Re: [Vserver] Problems with Per Context Disk Limis

[Sebastian Ganschow]

I finished on my little script to reset the Per Context Limits. It's based on
the script by Matt Ayres which I had to modify a little bit.
Both scripts can be found at

http://users.sg-0.de/sg/scripts/vserver

Maybe it isn't the best solution, but it is working.

greetings
Sebastian

--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]


Quoting Herbert Poetzl <[EMAIL PROTECTED]>:

> On Fri, Jul 30, 2004 at 03:27:37PM +0200, Sebastian Ganschow wrote:
> > Thank you so far.
> >
> > I searched the mailing list archive before, but I think I
> > searched with the wrong keywords.
> >
> > I just wondered why the Limits aren't stored like regular quotas,
>
> simple, consider the following setup:
>
>  /dev/hd0 /
>  /dev/hd1 /vservers/vs1
>  /dev/hd2 /vservers/vs2
>
> now quota is stored at the root dir of a disk, in
> files called (a)quota.{user,group}, which in this
> case could be /vservers/vs1/quota.user, you probably
> do not want the disk limits to be stored in a
> /vservers/vs1/disk.limit file inside the vserver
> path ...
>
> aside from that, writing the info back to the disk
> seems not really necessary, and can be done from
> userspace if somebody wants to do it ...
>
> best,
> Herbert
>
> > but the skript will be a appropriate solution for this problem.
> >
> > regards
> > Sebastian
> >
> > --
> > Sebastian Ganschow
> > mailto:[EMAIL PROTECTED]
> >
> >
> > Quoting Herbert Poetzl <[EMAIL PROTECTED]>:
> >
> > > On Fri, Jul 30, 2004 at 02:08:41PM +0200, Sebastian Ganschow wrote:
> > > > Hello,
> > > >
> > > > I tried to set up Per Context Disk Limits with the documentation on
> > > > www.linux-vserver.org. When I set the Limit with
> > > >
> > > > # cqhadd -x 101 -v /dev/hda6
> > > > # cddlim -x 101 -S 0,200,0,1000,5 -v /dev/hda6
> > > >
> > > > the Limit ist working, but when I restart the server the Disk Limit is
> > > away.
> > > >
> > > > I tried it with kernel 2.4.25 and with kernel 2.4.22. In both cases
> the
> > > Disk
> > > > Limits are deleted after a restart of the system.
> > > >
> > > > I configured it with the following documentation:
> > > >
> > >
> http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits
> > > >
> > > > What could be the Problem?
> > >
> > > nothing, this is expected behaviour, in the 2.4
> > > stable addon patch for quota and disk limits the
> > > in kernel store (hash) for this information is
> > > not persistent per se, but there are several
> > > scripts (like the one Matt did) available (just
> > > search the mailing list archives) to solve this
> > > issue ...
> > >
> > > http://list.linux-vserver.org/archive/vserver/msg06020.html
> > >
> > > disk limits for the vs1.9.x branch (no quota yet)
> > > takes a different approach, but a host reboot will
> > > purge the settings too ...
> > >
> > > HTH,
> > > Herbert
> > >
> > > > Regards
> > > > Sebastian
> > > >
> > > > PS: Could you please answer also to my email address, because of a bug
> it
> > > isn't
> > > > possible for me to subscribe to the mailing list.
> > > >
> > > > --
> > > > Sebastian Ganschow
> > > > mailto:[EMAIL PROTECTED]
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > 
> > > > This message was sent using IMP, the Internet Messaging Program.
> > > > ___
> > > > Vserver mailing list
> > > > [EMAIL PROTECTED]
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > >
> > >
> > >
> >
> >
> > 
> > This message was sent using IMP, the Internet Messaging Program.
>
>
>



This message was sent using IMP, the Internet Messaging Program.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Security patch for util-vserver-0.30

[ktf]

On 31 Jul, Paul Sladen wrote:
> There is no security risk to existing vservers.  However, when creating a
> vserver using `util-vserver' (...)

