On Wed, 2005-09-07 at 03:12 +0200, Herbert Poetzl wrote: > On Tue, Sep 06, 2005 at 11:35:42AM +0200, Dennis Roos wrote: > > Hi, > > > > By accident I ran into a crash of the complete host (nicely reboots > > luckily), but still... I can reproduce this on the same setup, different > > hardware. > > I'm interested! :) > > could you verify a few things for me? > > a) does it happen with vs2.0 too (same configs)? I am working on a new setup. As soon as it's running this will be my first test to run on it :)
> b) does it help to revert the grsec patches? The current kernel came from simply running emerge vserver-sources, so I guess I have to patch the kernel by hand again. > c) does it happen if you do not start the guest? I can start the guest and run the route add and netstat -rn on host only, but the crash does not occur. It only occurs when I run netstat -rn in the guest. > TIA, > Herbert > > > Versions: > > Kernel: 2.6.11.6-grsec-vs1.9.5 > > VS-API: 0x00010025 > > util-vserver: 0.30.196; Apr 5 2005, 16:20:45 > > > > Features: > > CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc > > (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) > > CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++ > > (GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6) > > CPPFLAGS: '' > > CFLAGS: '-O2 -march=i686 -fomit-frame-pointer > > -std=c99 -Wall -pedantic -W' > > CXXFLAGS: '-O2 -march=i686 -fomit-frame-pointer -ansi > > -Wall -pedantic -W -fmessage-length=0' > > build/host: i686-pc-linux-gnu/i686-pc-linux-gnu > > Use dietlibc: yes (0.28) > > Build C++ programs: yes > > Build C99 programs: yes > > Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts > > ext2fs Source: e2fsprogs > > syscall(2) invocation: fast > > vserver(2) syscall#: 273/default > > > > Paths: > > prefix: /usr > > sysconf-Directory: /etc > > cfg-Directory: /etc/vservers > > initrd-Directory: /etc/init.d > > pkgstate-Directory: /var/run/vservers > > Kernelheaders: /usr/include > > vserver-Rootdir: /vservers > > > > > > VServer configuration: > > /etc/vservers/IT_MONITOR/apps/init/style:gentoo > > /etc/vservers/IT_MONITOR/interfaces/0/dev:eth1 > > /etc/vservers/IT_MONITOR/interfaces/0/ip:XXX.XXX.XXX.82 > > /etc/vservers/IT_MONITOR/interfaces/0/mask:255.255.255.0 > > /etc/vservers/IT_MONITOR/interfaces/0/name:0IT_MONITOR > > /etc/vservers/IT_MONITOR/interfaces/0/prefix:24 > > /etc/vservers/IT_MONITOR/interfaces/1/dev:lo > > /etc/vservers/IT_MONITOR/interfaces/1/ip:127.0.0.1 > > /etc/vservers/IT_MONITOR/interfaces/1/mask:255.255.255.255 > > /etc/vservers/IT_MONITOR/interfaces/1/name:1IT_MONITOR > > /etc/vservers/IT_MONITOR/interfaces/1/prefix:32 > > /etc/vservers/IT_MONITOR/uts/nodename:it_monitor.mydomain.com > > /etc/vservers/IT_MONITOR/uts/release:2.6.10 > > /etc/vservers/IT_MONITOR/flags:lock > > /etc/vservers/IT_MONITOR/flags:nproc > > /etc/vservers/IT_MONITOR/fstab:none /proc proc defaults > > 0 0 > > /etc/vservers/IT_MONITOR/fstab:none /dev/pts devpts > > gid=5,mode=620 0 0 > > /etc/vservers/IT_MONITOR/fstab:#none /tmp tmpfs > > size=16m,mode=1777 0 0 > > /etc/vservers/IT_MONITOR/name:IT_MONITOR > > /etc/vservers/IT_MONITOR/context:82 > > /etc/vservers/IT_MONITOR/ccpabilities:CAP_NET_RAW > > > > A couple of notes on the config: > > # ccapabilities CAP_NET_RAW are needed because this vserver is supposed > > to monitor our equipment using ping, traceroute, etc. > > # device 1 (127.0.0.1) was needed because nagios (the monitoring > > application) does some hardcoded check on 127.0.0.1 :( and I am too lazy > > to fix this. > > > > What happens... > > On the host I decided to run `route add -host 1.2.3.4 reject` > > I enter the vserver and run netstat -rn (normally runs smoothly) > > `netstat -rn` > > Kernel IP routing table > > Destination Gateway Genmask Flags MSS Window irtt > > Iface > > Read from remote host XXX.XXX.XXX.55: Connection reset by peer > > Connection to XXX.XXX.XXX.55 closed. > > > > Whah! The machine dies, and reboots -- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
