Re: [Vserver] Re: vsched segfault (and workaround ;)
[EMAIL PROTECTED] (Adrian Reyer) writes: >> > as pointed out by Hollow, confirmed by me and workarounded by Bertl, >> > vsched with hard limits segfaults after setting the values. by ading >> > '-- true' to the command line, it stops segfaulting while continue >> > working correctly. >> Sorry, can not reproduce it. Can you give an example please? > > Sure, happens here on amd64, Hollow has it on i386. I myself use > 2.6.10-rc3-vs1.9.3.11: > # vsched --xid 49161 --fill-rate 2 --interval 100 --tokens 499 --tokens-min 1 > --tokens-max 999 --prio-bias 0 > Segmentation fault Thx; stupid error, should be fixed in CVS now http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/src/vsched.c.diff?r1=1.5&r2=1.6 Enrico ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] whitebox kernel patches
Hi, Just wondering if there is a vserver 1.29 diff against the latest whitebox kernel: 2.4.21-20.ELsmp ? Thanks, ajt. -- Andrew Thomson <[EMAIL PROTECTED]> ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: vsched segfault (and workaround ;)
Adrian Reyer wrote: I attach an strace of the failed call: # strace vsched --xid 49161 --fill-rate 2 --interval 100 --tokens 499 --tokens-min 1 --tokens-max 999 --prio-bias 0 [...] vserver(0xe010003, 0xc009, 0x7fbac0, 0x2, 0) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ strace is no good for getting useful information about segfaults. However, it is easy to find out which function caused the segfault and this information can be invaluable for developers: - compile libraries and binaries with gcc -g (usually setting CCOPTS=-g during `make' phase is enough for this) - run program with gdb, and use "bt" to get a stack trace; $ gdb /path/to/binary (gdb) run --xid 49161 ... ... SEGV (gdb) bt Posting the entire gdb session output is usually worthwhile. In this case, it's pretty obvious where the fault is happening, but for next time ;-). -- Sam Vilain, sam /\T vilain |><>T net, PGP key ID: 0x05B52F13 (include my PGP key ID in personal replies to avoid spam filtering) ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: vsched segfault (and workaround ;)
On Mon, Dec 20, 2004 at 09:57:59PM +0100, Enrico Scholz wrote: > > as pointed out by Hollow, confirmed by me and workarounded by Bertl, > > vsched with hard limits segfaults after setting the values. by ading > > '-- true' to the command line, it stops segfaulting while continue > > working correctly. > Sorry, can not reproduce it. Can you give an example please? Sure, happens here on amd64, Hollow has it on i386. I myself use 2.6.10-rc3-vs1.9.3.11: # vsched --xid 49161 --fill-rate 2 --interval 100 --tokens 499 --tokens-min 1 --tokens-max 999 --prio-bias 0 Segmentation fault # vsched --xid 49161 --fill-rate 2 --interval 100 --tokens 499 --tokens-min 1 --tokens-max 999 --prio-bias 0 -- true # Both methods set the values correctly according to '# cat /proc/virtual/49161/sched' I attach an strace of the failed call: # strace vsched --xid 49161 --fill-rate 2 --interval 100 --tokens 499 --tokens-min 1 --tokens-max 999 --prio-bias 0 execve("/usr/sbin/vsched", ["vsched", "--xid", "49161", "--fill-rate", "2", "--interval", "100", "--tokens", "499", "--tokens-min", "1", "--tokens-max", "999", "--prio-bias", "0"], [/* 15 vars */]) = 0 uname({sys="Linux", node="master1a", ...}) = 0 brk(0) = 0x502000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a9556a000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.preload", O_RDONLY)= -1 ENOENT (No such file or directory) open("/usr/lib/tls/x86_64/libvserver.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib/tls/x86_64", 0x7fb1e0) = -1 ENOENT (No such file or directory) open("/usr/lib/tls/libvserver.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib/tls", 0x7fb1e0) = -1 ENOENT (No such file or directory) open("/usr/lib/x86_64/libvserver.so.0", O_RDONLY) = -1 ENOENT (No such file or directory) stat("/usr/lib/x86_64", 0x7fb1e0) = -1 ENOENT (No such file or directory) open("/usr/lib/libvserver.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0006\0\0"..., 640) = 640 fstat(3, {st_mode=S_IFREG|0755, st_size=638544, ...}) = 0 mmap(NULL, 1088368, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2a9566c000 mprotect(0x2a95675000, 1051504, PROT_NONE) = 0 mmap(0x2a9576c000, 40960, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x2a9576c000 close(3)= 0 open("/usr/lib/libc.so.6", O_RDONLY)= -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=14059, ...}) = 0 mmap(NULL, 14059, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2a95776000 close(3)= 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/libc.so.6", O_RDONLY)= 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\324\1\0"..., 640) = 640 fstat(3, {st_mode=S_IFREG|0644, st_size=1294400, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a9577a000 mmap(NULL, 2353800, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2a9577b000 mprotect(0x2a9589d000, 1165960, PROT_NONE) = 0 mmap(0x2a9597b000, 241664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x10) = 0x2a9597b000 mmap(0x2a959b6000, 14984, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a959b6000 close(3)= 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a959ba000 arch_prctl(0x1002, 0x2a959ba090)= 0 munmap(0x2a95776000, 14059) = 0 vserver(0, 0x3f, 0, 0, 0) = 65572 vserver(0xe010003, 0xc009, 0x7fbac0, 0x2, 0) = 0 --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++ Regards, Adrian -- LiHAS - LinuxHaus Stuttgart Fon: +49 (7 11) 2 85 19 05 Inh.: Adrian Reyer Fax: +49 (7 11) 5 78 06 92 Mail: [EMAIL PROTECTED] Linux, Netzwerke, Consulting & Support http://lihas.de/ ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] vsched segfault (and workaround ;)
Hi there, as pointed out by Hollow, confirmed by me and workarounded by Bertl, vsched with hard limits segfaults after setting the values. by ading '-- true' to the command line, it stops segfaulting while continue working correctly. Regards, Adrian -- LiHAS - LinuxHaus Stuttgart Fon: +49 (7 11) 2 85 19 05 Inh.: Adrian Reyer Fax: +49 (7 11) 5 78 06 92 Mail: [EMAIL PROTECTED] Linux, Netzwerke, Consulting & Support http://lihas.de/ ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: vsched segfault (and workaround ;)
On 2004.12.20 21:57:59 +0100, Enrico Scholz wrote: > Adrian Reyer <[EMAIL PROTECTED]> writes: > > > as pointed out by Hollow, confirmed by me and workarounded by Bertl, > > vsched with hard limits segfaults after setting the values. by ading > > '-- true' to the command line, it stops segfaulting while continue > > working correctly. > > Sorry, can not reproduce it. Can you give an example please? Fails: # vsched --xid 123 --interval 1 Segmentation fault Works: # vsched --xid 123 --interval 1 -- true # I guess the unconditional call of EexecvpD() is guilty: src/vsched.c:151 EexecvpD(argv[optind],argv+optind); argv[optind] is probably NULL or so HTH Bjoern ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Troubles with linebreaks
OK, what do you think about the following patch? #v+ --- util-vserver-0.30.196/scripts/vserver 2004-08-27 23:06:45.0 +0200 +++ /sbin/vserver 2004-12-20 20:46:26.0 +0100 @@ -184,6 +184,16 @@ exit 5 } >&2 +# check for missing linebreak +find "$VSERVER_DIR" -type f -print | while read line +do + if [ 0 -eq `tail -n1 "$line" | wc -l` ]; then + echo "Warning: One of your config-files has no final newline or is empty. This *will* cause trouble" >&2 + echo "Stop this process now and change $line" 2>&1 + sleep 8 + fi +done + if test -e "$VSERVER_DIR"/name; then read VSERVER_NAME <"$VSERVER_DIR"/name else v#- signature.asc Description: Digital signature ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: vsched segfault (and workaround ;)
Adrian Reyer <[EMAIL PROTECTED]> writes: > as pointed out by Hollow, confirmed by me and workarounded by Bertl, > vsched with hard limits segfaults after setting the values. by ading > '-- true' to the command line, it stops segfaulting while continue > working correctly. Sorry, can not reproduce it. Can you give an example please? Enrico ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apt-get and vserver problem
Correction: -A POSTROUTING -o ppp0 -i ppp0 won't work, sorry. Cheers, Liam On Mon, 2004-12-20 at 09:28 -0800, Liam Helmer wrote: > On Sat, 2004-12-18 at 12:28 +0100, Vincenzo Agosto wrote: > > Herbert Poetzl wrote: > > IP=`ifconfig ppp0 | grep inet | cut -d: -f2 | awk {'print $1'}` > > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j > > SNAT --to-source $IP > > same problem :( > > Wanna try quoting a little less message? ;) > > Add "-i ppp0" to the above line, it'll work better (e.g. -A POSTROUTING > -i ppp0) > > Try a tcpdump now. If there's a problem, it may be that you're missing > allow rules: > > iptables -I INPUT -i ppp0 -m state --state established,related -j ACCEPT > iptables -I OUTPUT -o ppp0 -s 192.168.-j ACCEPT > > That may help. > > Cheers, > Liam > > > > Vserver mailing list > > [EMAIL PROTECTED] > > http://list.linux-vserver.org/mailman/listinfo/vserver -- StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly" ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] X server and /dev/mem