As Paul already stated there are problems when creating a new vserver,
but one dangerous line is in the section that is processed during each
vserver start or reboot!

> When posting an unsigned patch ``out-of-the-blue'' it is often useful to say
> a little about what it does.  Or perhaps add comments to the patch stating
> what it changes and why

I fully agree with you and I send patches normally to the package
maintainer, but this time it was also an issue to give the sysadmins a
head start before less experienced script kiddies figure out how to
exploit it. While I think most of the people who are running a vserver
somewhere have no interest to render the host system completely
unusable, there are always some who think it's kind of funny, or to cite
Hagrid: There's a weirdo in every breed.

> Once again, thanks for bringing the spaces issue to people's attempt, and
> could you comment on whether the above evaluation is correct?
Yep.

-- 
   Klaus ter Fehn  Wagnerstr. 4Mobile: +49-172-2529379
 40212 Duesseldorf Phone:  +49-211-356880
 [EMAIL PROTECTED]FRG/Germany Fax:+49-211-356881

  ... to boldly code where no byte has gone before ...
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Cartas comerciais 400 Modelos prontos

[Cristina Oliveira]

Indicado para: secretárias em geral, gerências, Rh, executivos, estudantes, 
empresas de toda ordem, etc.

O custo é ínfimo em relação ao que poderá gerar no aperfeiçoamento da
comunicação de sua empresa.

http://www.gueb.de/cartascomerciais

As cartas comerciais, têm grande importância na administração de qualquer 
empreendimento, pois uma parte significativa das transações mundiais se 
realiza por esse meio.  A carta é o instrumento que faz a conexão entre os 
negociantes. 

http://www.gueb.de/cartascomerciais

Estamos lançando o CD MODELOS DE CARTAS COMERCIAIS, que sana suas dúvidas 
na elaboração de todos os tipos de cartas e documentos empresariais: 
agradecimentos, atestados e declarações, avisos, 
cartas de cobrança, cartas em inglês, comunicados,  convites,  contratos, 
propostas, empregos, solicitações e pedidos, telegramas, cartas por e-mail, 
etc.

http://www.gueb.de/cartascomerciais

O CD contém mais de 400 modelos de Cartas Comerciais e inúmeras técnicas de 
Redação Comercial. 

___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problems with Per Context Disk Limis

[Gregory (Grisha) Trubetskoy]

Here is a Python version of a similar thing:
http://www.openvps.org/cvs/viewcvs.cgi/oh-host/scripts/ohdisk?rev=1.2&content-type=text/vnd.viewcvs-markup
This isn't really a standalone script because it relies on some other 
libs to enumerate vservers, but nonetheless, could be interesting for 
someone trying to accomplish this.

The output goes to stdout, so it's up to the invoker to figure out in 
which file to save it.

The end result is a shell script, so there is no need for a second script, 
you just run the resulting file.

There is also a bit of code for resetting the inode count. I have not been 
able to identify the source of the problem, but I am convinced there is an 
inode "leak" in the code, so when the inode count approaches a certain 
level, the script resets it to 0.

Another note is that we found that its a good idea to keep backups of the 
disk limit counts (last hour, last day and last week, for example) - 
should you by mistake boot a non-vps kernel and your vserver partition 
will end up getting mounted without tagctx, you can accidently overwrite 
your file.

