ;-) > maybe we should move that to the irc > channel sooner or later :) I'm online every days after work. -- Réfléchir, c'est nier ce que l'on croit. Emile Chartier, dit Alain, Propos sur la religion
pgpClfapC6ijx.pgp
Description: PGP signature
_______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver