Re: [Vserver] Pseudo terminal proxy for util-vserver
[EMAIL PROTECTED] (Benedikt Böhm) writes:
> With regard to the /dev/pts issue on "vserver enter" i have ported
> the vlogin application from vserver-utils to util-vserver-0.30.210
Mmmh... without looking at the complete code, doing operations in the
shown order is insecure:
> + if (vc_ctx_migrate(opts.xid) == -1)
> + PEXIT("Failed to migrate to context", EXIT_COMMAND);
> + ...
> + if (chroot(".") == -1)
> + PEXIT("Failed to chroot to cwd", EXIT_COMMAND);
Attacker in context could ptrace the process between both commands and
would get access to the host's /-filesystem.
Enrico
pgpTK4aq2QmLx.pgp
Description: PGP signature
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] www.virtualinfrastructure.nl
Hi there, as Joep Gommers of virtualinfrastructure.nl seems unavailable and his site contains lots of "Casino" spam entries (possibly beeing hacked, although probably only beeing "spammed down") I removed his link from the start page. This abviousely also effects the "Logo contest", which got "spammed down" as well 8-( Anyone having contact to Joep to get this sorted? -- regards 'n greez, Guenther Fuchs (aka "muh" and "powerfox") ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Trying to create vserver on logical volume fails....
Hi there, on Saturday, March 4, 2006 at 10:41:47 AM there was posted: BI> It seems like it is not allowed to use '-' in the vserver name I guess this is beeing a shell problem, "-" is usually interpreted as an shell parameter "escape", so this (IMHO) should not be used for any automated script. BI> Performing the following to resolve dependencies: BI> Install: device-mapper.i386 0:1.01.04-1.0.RHEL4 - updates-released BI> Install: initscripts.i386 0:7.93.20.EL-1.WB1 - updates-released This seems to fall back on your personal repositary which does not resolve the dependancies proper. -- regards 'n greez, Guenther Fuchs (aka "muh" and "powerfox") ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kde and ltsp on a guest
Hi Oliver. > as all guest use the "original" kernel more or less directly, there is > almost no performance loss and even no networking latency ! :) > But you might run into problems regardig proper rights that X needs on > the kernel to run the grafics card - I am not that deep in the stuff to > give you adequate advise on this - but I think there are several people > here who can... I don't intend to run an X server on the host or guest servers, only on the terminals. > If you get this up and running - I would appreciate to see your resukts > on the wiki or here on the list (have the same need but didnt spend any > efforts so long..) it would be a pleasure. Chris. > -- > Diese Nachricht wurde digital unterschrieben > oliwel's public key: http://www.oliwel.de/oliwel.crt > Basiszertifikat: http://www.ldv.ei.tum.de/page72 > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] Trying to create vserver on logical volume fails....
Hi again, > Caused by a bug in rpm. You will need a similar 'initpre' > script like those of FC4 and other RH variants. It seems like it is not allowed to use '-' in the vserver name - I tried replacing it with '_', and then the installation seems to start (at least). But after running through the install-stuff, I've got a bunch of warnings/errors like: Performing the following to resolve dependencies: Install: device-mapper.i386 0:1.01.04-1.0.RHEL4 - updates-released Install: initscripts.i386 0:7.93.20.EL-1.WB1 - updates-released warning: package device-mapper = 1.00.19-2 was already added, replacing with device-mapper <= 1.01.04-1.0.RHEL4 Transaction Check Error: file /bin/doexec conflicts between attempted installs of initscripts-7.93.11.EL-1.WB1 and initscripts-7.93.20.EL-1.WB1 file /bin/ipcalc conflicts between attempted installs of initscripts-7.93.11.EL-1.WB1 and initscripts-7.93.20.EL-1.WB1 file /bin/usleep conflicts between attempted installs of initscripts-7.93.11.EL-1.WB1 and initscripts-7.93.20.EL-1.WB1 file /etc/X11/prefdm conflicts between attempted installs of initscripts-7.93.11.EL-1.WB1 and initscripts-7.93.20.EL-1.WB1 file /etc/rc.d/init.d/functions conflicts between attempted installs of initscripts-7.93.11.EL-1.WB1 and initscripts-7.93.20.EL-1.WB1 How do I avoid these conflicts ? Regards, /Brian ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] kde and ltsp on a guest
Hi Chris, as all guest use the "original" kernel more or less directly, there is almost no performance loss and even no networking latency. But you might run into problems regardig proper rights that X needs on the kernel to run the grafics card - I am not that deep in the stuff to give you adequate advise on this - but I think there are several people here who can... If you get this up and running - I would appreciate to see your resukts on the wiki or here on the list (have the same need but didnt spend any efforts so long..) Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72 smime.p7s Description: S/MIME Cryptographic Signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] kde and ltsp on a guest
Hello, I would like some advise please. I am trying to setup an X terminal server (LTSP and KDE) on a virtual machine to help me with maintainence and distribution. I tried with Xen. I had kde and ltsp installed on a domU and exported the homes from dom0. It didn't work. Networking to domU is too slow and caused problems. I would like to try again. I think UML is probable too slow for many simultaneous kde users. >From what I have read on the vserver website and the good video - just like being there :) -, it seems that a vserver guest would have little or no performance loss, right? What about the network issue I had with domU in Xen. How fast are vserver guest network interfaces? Any other advise? Thankyou very much. Chris. ps. sorry if I've sent this email to the list twice. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] kde and ltsp on a guest
Hello, I would like some advise please. I am trying to setup an X terminal server (LTSP and KDE) on a virtual machine to help me with maintainence and distribution. I tried with Xen. I had kde and ltsp installed on a domU and exported the homes from dom0. It didn't work. Networking to domU is too slow and caused problems. I would like to try again. I think UML is probable too slow for many simultaneous kde users. >From what I have read on the vserver website and the good video - just like being there :) -, it seems that a vserver guest would have little or no performance loss, right? What about the network issue I had with domU in Xen. How fast are vserver guest network interfaces? Any other advise? Thankyou very much. Chris. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
RE: [Vserver] Trying to create vserver on logical volume fails....