Grisha
On Mon, 2 Aug 2004, Sebastian Ganschow wrote:
I finished on my little script to reset the Per Context Limits. It's based on
the script by Matt Ayres which I had to modify a little bit.
Both scripts can be found at
http://users.sg-0.de/sg/scripts/vserver
Maybe it isn't the best solution, but it is working.
greetings
Sebastian
--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]
Quoting Herbert Poetzl <[EMAIL PROTECTED]>:
On Fri, Jul 30, 2004 at 03:27:37PM +0200, Sebastian Ganschow wrote:
Thank you so far.
I searched the mailing list archive before, but I think I
searched with the wrong keywords.
I just wondered why the Limits aren't stored like regular quotas,
simple, consider the following setup:
 /dev/hd0 /
 /dev/hd1 /vservers/vs1
 /dev/hd2 /vservers/vs2
now quota is stored at the root dir of a disk, in
files called (a)quota.{user,group}, which in this
case could be /vservers/vs1/quota.user, you probably
do not want the disk limits to be stored in a
/vservers/vs1/disk.limit file inside the vserver
path ...
aside from that, writing the info back to the disk
seems not really necessary, and can be done from
userspace if somebody wants to do it ...
best,
Herbert
but the skript will be a appropriate solution for this problem.
regards
Sebastian
--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]
Quoting Herbert Poetzl <[EMAIL PROTECTED]>:
On Fri, Jul 30, 2004 at 02:08:41PM +0200, Sebastian Ganschow wrote:
Hello,
I tried to set up Per Context Disk Limits with the documentation on
www.linux-vserver.org. When I set the Limit with
# cqhadd -x 101 -v /dev/hda6
# cddlim -x 101 -S 0,200,0,1000,5 -v /dev/hda6
the Limit ist working, but when I restart the server the Disk Limit is
away.
I tried it with kernel 2.4.25 and with kernel 2.4.22. In both cases
the
Disk
Limits are deleted after a restart of the system.
I configured it with the following documentation:

http://vserver.13thfloor.at/Linux2.6/index.php?page=Per+Context+Disk+Limits
What could be the Problem?
nothing, this is expected behaviour, in the 2.4
stable addon patch for quota and disk limits the
in kernel store (hash) for this information is
not persistent per se, but there are several
scripts (like the one Matt did) available (just
search the mailing list archives) to solve this
issue ...
http://list.linux-vserver.org/archive/vserver/msg06020.html
disk limits for the vs1.9.x branch (no quota yet)
takes a different approach, but a host reboot will
purge the settings too ...
HTH,
Herbert
Regards
Sebastian
PS: Could you please answer also to my email address, because of a bug
it
isn't
possible for me to subscribe to the mailing list.
--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]



This message was sent using IMP, the Internet Messaging Program.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver




This message was sent using IMP, the Internet Messaging Program.




This message was sent using IMP, the Internet Messaging Program.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Problem rebooting the System

[Sebastian Ganschow]

Hi,

I've got another Problem. When I'm using Context Disk Limits it is necassary to
set the context ID in the configuration file with the Option S_CONTEXT. But when
I set the context ID the vservers so not start while starting the System
although the ON_BOOT Flag is set to yes.

The following message appears:

Starting the virtual server host2
Server host2 is not running
Usage: init 0123456SsQqAaBbCcUu

When there is no context ID set, the vserver is starting while starting the
System.

greetings
Sebastian

--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]






This message was sent using IMP, the Internet Messaging Program.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problem rebooting the System

[Herbert Poetzl]

On Mon, Aug 02, 2004 at 05:24:40PM +0200, Sebastian Ganschow wrote:
> Hi,

Hi Sebastian!

> I've got another Problem. When I'm using Context Disk Limits 
> it is necassary to set the context ID in the configuration 
> file with the Option S_CONTEXT. But when I set the context 
> ID the vservers so not start while starting the System
> although the ON_BOOT Flag is set to yes.
> 
> The following message appears:
> 
> Starting the virtual server host2
> Server host2 is not running
> Usage: init 0123456SsQqAaBbCcUu
> 
> When there is no context ID set, the vserver is starting 
> while starting the System.

first I have to apologize, yesterday my cat broke my
crystal ball, and the spare one is somewhere hidden
in the cellar ... so I have to ask:

what kernel version? 
what patch version?
what tools and what tool version?
what host distro?
what guest distro?
what configuration?

