Re: [Vserver] mountpoints blocked - reloaded -- any updates ?
On Tue, Mar 14, 2006 at 02:01:25PM +0100, alexander goeres - lieblinx.net wrote: > Hello List, hello Herbert, > > is there any update or solution regarding this problem? yep, AFAICR it should be fixed ... (i.e. *-rc12 should not have that problem on 2.6.16-rc5) HTH, Herbert > regards, > Alexander > > Am Samstag, 18. Februar 2006 00:38 schrieb Herbert Poetzl: > > On Fri, Feb 17, 2006 at 01:50:41PM +0100, Oliver Welter wrote: > > > Hi Folks, Hi Bertl, > > > > > > the problem which seemed to be solved re-appeard today with recent > > > kernel patches (2.6.15-gentoo-r4-vs2.1.1-rc6) > > > > > > To reconstruct the problem > > > 1) add a drbd blockdevice to the guests fstab > > > 2) start and stop guest > > > 3) try to unmount the device > > > you get an error, telling that the drbd device is still mounted... > > > > > > So - any ideas ?? > > > > okay, just as update, we tracked this down to > > the fact that even mainline 2.6.15/2.6.16-rc3 > > does not release ext3 filesystems properly > > when the namespace is destroyed ... this can > > be easily verified with a mainline kernel and > > the following command sequence: > > > > vnamespace --new -- mount /dev/hda1 /mnt > > > > (assuming that /dev/hda1 contains an ext3 fs > > and /mnt exists, this will claim hda1 but not > > release it -- it works fine with ext2 though) > > > > now investigating ... > > > > best, > > > Herbert > > > > > I am sure that there are no other contexts running, the maschine was > > > booted freshly before doing the above steps and the testsystem was the > > > only running guest > > > > > > Oliver > > > -- > > > --==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-- > > > Dipl.-Ing. Oliver Welter - microBLUE - http://www.microblue.de > > > Tel: 08131/80525 - Fax: 08131/80526 - Post: Loestr. 15; 85221 Dachau > > > webbasierte Anwendungen - Servertechnik - Groupware - PCs und Netzwerke > > > --==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-- > > > > > > > > > > > > ___ > > > Vserver mailing list > > > Vserver@list.linux-vserver.org > > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] security implications of having /dev/mem in a guest
On Tue, Mar 14, 2006 at 11:03:09AM +1100, Tony Lewis wrote: > I installed a muck-around vserver guest as an Ubuntu desktop (though > never finished setting it up to log in remotely). Doing an upgrade now > wants to run dmidecode as part of the postinstall. This wants access to > /dev/mem, which of course doesn't exist in the guest. Plus to be useful > I guess I'll have to grant the SYS_RAWIO capability to the guest too? > > What are the security implications of having /dev/mem plus RAWIO > capabilities in a guest? My armchair guess is that a root process in > the guest would have read (and write?) access to the entire memory space. yep, your armchair guess is correct ... plus it will be allowed to mess with certain hardware best, Herbert > Tony Lewis > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] How best to unhashify
On Tue, Mar 14, 2006 at 09:58:50AM +1100, Tony Lewis wrote: > With reckless abandon, I vhashified a couple of vserver Ubuntu guests > with no exclusions. Now I find that upgrading is a problem. These > vservers are just for fun, so no harm done, but I'm curious as to the > best way to unhashify, should a mistake be made. > > Would it be: > > for each file in /vservers/.hash >for all files in /vservers/* (except /vservers/.hash) with the same > inode > cp the file, preserving username, perms, timestamp, to a temp file > rm the file > mv the copied file to the original file >remove the file in /vservers/.hash > > Or is there a more elegant way? something like this (untested) should do the trick: find /vservers/guest -type f -exec showattr {} \; | gawk '/^UI-/ { printf "cp -a %s %s.unhash\nmv %s.unhash %s\n",$2,$2,$2,$2; }' | sh it will break unified files but leave 'normal' hardlinks as is, probably not a big deal in your case ... best, Herbert > Tony > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] mountpoints blocked - reloaded -- any updates ?
Hello List, hello Herbert, is there any update or solution regarding this problem? regards, Alexander Am Samstag, 18. Februar 2006 00:38 schrieb Herbert Poetzl: > On Fri, Feb 17, 2006 at 01:50:41PM +0100, Oliver Welter wrote: > > Hi Folks, Hi Bertl, > > > > the problem which seemed to be solved re-appeard today with recent > > kernel patches (2.6.15-gentoo-r4-vs2.1.1-rc6) > > > > To reconstruct the problem > > 1) add a drbd blockdevice to the guests fstab > > 2) start and stop guest > > 3) try to unmount the device > > you get an error, telling that the drbd device is still mounted... > > > > So - any ideas ?? > > okay, just as update, we tracked this down to > the fact that even mainline 2.6.15/2.6.16-rc3 > does not release ext3 filesystems properly > when the namespace is destroyed ... this can > be easily verified with a mainline kernel and > the following command sequence: > > vnamespace --new -- mount /dev/hda1 /mnt > > (assuming that /dev/hda1 contains an ext3 fs > and /mnt exists, this will claim hda1 but not > release it -- it works fine with ext2 though) > > now investigating ... > > best, > Herbert > > > I am sure that there are no other contexts running, the maschine was > > booted freshly before doing the above steps and the testsystem was the > > only running guest > > > > Oliver > > -- > > --==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-- > > Dipl.-Ing. Oliver Welter - microBLUE - http://www.microblue.de > > Tel: 08131/80525 - Fax: 08131/80526 - Post: Loestr. 15; 85221 Dachau > > webbasierte Anwendungen - Servertechnik - Groupware - PCs und Netzwerke > > --==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==-- > > > > > > > > ___ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Re: mount nfs on guest trouble
ok. my _real_ problem is portmap address binding (I think). I would like to run nfs servers and clients on both host and guest. On debian I can bind portmap by default /etc/default/portmap OPTIONS="-i 192.168.172.30" I do this on both host and guest (changing the ip of course) nfs client: Before this change I could mount from the host. Now I can't mount from either. nfs server: I also add a name to the guest interface as http://linux-vserver.org/NFS+and+portmap To server nfs I must also bind rpc.nfsd and rpc.mountd explicitly right? I am a bit confused. would v_portmap, v_xinetd help me. Thanks again Chris. On 3/14/06, Chris Fanning <[EMAIL PROTECTED]> wrote: > Hello, > > Some nfs mount problem here. > I would like to mount from within a vserver guest (note: I can mount > from the vserver host) > > I've added to /vservers//ccapabilities > binary_mount > secure_mount > secure_remount > > Now, when I attempt to mount from the guest it simply says on the guest shell > mount: unknown filesystem type 'nfs' > > but on the host console I get some messages: > > net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed to mount psuedofilesystem > RPC: Couldn't create pipefs entry /nfs/clnt4, error -19 > net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed to mount psuedofilesystem > RPC: Couldn't create pipefs entry /nfs/clnt5, error -19 > lockd_down: lockd failed to exit, clearing pid > > I've looked around on the mail list archives and about. > > Any ideas please? > Thankyou > > Chris. > ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] mount nfs on guest trouble
Hello, Some nfs mount problem here. I would like to mount from within a vserver guest (note: I can mount from the vserver host) I've added to /vservers//ccapabilities binary_mount secure_mount secure_remount Now, when I attempt to mount from the guest it simply says on the guest shell mount: unknown filesystem type 'nfs' but on the host console I get some messages: net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed to mount psuedofilesystem RPC: Couldn't create pipefs entry /nfs/clnt4, error -19 net/sunrpc/rpc_pipe.c: rpc_lookup_parent failed to mount psuedofilesystem RPC: Couldn't create pipefs entry /nfs/clnt5, error -19 lockd_down: lockd failed to exit, clearing pid I've looked around on the mail list archives and about. Any ideas please? Thankyou Chris. ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] [parisc 32bit up] latest 2.6.16-rc5-vs2.1.1-rc12 merge with -pa2 tree test -)
Hello Herbert, Here are the successfull test results of this last vs rc with a up 32bit kernel for parisc arch: Linux patst007 2.6.16-rc5-vs2.1.1-rc12-pa2-d32up #4 Mon Mar 13 13:43:14 CET 2006 parisc GNU/Linux Linux-VServer Test [V0.15] Copyright (C) 2003-2006 H.Poetzl chcontext is working. chbind is working. Linux 2.6.16-rc5-vs2.1.1-rc12-pa2-d32up #4 Mon Mar 13 13:43:14 CET 2006 parisc Ea 0.30.210 263/fallback (S*) VCI: 0002:0001 263 03000116 (TbLgnP) --- [000]# succeeded. [001]# succeeded. [011]# succeeded. [031]# succeeded. [101]# succeeded. [102]# succeeded. [201]# succeeded. [202]# succeeded. --- [L01]# succeeded. [D01]# succeeded. [L02]# succeeded. [D02]# succeeded. [L03]# succeeded. [D03]# succeeded. [L11]# succeeded. [D11]# succeeded. [L12]# succeeded. [D12]# succeeded. [L21]# succeeded. [D21]# succeeded. [L22]# succeeded. [D22]# succeeded. [L31]# succeeded. [D31]# succeeded. Linux-VServer FS Test [V0.13] Copyright (C) 2005-2006 H.Poetzl Linux 2.6.16-rc5-vs2.1.1-rc12-pa2-d32up parisc/0.30.210 VCI: 0002:0001 263 03000116 (ugid24) --- testing ext2 filesystem ... [000]. (ext2 format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing ext3 filesystem ... [000]. (ext3 format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing xfs filesystem ... [000]. (xfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing reiser filesystem ... [000]. (reiserfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. --- testing jfs filesystem ... [000]. (jfs format) xid related tests ... [001]. [002]. [011]. [012]. [014]. [015]. [019]. [020]. [021]. [022]. [023]. [024]. [025]. [026]. [027]. [028]. [033]. [034]. [035]. [037]. xattr related tests ... [101]. [102]. [103]. [104]. [106]. [108]. [109]. [112]. [113]. [114]. [115]. [116]. [117]. [118]. [119]. [121]. [122]. [123]. [124]. [199]. <> Hth, Joel --- A free anti-spam and anti-virus filter on all Scarlet mailboxes More info on http://www.scarlet.be/ ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver