On Thu, 10 May 2007 17:46:48 +0100 "Ben Green" <[EMAIL PROTECTED]> wrote:
> What I want to know is can vhashify be used within older vserver setups, > specifically Debian 'etch' with it's none COWed kernel. What precautions > would I need to take and what things can't I do inside these guest > servers? my setup for nearly 1.5 years: - debian sarge - ubuntu & debian 2.6 kernels - 2.0.x vserver kernel patches - util-vserver backported from etch/testing (0.30.208-0.30.210) i've been vhashifying that whole time. (that was one of my motivations for using vserver as i wanted to efficiently run over a dozen apache & thttpd servers each in their own guest.) the only problems i've encounter without COW is: 1. slapping my forehead when i accidentally vhashify /etc, try to modify a config file, and spend several minutes trying to figure out why i can't modify the file though i've set it u+w. (that happened sometime in the beginning and only happened once. ;-) 2. upon upgrading or uninstall a package containing set[ug]id files, dpkg tries to unset the set[ug]id bit of the files (as a security precaution in case someone has hardlinked it and is keeping it around waiting for an exploit to be found in it). of course this fails as the hashified file cannot be modified, but even worse dpkg stumbles on making a mess without reporting an error/failure. i patched dpkg to not unset the file. another debian user patched vhashify to skip set[ug]id files, which is the more proper solution (i only patched dpkg because it was the easier solution having already found the problematic code in dpkg while debugging the problem). see the vserver mailing list archives for our patches. see bug http://bugs.debian.org/382760 for my dpkg bug report. those are the two problems i've ever found. a tip is to rehashify your vservers and prune your .hash directory after package updates. you can find a discussion on pruning scripts that i prompted on the mailing list sometime ago. corey -- [EMAIL PROTECTED] _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