TIA,
Herbert

> greetings
> Sebastian
> 
> --
> Sebastian Ganschow
> mailto:[EMAIL PROTECTED]
> 
> 
> 
> 
> 
> 
> This message was sent using IMP, the Internet Messaging Program.
> ___
> Vserver mailing list
> [EMAIL PROTECTED]
> http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] network trouble

[Michael Ganzhorn]

Herbert Poetzl schrieb:
On Fri, Jul 30, 2004 at 10:06:34AM +0200, Michael Ganzhorn wrote:
 

Hi there,
I have got a problem within a running  vserver instance. I can connect 
to the vserver via ping, ssh, telnet, ... but from inside the vserver 
instance i only can ping other systems, no chance to ssh or telnet to 
other systems.
   

 

Do you have an idea what could be the reason???
   

about 1000, so to narrow it down the following infos
might be really appreciated:
- the kernel version
- the linux-vserver patch version
- the utility and it's version
- your vserver configuration
- the network setup on the host
- what actually fails on a ssh out
 

- Kernel: 2.4.26
- linux-vserver patch 2.4.26 vsl 28
- util-vserver-0.30
-vserver-config:
if [ "" = "" ] ; then
PROFILE=prod
fi
case $PROFILE in
prod)
IPROOT=10.1.1.40
IPROOTDEV=eth0
S_HOSTNAME=raynix
;;
backup)
IPROOT=1.2.3.4
S_HOSTNAME=
;;
esac
S_DOMAINNAME=
S_NICE=
S_FLAGS="lock nproc"
ULIMIT="-HS -u 1000"
S_CAPS="CAP_NET_RAW CAP_SYS_RAWIO CAP_SYS_RESOURCE CAP_SYS_ADMIN 
CAP_SYS_MODULE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_MKNOD"

- Network on the  host:
eth0  Protokoll:Ethernet  Hardware Adresse 00:A0:CC:61:56:84
 inet Adresse:10.1.1.1  Bcast:10.1.1.255  Maske:255.255.255.0
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:10069614 errors:1 dropped:0 overruns:0 frame:0
 TX packets:21880805 errors:0 dropped:0 overruns:0 carrier:0
 Kollisionen:0 Sendewarteschlangenlänge:1000
 RX bytes:1187497970 (1.1 GiB)  TX bytes:3734077679 (3.4 GiB)
 Interrupt:11 Basisadresse:0xd800
eth0:rayn Protokoll:Ethernet  Hardware Adresse 00:A0:CC:61:56:84
 inet Adresse:10.1.1.40  Bcast:10.1.1.255  Maske:255.255.255.0
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 Interrupt:11 Basisadresse:0xd800
eth1  Protokoll:Ethernet  Hardware Adresse 00:0E:A6:5B:6C:48
 UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
 RX packets:4592318 errors:0 dropped:0 overruns:0 frame:0
 TX packets:4580858 errors:0 dropped:0 overruns:0 carrier:0
 Kollisionen:11614 Sendewarteschlangenlänge:1000
 RX bytes:1193318894 (1.1 GiB)  TX bytes:2125739076 (1.9 GiB)
 Interrupt:11 Basisadresse:0xa800
loProtokoll:Lokale Schleife
 inet Adresse:127.0.0.1  Maske:255.0.0.0
 UP LOOPBACK RUNNING  MTU:16436  Metric:1
 RX packets:2551382 errors:0 dropped:0 overruns:0 frame:0
 TX packets:2551382 errors:0 dropped:0 overruns:0 carrier:0
 Kollisionen:0 Sendewarteschlangenlänge:0
 RX bytes:1543417633 (1.4 GiB)  TX bytes:1543417633 (1.4 GiB)
ppp0  Protokoll:Punkt-zu-Punkt Verbindung
 inet Adresse:217.230.22.108  P-z-P:217.5.98.33  
Maske:255.255.255.255
 UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
 RX packets:8036 errors:0 dropped:0 overruns:0 frame:0
 TX packets:6765 errors:0 dropped:0 overruns:0 carrier:0
 Kollisionen:0 Sendewarteschlangenlänge:3
 RX bytes:2100918 (2.0 MiB)  TX bytes:608999 (594.7 KiB)

-ssh works on host in the local net, but not outside, nat seams not to 
work but i don`t know why, its setup the same way than for the other 
hosts (the firewall is running on the same machine).

On other problem i have, i need to run a  xserver on the host but its 
not working


I checked also my firewall settings, but found nothing special.
   

- what the fw settings are
- what tcpdump on a 'failing' ssh/telnet looks like
TIA,
Herbert
 

regards
micha

--

On the requirements it said: Windows 98 or better - so I installed Linux
Michael Ganzhorn
mailto:[EMAIL PROTECTED]
webhome:http://www.ganzhorn.de
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
   


--

On the requirements it said: Windows 98 or better - so I installed Linux
Michael Ganzhorn
mailto:[EMAIL PROTECTED]
webhome:http://www.ganzhorn.de
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Reiser4 views/process oriented security proposal

[Christian Mayrhuber]

Could become interesting:
  http://www.namesys.com/blackbox_security.html

What do you think, maybe views instead of
chroot() + mount --bind?

-- 
lg, Chris
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] Here is your tracking # Z1 00891

[Grace Reynolds]

Hi,

Did you recieve my email from last week?  I'm happy to tell you
that you are app roved for a new home lo an with a 6.78% ra te

Your tracking number is # G8 704 807
You must visit the site below in 24 hrs to confirm your details.

http://homeloanbasics.net/?partid=moffob

Best Regards,

Grace Reynolds
General Manager
US First Lenders

--

For no more mailings http://homeloanbasics.net/st.html
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] network trouble

[Herbert Poetzl]

On Mon, Aug 02, 2004 at 09:28:28PM +0200, Michael Ganzhorn wrote:
> Herbert Poetzl schrieb:
> 
> >On Fri, Jul 30, 2004 at 10:06:34AM +0200, Michael Ganzhorn wrote:
> >
> >>Hi there,
> >>
> >>I have got a problem within a running  vserver instance. I can connect 
> >>to the vserver via ping, ssh, telnet, ... but from inside the vserver 
> >>instance i only can ping other systems, no chance to ssh or telnet to 
> >>other systems.
> >
> >>Do you have an idea what could be the reason???
> >
> - Kernel: 2.4.26
> - linux-vserver patch 2.4.26 vsl 28
> - util-vserver-0.30
> 
> -vserver-config:
> if [ "" = "" ] ; then
> PROFILE=prod
> fi
> 
> case $PROFILE in
> prod)
> IPROOT=10.1.1.40
> IPROOTDEV=eth0
> S_HOSTNAME=raynix
> ;;
> backup)
> IPROOT=1.2.3.4
> S_HOSTNAME=
> ;;
> esac
> S_DOMAINNAME=
> S_NICE=
> S_FLAGS="lock nproc"
> ULIMIT="-HS -u 1000"
> S_CAPS="CAP_NET_RAW CAP_SYS_RAWIO CAP_SYS_RESOURCE CAP_SYS_ADMIN 
> CAP_SYS_MODULE CAP_NET_BROADCAST CAP_NET_ADMIN CAP_MKNOD"

hmm, I hope you are not using linux-vserver
to enhance security, because this selection
of capabilities does not leave any security
feature intact ... (JFYI)