Here's my BCapabilities -> I've been running X inside a vserver for quite some time. This is what I use. CAP_CHOWN CAP_DAC_READ_SEARCH -> needed for X CAP_FOWNER CAP_FSETID CAP_KILL CAP_SETGID CAP_SETUID CAP_SETPCAP -> I use this for ethereal CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW CAP_SYS_MODULE CAP_SYS_RAWIO CAP_SYS_CHROOT -> needed for vserver scripts AFAICT CAP_SYS_PTRACE CAP_SYS_PACCT CAP_MKNOD -> for creating the dev/card/xxx CAP_LEASE Cheers, Liam On Sun, 2004-12-19 at 12:30 -0500, Benoit des Ligneris wrote: > Hello, > > Well, the vserver has some CAP : I tried initially with > CAP_NET_ADMIN and CAP_SYS_ADMIN but with no success. > > After a bit of RTFS, I still believe that no additional CAP should be > necessary but maybe am I wrong ? > > Any suggestion ? > > Ben > > > * Herbert Poetzl <[EMAIL PROTECTED]> [04-12-19 11:12]: > > On Fri, Dec 17, 2004 at 11:17:29PM -0500, Benoit des Ligneris wrote: > > > Hello, > > > > > > We are trying to run an X server inside a vserver. We found some > > > messages on the mailing list but no know success ;-) > > > > > > The errror we have is the following : > > > = Extract of XFree86 log == > > > * BIOS: Failed to open /dev/mem (Operation not permitted) > > > Using vt 7 > > > (--) using VT number 7 > > > > > > (WW) Open APM failed (/dev/apm_bios) (No such device) > > > > > > Fatal server error: > > > xf86EnableIOPorts: Failed to set IOPL for I/O > > > End of Extract of XFree86 log == > > > > > > > > > I noticed that it is not possible to access /dev/mem from inside a > > > vserver. I think this is needed because X try to directly access the > > > memory. > > > > > > Any idea to achieve that ? > > > > hmm, did you try to give proper capabilities to that > > vserver? > > > > no need to mention that access to /dev/mem or /proc/mem > > will allow to wipe out your host machine ... > > > > best, > > Herbert > > > > > Thanks by advance, > > > > > > Ben > > > > > > -- > > > Benoit des Ligneris Ph. D. > > > President de Revolution Linux http://www.revolutionlinux.com/ > > > OSCAR Chairhttp://oscar.openclustergroup.org/ > > > Chef de projet EduLinux http://www.edulinux.org/ > > > ___ > > > Vserver mailing list > > > [EMAIL PROTECTED] > > > http://list.linux-vserver.org/mailman/listinfo/vserver -- StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly" ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] apt-get and vserver problem
On Sat, 2004-12-18 at 12:28 +0100, Vincenzo Agosto wrote: > Herbert Poetzl wrote: > IP=`ifconfig ppp0 | grep inet | cut -d: -f2 | awk {'print $1'}` > iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d ! 192.168.1.0/24 -j > SNAT --to-source $IP > same problem :( Wanna try quoting a little less message? ;) Add "-i ppp0" to the above line, it'll work better (e.g. -A POSTROUTING -i ppp0) Try a tcpdump now. If there's a problem, it may be that you're missing allow rules: iptables -I INPUT -i ppp0 -m state --state established,related -j ACCEPT iptables -I OUTPUT -o ppp0 -s 192.168.-j ACCEPT That may help. Cheers, Liam > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver -- StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly" ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: Trouble connecting to own addresses
Thanks, that's it! The loopback device was not running, strange enough. "ifconfig lo up" on the host did the trick! I will change the localhost in entry in /etc/hosts as well, in order to be future-proof.. Have a nice Christmas! Martin Herbert Poetzl wrote: > On Mon, Dec 20, 2004 at 01:08:42PM +0100, Martin Honermeyer wrote: >> Hello, >> >> I've got a SMP VServer machine running on Gentoo. We have the strange >> problem that it is not possible to connect to the host's addresses from >> withhin the host's addresses itself. Which means: > > sounds a little strange ... > >> * Host can't ping or ssh into any VServer. > > definitely some issue with your setup because the > fact 'Host can't ping any VServer' is