Hi, > > I've created my own repo with Whitebox Enterprise Linux 4 - > > but when trying to add a vserver (for which a logical volume > > has been created and mounted in /vservers/vsrv01-mysql) > > I get this error: > > ... > > | error: unpacking of archive failed on file /usr/bin/X11;42dd8791: > > Caused by a bug in rpm. You will need a similar 'initpre' > script like those of FC4 and other RH variants. Initpre scripts etc created... Now I get: # ./vserver-build -m yum -n vsrv01-apache --hostname mysql.vsrv01.domain.dk --interface vsrv01-mysql=eth0:192.168.1.63 -- -d wbel4 /etc/vservers/.defaults/vdirbase/vsrv01-apache/lost+found /usr/lib/util-vserver/functions: line 206: -n: command not found # ./vserver-build -m yum -n vsrv01-apache --force --hostname mysql.vsrv01.domain.dk --interface vsrv01-mysql=eth0:192.168.1.63 -- -d wbel4 /etc/vservers/.defaults/vdirbase/vsrv01-apache/lost+found mv: cannot move `/etc/vservers/.defaults/vdirbase/vsrv01-apache' to `/etc/vservers/.defaults/vdirbase/vsrv01-apache.~1141462908~': Device or resource busy And still no access towards the repository ... I wonder why it fails on the '-n' parameter ? I've tried to remove the '-' in the name specified (vsrv01-apache) - then it seems to be able to accept the input parameters Is this a bug ? Is it not allowed to include '-' in the vserver name ? /Brian ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Pseudo terminal proxy for util-vserver
With regard to the /dev/pts issue on "vserver enter" i have ported the
vlogin application from vserver-utils to util-vserver-0.30.210
See also http://list.linux-vserver.org/archive/vserver/msg12117.html
Bene
diff -NurpP util-vserver-0.30.210/scripts/Makefile-files util-vserver-0.30.210-vlogin/scripts/Makefile-files
--- util-vserver-0.30.210/scripts/Makefile-files 2005-04-28 19:45:34.0 +0200
+++ util-vserver-0.30.210-vlogin/scripts/Makefile-files 2006-03-04 09:48:30.0 +0100
@@ -52,7 +52,8 @@ scripts_pkglib_src_DTA = scripts/functio
scripts/vserver.functions \
scripts/vserver.start \
scripts/vserver.stop \
-scripts/vserver.suexec
+scripts/vserver.suexec \
+scripts/vserver.login
scripts_pkglib_gen_DTA = scripts/util-vserver-vars
diff -NurpP util-vserver-0.30.210/scripts/util-vserver-vars.pathsubst util-vserver-0.30.210-vlogin/scripts/util-vserver-vars.pathsubst
--- util-vserver-0.30.210/scripts/util-vserver-vars.pathsubst 2006-01-22 13:24:25.0 +0100
+++ util-vserver-0.30.210-vlogin/scripts/util-vserver-vars.pathsubst 2006-03-04 09:55:46.0 +0100
@@ -72,6 +72,7 @@ _VDU="$__SBINDIR/vdu"
_VHASHIFY="$__PKGLIBDIR/vhashify"
_VKILL="$__SBINDIR/vkill"
_VLIMIT="$__SBINDIR/vlimit"
+_VLOGIN="$__SBINDIR/vlogin"
_VNAMESPACE="$__SBINDIR/vnamespace"
_VPKG="$__PKGLIBDIR/vpkg"
_VPROCUNHIDE="$__PKGLIBDIR/vprocunhide"
diff -NurpP util-vserver-0.30.210/scripts/vserver util-vserver-0.30.210-vlogin/scripts/vserver
--- util-vserver-0.30.210/scripts/vserver 2005-10-28 20:29:00.0 +0200
+++ util-vserver-0.30.210-vlogin/scripts/vserver 2006-03-04 09:47:52.0 +0100
@@ -101,6 +101,11 @@ function suexec()
. $__PKGLIBDIR/vserver.suexec
}
+function vlogin()
+{
+. $__PKGLIBDIR/vserver.login
+}
+
function restart()
{
"[EMAIL PROTECTED]" --sync "$vserver" stop
@@ -220,7 +225,7 @@ case "$2" in
;;
(enter)
getEnterShell "$VSERVER_DIR"
- suexec root "[EMAIL PROTECTED]"
+ vlogin "[EMAIL PROTECTED]"
;;
(running)
isVserverRunning "$VSERVER_DIR"
diff -NurpP util-vserver-0.30.210/scripts/vserver.login util-vserver-0.30.210-vlogin/scripts/vserver.login
--- util-vserver-0.30.210/scripts/vserver.login 1970-01-01 01:00:00.0 +0100
+++ util-vserver-0.30.210-vlogin/scripts/vserver.login 2006-03-04 09:46:19.0 +0100
@@ -0,0 +1,32 @@
+# $Id: vserver.suexec,v 1.14 2005/07/15 19:01:06 ensc Exp $ --*- sh -*--
+
+# Copyright (C) 2003 Enrico Scholz <[EMAIL PROTECTED]>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+is_stopped=
+isVserverRunning "$VSERVER_DIR" S_CONTEXT || is_stopped=1
+test -z "$is_stopped" || {
+echo $"'vserver ... suexec' is supported for running vservers only; aborting..." >&2
+exit 1
+}
+
+generateOptions "$VSERVER_DIR"
+
+pushd "$VSERVER_DIR"/vdir/ >/dev/null
+
+${USE_VNAMESPACE:+$_VNAMESPACE --enter "$S_CONTEXT" -- } \
+${_VLOGIN} -n ${S_CONTEXT} -x ${S_CONTEXT} -- "$@"
+
+popd >/dev/null
diff -NurpP util-vserver-0.30.210/src/Makefile-files util-vserver-0.30.210-vlogin/src/Makefile-files
--- util-vserver-0.30.210/src/Makefile-files 2006-01-22 12:28:00.0 +0100
+++ util-vserver-0.30.210-vlogin/src/Makefile-files 2006-03-04 09:34:00.0 +0100
@@ -67,6 +67,7 @@ DIETPROGS += src/chcontext-compat \
src/vcontext \
src/vcopy \
src/vkill \
+ src/vlogin \
src/vsched \
src/vshelper-sync \
src/vrsetup \
@@ -141,6 +142,7 @@ sbin_PROGRAMS += src/chbind \
src/vcontext \
src/vlimit \
src/vkill \
+ src/vlogin \
src/vnamespace \
src/vrsetup \
src/vsched \
@@ -201,6 +203,10 @@ src_vkill_LDADD = $(VSERVER_LDADDS)
src_vkill_LDFLAGS = $(VSERVER_LDFLGS)
src_vkill_CPPFLAGS = $(AM_CPPFLAGS) -DLEGACYDIR=\"$(legacydir)\"
+src_vlogin_SOURCES = src/vlogin.c
+src_vlogin_LDADD = $(VSERVER_LDADDS)
+src_vlogin_LDFLAGS = $(VSERVER_LDFLGS)
+
src_vlimit_SOURCES = src/vlimit.c
src_vlimit_LDADD = $(VSERVER_LDADDS)
src_vlimit_LDFLAGS = $(VSERVER_LDFLGS)
diff -NurpP util-vserver-0.30.210/src/vlogin.c util-vserver-0.30.210-vlogin/src/vlogin.c
--- util-vserver-0.30.210/src/vlogin.c 1970-01-01 01:00:00.0 +0100
+++ util-vserver-0.30.210-vlogin/src/vlogin.c 2006-03-04 09:56:27.0 +0100
@@ -0,0 +1,450 @@
+/***
+ * Copyright 2005 by the vserver-u
Re: [Vserver] Trying to create vserver on logical volume fails....
[EMAIL PROTECTED] (Brian Ipsen) writes: > I've created my own repo with Whitebox Enterprise Linux 4 - but when trying > to add a vserver (for which a logical volume has been created and mounted in > /vservers/vsrv01-mysql) I get this error: > ... > | error: unpacking of archive failed on file /usr/bin/X11;42dd8791: Caused by a bug in rpm. You will need a similar 'initpre' script like those of FC4 and other RH variants. Enrico pgpIVVmcNzJU1.pgp Description: PGP signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