> - Network on the  host:
> eth0  Protokoll:Ethernet  Hardware Adresse 00:A0:CC:61:56:84
>  inet Adresse:10.1.1.1  Bcast:10.1.1.255  Maske:255.255.255.0
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>  RX packets:10069614 errors:1 dropped:0 overruns:0 frame:0
>  TX packets:21880805 errors:0 dropped:0 overruns:0 carrier:0
>  Kollisionen:0 Sendewarteschlangenlänge:1000
>  RX bytes:1187497970 (1.1 GiB)  TX bytes:3734077679 (3.4 GiB)
>  Interrupt:11 Basisadresse:0xd800
> 
> eth0:rayn Protokoll:Ethernet  Hardware Adresse 00:A0:CC:61:56:84
>  inet Adresse:10.1.1.40  Bcast:10.1.1.255  Maske:255.255.255.0
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>  Interrupt:11 Basisadresse:0xd800
> 
> eth1  Protokoll:Ethernet  Hardware Adresse 00:0E:A6:5B:6C:48
>  UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>  RX packets:4592318 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:4580858 errors:0 dropped:0 overruns:0 carrier:0
>  Kollisionen:11614 Sendewarteschlangenlänge:1000
>  RX bytes:1193318894 (1.1 GiB)  TX bytes:2125739076 (1.9 GiB)
>  Interrupt:11 Basisadresse:0xa800
> 
> loProtokoll:Lokale Schleife
>  inet Adresse:127.0.0.1  Maske:255.0.0.0
>  UP LOOPBACK RUNNING  MTU:16436  Metric:1
>  RX packets:2551382 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:2551382 errors:0 dropped:0 overruns:0 carrier:0
>  Kollisionen:0 Sendewarteschlangenlänge:0
>  RX bytes:1543417633 (1.4 GiB)  TX bytes:1543417633 (1.4 GiB)
> 
> ppp0  Protokoll:Punkt-zu-Punkt Verbindung
>  inet Adresse:217.230.22.108  P-z-P:217.5.98.33  
> Maske:255.255.255.255
>  UP PUNKTZUPUNKT RUNNING NOARP MULTICAST  MTU:1492  Metric:1
>  RX packets:8036 errors:0 dropped:0 overruns:0 frame:0
>  TX packets:6765 errors:0 dropped:0 overruns:0 carrier:0
>  Kollisionen:0 Sendewarteschlangenlänge:3
>  RX bytes:2100918 (2.0 MiB)  TX bytes:608999 (594.7 KiB)
> 
> -ssh works on host in the local net, but not outside, nat seams not to 
> work but i don`t know why, its setup the same way than for the other 
> hosts (the firewall is running on the same machine).

this looks like you want to use the local address
from eth0 (10.1.1.40) for outgoing traffic over
a different network (like 217.230.22.108/217.5.98.33)

if you are trying to use masquerading (-j MASQUERADE)
you are using the wrong method. it will work if you
setup proper SNAT in the POSTROUTING chain ...

see the documentation on linux-vserver.org 
(More DOcumentation, last few entries regarding net)
especially the following posting:

  http://list.linux-vserver.org/archive/vserver/msg06667.html


> On other problem i have, i need to run a  xserver on the host but its 
> not working

hmm, well, any hints what is not working?

HTH,
Herbert

> >>I checked also my firewall settings, but found nothing special.
> >
> >- what the fw settings are
> >- what tcpdump on a 'failing' ssh/telnet looks like
> >
> >TIA,
> >Herbert
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Reiser4 views/process oriented security proposal

[Sam Vilain]

Christian Mayrhuber wrote:
> Could become interesting:
>   http://www.namesys.com/blackbox_security.html
> What do you think, maybe views instead of chroot() + mount --bind?
Just think how many years it took databases to get transactions and
views right ...  but it is exciting nonetheless, no doubt reiserfs4
will be ready for this purpose for my grandchildren.
Reiserfs3 is supposed to be stable , but the last time I had a
filesystem gain mysterious unstat()able inodes with it was only months
ago, with 2.4.25.
  "We don't touch the V3 code except to fix a bug, and as a result we
   don't get bug reports for the current mainstream kernel version."
 -- Hans Reiser
I wondered whether I should have shattered his illusions then, but decided
to leave him in blissful ignorance forever instead[*].
Sam.
* - relax, it was probably hardware...
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Reiser4 views/process oriented security proposal

[Avery Pennarun]

On Tue, Aug 03, 2004 at 10:11:22AM +1200, Sam Vilain wrote:

> Reiserfs3 is supposed to be stable , but the last time I had a
> filesystem gain mysterious unstat()able inodes with it was only months
> ago, with 2.4.25.