equal with > 'host can't ping it's own ip addresses' > >> * No VServer can ping or ssh the host or any VServer, >> including itself (localhost)! > > while the first statement leaves a lot of options > (iptables, network config, etc ...) this reduces > the range to a few, with one very likely candidate > > most likely your lo device is misconfigured > make sure that: > > - lo is up (UP LOOPBACK RUNNING) > - lo is configured with 127.0.0.1/8 > >> This means e.g. Mailman doesn't work on my VServer because >> it uses a TCP socket to connect to Postfix running on the >> same VServer, which doesn't work! Only UNIX sockets are working. > > in any case, make sure that you define the IP > of the vserver as 'localhost' in etc hosts, this > will make sure that the packets are redirected > properly ... > >> Can anyone help? As this is really awkward.. > > HTH, > Herbert > >> Greetz, >> Martin >> >> >> $ uname -a >> Linux vservers 2.6.9-vs1.9.3vs-1.9.3 #1 SMP Wed Nov 24 15:11:19 CET 2004 >> i686 Intel(R) Pentium(R) III CPU family 1266MHz GenuineIntel >> GNU/Linux >> >> >> ___ >> Vserver mailing list >> [EMAIL PROTECTED] >> http://list.linux-vserver.org/mailman/listinfo/vserver > ___ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Mini Howto for CPU hard limits
Another tip - put "^19" (without quotes) in the flags file to get virtualized load average. (This will probably be replaced with a word eventually in utils, but for now this works). This will make the vservers see their own load average. Originally, we were using sched_hard to peg the load on the server. But there is nothing worng with a high load, the only problem is that our vserver users didn't like seeing it. With virtualized load and no hard scheduling you get the best of both worlds - on an idle server, a vserver can make use of the resources available, and on a busy server the TBS limits kick in. Grisha On Mon, 20 Dec 2004, Thorsten Gunkel wrote: Create a file named flags and write sched_hard ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Trouble connecting to own addresses
On Mon, Dec 20, 2004 at 01:08:42PM +0100, Martin Honermeyer wrote: > Hello, > > I've got a SMP VServer machine running on Gentoo. We have the strange > problem that it is not possible to connect to the host's addresses from > withhin the host's addresses itself. Which means: sounds a little strange ... > * Host can't ping or ssh into any VServer. definitely some issue with your setup because the fact 'Host can't ping any VServer' is equal with 'host can't ping it's own ip addresses' > * No VServer can ping or ssh the host or any VServer, > including itself (localhost)! while the first statement leaves a lot of options (iptables, network config, etc ...) this reduces the range to a few, with one very likely candidate most likely your lo device is misconfigured make sure that: - lo is up (UP LOOPBACK RUNNING) - lo is configured with 127.0.0.1/8 > This means e.g. Mailman doesn't work on my VServer because > it uses a TCP socket to connect to Postfix running on the > same VServer, which doesn't work! Only UNIX sockets are working. in any case, make sure that you define the IP of the vserver as 'localhost' in etc hosts, this will make sure that the packets are redirected properly ... > Can anyone help? As this is really awkward.. HTH, Herbert > Greetz, > Martin > > > $ uname -a > Linux vservers 2.6.9-vs1.9.3vs-1.9.3 #1 SMP Wed Nov 24 15:11:19 CET 2004 > i686 Intel(R) Pentium(R) III CPU family 1266MHz GenuineIntel GNU/Linux > > > ___ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Trouble connecting to own addresses
Hello, I've got a SMP VServer machine running on Gentoo. We have the strange problem that it is not possible to connect to the host's addresses from withhin the host's addresses itself. Which means: * Host can't ping or ssh into any VServer. * No VServer can ping or ssh the host or any VServer, including itself (localhost)! This means e.g. Mailman doesn't work on my VServer because it uses a TCP socket to connect to Postfix running on the same VServer, which doesn't work! Only UNIX sockets are working. Can anyone help? As this is really awkward.. Greetz, Martin $ uname -a Linux vservers 2.6.9-vs1.9.3vs-1.9.3 #1 SMP Wed Nov 24 15:11:19 CET 2004 i686 Intel(R) Pentium(R) III CPU family 1266MHz GenuineIntel GNU/Linux ___ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver