Re: [Vserver] interpretation of igneg_nice (Mailscanner not starting up)

Sun, 13 Aug 2006 20:37:04 -0700 

On Fri, Aug 11, 2006 at 10:22:24AM +0200, Thorsten Büker wrote:
> Dear all,
> 
> The daemon mailscanner (http://www.mailscanner.info/) is not starting up 
> during the boot process of a vserver using the original script inside 
> vserver's /etc/init.d/, linked from /etc/rc2.d for sure ;-)
> 
> Changing the relevant lines from
> 
> /usr/bin/nice -$run_nice start-stop-daemon --start --quiet  \ 
> 
>   --exec $DAEMON >/dev/null 2>&1
> 
> to
> 
> start-stop-daemon --start --quiet --nicelevel $run_nice \
>   --exec $DAEMON >/dev/null 2>&1
> 
> at least fixes the problem during the startup of the vserver. But as 
> Mailscanner uses to restart itself periodically, it stops running at 
> this moment.
> 
> I don't prefer to fix all calls as shown above to stay compatible with 
> future updates. Google led me to these pages:
> 
>   -> http://www.tgunkel.de/it/software/doc/linux_server
>   -> http://linux-vserver.org/linux-vserver_administrators_guide
>   -> http://linux-vserver.org/Caps+and+Flags
> 
> I tried the line "IGNEG_NICE" in /etc/vservers/mail/flags as well as the 
> line "CAP_SYS_NICE" in /etc/vserver/mail/bcapabilities. But both options 
> didn't lead to success, yet. Has anybody an idea? Btw, we are talking 
> about 2.6.17.7-grsec2.1.9-vs2.0.2-rc26.

well, either grsec is blocking you here, or you are
doing something wrong, here is a test for 2.0.x and
2.1.x to verify that feature:

2.0.x:

 NOCAPS="vcmd -i -1 -BC set_ccaps_v0 bcaps=0 --"
 ENDINI="vcmd -i -1 -BC set_cflags .mask=^32 --"

 vcmd -i 42 -BC ctx_create .flagword=^34^32^8 -- $NOCAPS $ENDINI renice -10 $$

        renice: 20: setpriority: Permission denied

 vcmd -i 42 -BC ctx_create .flagword=^52^34^32^8 -- $NOCAPS $ENDINI renice -10 
$$

        20: old priority 0, new priority 0
                ~~~~~~~~~~~~~~~~~~~~~~~~~~

as you can see, the priority raise was _simply_ ignored

and for 2.1.x you simply use:

 NOCAPS="vcmd -i -1 -BC set_bcaps .bmask=~0 --"

instead of the above, with the same vcmd commands ...

vcmd is a hack tool, designed for testing the vserver API,
you can find it here:

 http://vserver.13thfloor.at/Experimental/TOOLS/vcmd-0.04.tar.bz2

HTH,
Herbert

> kind regards, thanks in advance,
>   Thorsten
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Reply via email to