For what it's worth, we use reiser3 on every server we sell (several
thousand so far) and have never run into reiser random corruption problems
except in the case of hardware that later turned out to be definitely
faulty.

We always run a memory test on every server before it ships, and we return
about 25% of motherboards to the manufacturer before shipping because of
this :(  Some computers do go bad about a year later, eg. because of the
"exploding capacitor" problem that started a couple of years ago.

Computers nowadays are *really* badly made.  It's hard to believe until you
have a large sample size, but it's true.

Have fun,

Avery

P.S. On the other hand, at least you know e2fsck has been well tested. 
Nobody ever actually runs reiserfsck, which doesn't help its reliability.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] (no subject)

[Lucas Albers]

I am trying to create new haresource script to cover vserver.
Does anyone have a haresource script for vserver, they would like to share?


high availability wiki:
http://linuxha.trick.ca

high availability homepage:
http://www.linux-ha.org/

google:

mailing list archive:
http://www.progressive-comp.com/Lists/?l=linux-ha&r=1&w=2#linux-ha

And could not find more information on doing this.

I am doing this on debian testing using heartbeat 1.2.


-- 
Luke Computer Science System Administrator
Security Administrator,College of Engineering
Montana State University-Bozeman,Montana


___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] Problem rebooting the System

[Sebastian Ganschow]

Quoting Herbert Poetzl <[EMAIL PROTECTED]>:

> On Mon, Aug 02, 2004 at 05:24:40PM +0200, Sebastian Ganschow wrote:
> > Hi,
>
> Hi Sebastian!
>
> > I've got another Problem. When I'm using Context Disk Limits
> > it is necassary to set the context ID in the configuration
> > file with the Option S_CONTEXT. But when I set the context
> > ID the vservers so not start while starting the System
> > although the ON_BOOT Flag is set to yes.
> >
> > The following message appears:
> >
> > Starting the virtual server host2
> > Server host2 is not running
> > Usage: init 0123456SsQqAaBbCcUu
> >
> > When there is no context ID set, the vserver is starting
> > while starting the System.
>
> first I have to apologize, yesterday my cat broke my
> crystal ball, and the spare one is somewhere hidden
> in the cellar ... so I have to ask:

Ohh, that's bad. ;)

Here's the info...

>
> what kernel version?
2.4.25-v1.27

> what patch version?
patch-2.4.26-vs1.27.diff
patch-2.4.25-vs1.27-q0.14.diff

> what tools and what tool version?
util-vserver-0.30

> what host distro?
Debian Woody

> what guest distro?
also Debian Woody

> what configuration?
S_HOSTNAME="host2"
IPROOT="192.168.1.122"
IPROOTDEV="eth0"
ONBOOT="yes"
S_NICE=""
S_FLAGS="lock nproc fakeinit"
ULIMIT="-u 256 -n 1024 -t 32768"
#S_CAPS="CAP_NET_RAW"
S_CONTEXT="102"
# *NOT* DNS domain name, for NIS only
S_DOMAINNAME=""

Hope it helps a little bit finding the Problem...

I've got another Question: Is it correct, that either i can use
S_CAPS="CAP_NET_RAW" and can ping but also can see the Network Traffic of the
other Vserver with tcpdump or don't use S_CAPS="CAP_NET_RAW" but can't ping
anymore?

Sebastian

>
> TIA,
> Herbert
>
> > greetings
> > Sebastian
> >
> > --
> > Sebastian Ganschow
> > mailto:[EMAIL PROTECTED]
> >
> >
> >
> >
> >
> > 
> > This message was sent using IMP, the Internet Messaging Program.
> > ___
> > Vserver mailing list
> > [EMAIL PROTECTED]
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
>
>
--
Sebastian Ganschow
mailto:[EMAIL PROTECTED]



This message was sent using IMP, the Internet Messaging Program.
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver