Re: [Vserver] OCS Inventory
On 3/17/07, harry <[EMAIL PROTECTED]> wrote: in the same sense... disable all firewalls, open up your telnet port and allow passwordless rootlogin on all your machines or pull the plug those are the only possibilities, right? Are you asking me? D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/17/07, Daniel Hokka Zakrisson <[EMAIL PROTECTED]> wrote: You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. Seriously if you care about your guest being secure you make sure that the host doesn't have physical network access. If you want to be able to run certain programs in a guest you sometimes need rights which are available to only the host. That's the whole point of caps. Which should not be taken as lightly as "you just need to create XYZ". It's something that essentially voids the entire virtualization/isolation that Linux-VServer provides... You are right that I was a little flippant in my remark that one should just create /dev/mem, and should have mentioned the security implications. My remark did contain reservation you didn't pick-up on. "You might just need to create XYZ" carries a very different message than "you just need to create XYZ." In this case "might" means that it is possible that you would need to do XYZ, I realize that this reservation could be missed in a cursory reading. However that doesn't however negate the fact that to run OCS Agent as is in a guest you might just need to create /dev/mem. regards, D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/16/07, Daniel Hokka Zakrisson <[EMAIL PROTECTED]> wrote: Daniel W. Crompton wrote: After reading Jean-Marc's answer I thought it could also be the fact that you might just need to create /dev/mem. You absolutely never ever want to do that, if you care the least about the guest being secure... /dev/mem would give it complete access to the contents of your RAM. Seriously if you care about your guest being secure you make sure that the host doesn't have physical network access. If you want to be able to run certain programs in a guest you sometimes need rights which are available to only the host. That's the whole point of caps. I want to make it clear that I have no idea what the OCS program does, but if you want to run it in a guest then you need to be able to access /dev/mem. Making the guest insecure is the price you have to pay. Having network access for a machine means risking remote attacks it's the price you pay. I hardly run anything on my host systems besides syslog and sshd, practically everything runs in a guest. Some guests have caps that give it almost full access to the host system on other guests you don't even have write access to the disk or a compiler. (It logs to the host's syslog anyway.) The level of access you need in a guest determines who access is given to, not whether you do something or not. The only thing you "absolutely never ever" want to do is give somebody you don't trust physical access to the host, anything else is a question of need. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand <[EMAIL PROTECTED]> wrote:
unless(-r "/dev/mem"){
die localtime()." => You don't have enough rights to
run this program\n";
}
After reading Jean-Marc's answer I thought it could also be the fact
that you might just need to create /dev/mem.
vs / # perl
unless(-r "/dev/mem"){
die localtime()." => You don't have enough rights to run this program\n";
}
vs / # ls -l /dev/mem
crw-r- 1 root root 1, 1 Dec 20 00:15 /dev/mem
D.
blaze your trail
--
redhat
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand <[EMAIL PROTECTED]> wrote:
<...snipped for brevity...>
I use strace. I can see this :
... skip ...
stat64("/dev/mem", 0x814e0c8) = -1 ENOENT (No such file or directory)
Looks like you can access /dev/mem, probably it looks like it needs to
access this for some reason.
BTW Nicolas, above, is right if it needs to do that kind of access
it's probably better on the host system.
D.
blaze your trail
--
redhat
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand <[EMAIL PROTECTED]> wrote: I want to install OCS Inventory Agent on a guest. When I launch agent, I can read this error in log file: I'am under root account. How can I resolve this ? When you are running in a guest you don have as many rights as root on the host, the guest has certain capabilities disabled. Do you know what the Agent is trying to do when it installs, perhaps starting the installer with strace will give you an idea what capability it needs to install. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] vserver patch making its way into the kernel.org kernels...?
On 3/13/07, Technical Support <[EMAIL PROTECTED]> wrote: Hi Ken, However, the folks on our "platform team" are concerned - they want to use a "stock kernel" (which evidently means something downloaded directly from kernel.org) and don't like the idea of a patch. I doubt there are many people who actually run a "stock kernel." Not because they are kernel hackers, but because practically all the Linux distros have a slightly modified kernel. What you, or your platform team, actually want is not a vanilla kernel. What you need is a maintainer, somebody who looks after the branch and merges the vanilla and whatever preemptive, optimizing, memory, hardware patches you need for your servers. In the case of Linux-VServer you already have that. The illusion that patching isn't the right path is just that, an illusion. It's the same reason you use menuconfig to modify your kernel. Herbert Poetzl and many others take great care in producing the patches and making sure they work. This is why they add a kernel target to the version, so you are reasonably guaranteed that the patch will work. (Although there's no warranty.) Evidently this causes a long-term maintenance issue - not necessarily from the technical perspective of applying the patch, but from a documentation, regression testing, license compliance (we distribute appliances, so we have to do extra work for GPL compliance), etc. That isn't entirely the case either, as far as I can see you would need to do this for the vanilla kernel too. The added advantage is that as you know the changes - patches - you are making to the kernel you can guess where the gains and losses will be. I just had to respond, forgive me if I sound a little undaunted by your team's concerns. I realize that once you send out the appliance and it fails it's very difficult to get the customers (trust) back. I know that I don't want it to seem that I'm advocating you selling bleeding edge too your customers, because I'm advocating the opposite. However I get the idea that the "project team" thinks this is just another step in a long manufacturing trail that if slashed would make life easier. It's not going to happen today... D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo update-world script
On 12/8/06, Benedikt Böhm <[EMAIL PROTECTED]> wrote: <...snipped for brevity...> looks like you have the wrong profile... can you paste the output of "emerge --info" from inside the guest? Portage 2.0.54 (default-linux/x86/vserver, gcc-3.4.6, glibc-2.3.5-r2, 2.6.15-vs2.0.1-gentoo-r5 i686) = System uname: 2.6.15-vs2.0.1-gentoo-r5 i686 Celeron (Coppermine) Gentoo Base System version 1.6.14 distcc 2.18.3 i486-pc-linux-gnu (protocols 1 and 2) (default port 3632) [enabled] app-admin/eselect-compiler: [Not Present] dev-java/java-config: [Not Present] dev-lang/python: 2.4.2 dev-python/pycrypto: [Not Present] dev-util/ccache: [Not Present] dev-util/confcache: [Not Present] sys-apps/sandbox:1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1 sys-devel/gcc-config: 1.3.12-r6 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -mtune=i686 -funroll-loops -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/lib/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -march=i686 -mtune=i686 -funroll-loops -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildpkg ccache distcc distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://192.168.1.101/ ftp://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://distro.ibiblio.org/pub/linux/distributions/gentoo/ http://ftp.belnet.be/mirror/rsync.gentoo.org/gentoo/ http://ftp.snt.utwente.nl/pub/os/linux/gentoo ftp://ftp.snt.utwente.nl/pub/os/linux/gentoo " MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://192.168.1.101/gentoo-portage" USE="x86 alsa berkdb bitmap-fonts bzip2 cli cracklib crypt dlloader dri expat fortran gdbm gpm iconv ipv6 isdnlog ncurses nls pam pcre perl pppd python readline reflection session slang spl ssl tcpd truetype-fonts type1-fonts udev usb xorg zlib video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo input_devices_keyboard input_devices_mouse input_devices_evdev userland_GNU kernel_linux elibc_glibc alsa_cards_intel8x0 alsa_cards_usb-audio" Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Gentoo update-world script
On 12/7/06, John Alberts <[EMAIL PROTECTED]> wrote: Did you try doing what the output suggests? It says to run 'emaint --check world' Yes, emaint (below) tells me I'm missing packages I installed with emerge. I'll start a fresh build and see if it works with that. # emaint --check world Checking world for problems 'sys-devel/distcc' is not installed 'dev-lang/nasm' is not installed 'dev-libs/lzo' is not installed Finished blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Gentoo update-world script
Hi, I read the Gentoo weekly newsletter[1] and was led to an update program[2]. I usually don't update my box besides from the required packages as I'm a little lazy. But I thought it would be handy for creating my base gentoo vservers. I got the error below. Has anybody had a play with this before? Otherwise I'll go back and investigate, I think it might be something with them splitting names on - (the dash). I use baselayout-vserver, which is also in my world file, so this could account for the problem. [1] http://www.gentoo.org/news/en/gwn/20061204-newsletter.xml [2] http://forums.gentoo.org/viewtopic-t-497125.html # update-world --prepare These are the packages that I would merge, in order: Calculating world dependencies !!! Problems have been detected with your world file !!! Please run emaint --check world / !!! All ebuilds that could satisfy ">=sys-apps/baselayout-1.11.14" have been masked. !!! One of the following masked packages is required to complete your request: - sys-apps/baselayout-1.11.15-r3 (masked by: package.mask) - sys-apps/baselayout-1.12.4-r7 (masked by: package.mask) - sys-apps/baselayout-1.13.0_alpha6 (masked by: package.mask, package.mask, ~x86 keyword) - sys-apps/baselayout-1.13.0_alpha7 (masked by: package.mask, package.mask, ~x86 keyword) - sys-apps/baselayout-1.13.0_alpha5 (masked by: package.mask, package.mask, ~x86 keyword) - sys-apps/baselayout-1.12.5-r2 (masked by: package.mask) - sys-apps/baselayout-1.12.6 (masked by: package.mask) - sys-apps/baselayout-1.11.14-r8 (masked by: package.mask) - sys-apps/baselayout-1.13.0_alpha7-r1 (masked by: package.mask, package.mask, ~x86 keyword) - sys-apps/baselayout-1.13.0_alpha5-r1 (masked by: package.mask, package.mask, ~x86 keyword) For more information, see MASKED PACKAGES section in the emerge man page or refer to the Gentoo Handbook. !!!(dependency required by "sys-fs/udev-103" [ebuild]) !!! Problem resolving dependencies for net-misc/asterisk !!! Depgraph creation failed. WARNING: You need to unmask some packages before continuing. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can't terminate OpenVPN tunnel within a vserver?
On 7/7/06, Herbert Poetzl <[EMAIL PROTECTED]> wrote: On Wed, Jul 05, 2006 at 01:54:28AM +, Daniel W. Crompton wrote: On 7/4/06, Baltasar Cevc <[EMAIL PROTECTED]> wrote: On 04.07.2006, at 10:29, Daniel W. Crompton wrote: <...snipped for brevity...> Obviously, you are giving the guest full access. Then again setting a routing on the guest is rather hard without CAP_NET_ADMIN, and as I well, the real danger here is, inside the guest (with CAP_NET_ADMIN), root can easily take your host interface down and render all your guests unuseable ... so use with caution :) Is there a way to allow the guest to set routes without giving CAP_NET_ADMIN? Also my vservers need to be portable over many systems so having too much host based configuration would make the transfer of a vserver from one host to another more difficult than sending vserver stop and start commands to the different hosts. this could be easily solved with the various startup and shutdown scripts (pre-pre, pre, post, post-post) Thanks for the hint, I'll look into this. On the security I can access the vpn from another unprivileged vserver on the same host: <...snipped tcpdump...> This makes any other vserver I run with or without CAP_NET_ADMIN a vserver with elevated rights, which mean just adding the tun/tap device is dangerous. And as tap is meant for the creation of raw ethernet frames this means, in principal, I would be able to send raw ethernet data to the remote host, that also means routing data. you can as well create the tun/tap device as persistant one on the host (when the guest is started up) and 'just' use it inside the guest (in which case you can remove all the caps) And then set iptables in the host to disallow the other vservers access to the device? How secure is that? no very secure :) Really, being able to access the remote network from a second vserver is secure. ;) Just quickly searching around, my understanding is that you have to create the tun device on the host (which is what you want from a security perspective). Afterwards you can assign it to a guest and OpenVPN should be happy to use that one. However that seems to work with tap, I assume it won't work using tun as a device. It should, both tun and tap come from the same module, where tap is slightly more powerful than tun. one is layer 3 the other layer 2, except for that there is no real difference in the 'powerfullness' Giving layer 2 access to a guest is equivalenty to giving CAP_NET_RAW access, or am I mistaken? <...snipped CAP_SYS_MODULE comments...> <...snipped CAP_MKNOD comments...> Anybody installing a vpn on their vserver then giving somebody they can't trust high level access to the vserver has just opened 2 networks for attack. What disturbs me more is the fact that I can access the vpn from another vserver. that is the least thing I'd worry about :) The vserver with CAP_NET_ADMIN is accessable to only me, the other vserver is not. I worry about these things. ;) D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [asterik] Re: [Vserver] sshd creates /dev/pts/*, how can I create a /dev/pts/rob with an init.d script?
On 7/6/06, Robert Michel <[EMAIL PROTECTED]> wrote: Virtual private asterisk (vpa) stress (again) the advantage to use vserver on a server and give server demons their own enviroment: Devide Et Impera! :) I agree. ;) I was happy that also other people here on the list are interested in asterisk - could be usefull for exchanging knowhow/ideas... ;) I'd be happy to exchange any know how/ideas I have. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] linux-vserver patch 2.0.x for kernel 2.6.16
On 7/6/06, Bert De Vuyst <[EMAIL PROTECTED]> wrote: On Thursday 06 July 2006 13:17, Herbert Poetzl wrote: On Mon, Jul 03, 2006 at 11:38:38AM +0200, Rik Bobbaers wrote: Rik Bobbaers wrote: dag gentse collega!, good day friend! Well, a bether translation would be: "Hello, colleague form Ghent" Actually a more exact, and perhaps better, translation would be: "[Good] Day Ghentish colleague!" D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [asterik] Re: [Vserver] sshd creates /dev/pts/*, how can I create a /dev/pts/rob with an init.d script?
On 7/6/06, Robert Michel <[EMAIL PROTECTED]> wrote: On Thu, 06 Jul 2006, Daniel W. Crompton wrote: Web search engine and >> asterisk vserver "virtual Private" << You are absolutely right, I should have just searched for it. Appologies. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] sshd creates /dev/pts/*, how can I create a /dev/pts/rob with an init.d script?
On 7/6/06, Herbert Poetzl <[EMAIL PROTECTED]> wrote: PS: I assume you know that there is a project which uses Linux-VServer to isolate several asterisk instances on a single host I didn't, do you have more information about this? D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] Re: dist-upgrade problem with breezy
On 7/5/06, Philippe Clérié <[EMAIL PROTECTED]> wrote: CAP_SYS_ADMIN Question is now should keep that capability? Depends if you want the admin for the vserver to have access to the whole machine. This capability is almost equal to giving somebody root on the host. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can't terminate OpenVPN tunnel within a vserver?
On 7/4/06, Baltasar Cevc <[EMAIL PROTECTED]> wrote: On 04.07.2006, at 10:29, Daniel W. Crompton wrote: > You can, I just did it yesterday. You need to set the following in the > file "bcapabilities": > CAP_NET_ADMIN > CAP_NET_RAW I haven't tested it myself as I run OpenVPN in the host system only, but I'd say that these caps are not nice to give to a guest, as far as I know, you could more or less do any network operation (for any interface) in the guest then. Obviously, you are giving the guest full access. Then again setting a routing on the guest is rather hard without CAP_NET_ADMIN, and as I wanted to be able to set the route from with in the guest I needed this on anyway. Also my vservers need to be portable over many systems so having too much host based configuration would make the transfer of a vserver from one host to another more difficult than sending vserver stop and start commands to the different hosts. On the security I can access the vpn from another unprivileged vserver on the same host: vhost-novpn ~# ping -I tap0 10.0.2.1 vhost-vpn ~ # tcpdump -vv -i tap0 tcpdump: listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes 01:34:05.027723 arp who-has vpn-router tell vhost-novpn 01:34:06.027733 arp who-has vpn-router tell vhost-novpn 01:34:07.027757 arp who-has vpn-router tell vhost-novpn 3 packets captured 6 packets received by filter 0 packets dropped by kernel This makes any other vserver I run with or without CAP_NET_ADMIN a vserver with elevated rights, which mean just adding the tun/tap device is dangerous. And as tap is meant for the creation of raw ethernet frames this means, in principal, I would be able to send raw ethernet data to the remote host, that also means routing data. How secure is that? However, maybe, you will have to do this to get it working. I can't remember any option that could make OpenVPN use an already existing interface (I don't know how tun/tap work, thus whether that would be feasible at all). It should be worth searching the OpenVPN and/or kernel docs about that, though. That's what I did and I got exactly this answer. Unless anybody can tell me how to do it another way. Just quickly searching around, my understanding is that you have to create the tun device on the host (which is what you want from a security perspective). Afterwards you can assign it to a guest and OpenVPN should be happy to use that one. However that seems to work with tap, I assume it won't work using tun as a device. It should, both tun and tap come from the same module, where tap is slightly more powerful than tun. Add if you want to load the module inside the vserver on access: CAP_SYS_MODULE That would be quite crazy, I'd say. You could load anything, thus provide the guest with any priviledge ever wanted... I'd have to agree there, I don't have it enabled. > Add if you want to mknod the device inside the vserver: > CAP_MKNOD Quite dangerous, too, as it enables you to access the whole HD for example. Again I don't have it enabled, but again I've left the option for the user. Anybody installing a vpn on their vserver then giving somebody they can't trust high level access to the vserver has just opened 2 networks for attack. What disturbs me more is the fact that I can access the vpn from another vserver. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] can't terminate OpenVPN tunnel within a vserver?
On 7/3/06, Eugen Leitl <[EMAIL PROTECTED]> wrote: On Mon, Jul 03, 2006 at 12:12:34PM +0200, Baltasar Cevc wrote: > >I can't have an OpenVPN tunnel terminate in a vserver, > >can I? You can, I just did it yesterday. You need to set the following in the file "bcapabilities": CAP_NET_ADMIN CAP_NET_RAW Add if you want to load the module inside the vserver on access: CAP_SYS_MODULE Add if you want to mknod the device inside the vserver: CAP_MKNOD And in the file "flags" you need to set: ~hide_netif D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] RHEL4 guest on Gentoo host
On 7/3/06, John Alberts <[EMAIL PROTECTED]> wrote: Could you explain this a little more please? Where do I get the initial RHEL base to use for the vserver-new command? I'm running Gentoo for the host and I have Gentoo tarballs to use with vserver-new. I'm sorry, I was a little unclear. You create an empty vserver, without a tarball. In this empty directory you start your own RHEL base. From these you can simply install each rpm from the CDs as needed. It's the equivalent of a stage 1 Gentoo install, but with binary packages. ;) D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Save space for vservers
Hi, On one of my machines I started to run out of space so I started to see where I could save space. On my Gentoo host I already share portage(ro) and distfiles(rw) trees with the vservers, the vserver bin packages I save separately for security reasons. The same for documents and man pages, although you must be able to write to /usr/share/doc and /usr/share/man. /etc/vservers/gentoo-guest-1/fstab # Essentials /usr/share/doc /usr/share/doc none bind,rw 0 0 /usr/share/man /usr/local/share/man none bind,ro 0 0 Gentoo has a compiler in it's base installation and requires it for all the installations done. So the next thing logical thing for me is sharing the compiler amongst the vservers which will save me 119Mb for every vserver. My only concern was that this might break something, for the time being I've mounted on the specific version I'm sharing. /etc/vservers/gentoo-guest-1/fstab # GCC /usr/i686-pc-linux-gnu/gcc-bin/3.4.6/ /usr/i686-pc-linux-gnu/gcc-bin/3.4.6/ none bind,rw 0 0 /usr/libexec/gcc/i686-pc-linux-gnu/3.4.6/ /usr/libexec/gcc/i686-pc-linux-gnu/3.4.6/ none bind,rw 0 0 /usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/ /usr/share/gcc-data/i686-pc-linux-gnu/3.4.6/ none bind,rw 0 0 /usr/i686-pc-linux-gnu/gcc-bin/3.4.6/ /usr/i686-pc-linux-gnu/gcc-bin/3.4.6/ none bind,rw 0 0 /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/ /usr/lib/gcc/i686-pc-linux-gnu/3.4.6/ none bind,rw 0 0 cya, Daniel blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Startup Scripts (Related to: sys-apps/baselayout-vserver)
Hi, I was messing around with 2 vservers, both Gentoo 2006.0 created from a stage3 the only difference is that one has the sys-apps/baselayout and the other has sys-apps/baselayout-vserver. I noticed that using the default base in Gentoo causes things not to stop (or at least clean up after themselves when they have stopped) and as a consequence not to start up when restarted because of a bad clean up or because of some other error. I'm going to roll out a ubuntu vserver for a client and was wondering if I needed to have any replacement baselayout scripts there too? thanks, D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] RHEL4 guest on Gentoo host
On 6/30/06, John Alberts <[EMAIL PROTECTED]> wrote: I tried asking this question on the gentoo-vserver irc channel, but unfortunately I didn't get any response at all. I currently have a Gentoo host that is running multiple Gentoo guest os's. I have someone who wants me to install a RHEL4 guest for him, because he is more comfortable with it and it is required for this project. I really have no idea how to go about creating a guest other than a Gentoo guest. With Gentoo, I have a nice tarball that I started with, and I just updated that and use it for my template. With RHEL4, I have the install cd's. I have no idea how to go about using these cd's to install it as a guest. Any help or pointing me to some related docs would be appreciated. I created an empty vserver in /vservers/RHEL4-base/ with "vserver-new". I used "rpm -i --prefix /vservers/RHEL4-base/" to install rpm and bash, with all the other package requirements I needed for these to work. I modified the /etc/vserver/RHEL4-base/fstab to include the mounted cdrom drive on /mnt/cdrom. I then chroot "/vservers/RHEL4-base/ /bin/bash" and installed all the packages I needed for a base image I could copy. From that I created a tgz I could install with vserver-new. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] Problem with patch-2.4.30-vs1.2.10.diff and gentoo's "linux-2.4.30-openmosix-r3"
Hi, I applied this patch to the Gentoo linux-2.4.30-openmosix-r3 kernel and saw that the hpc/service.c:60 file was not updated to match alloc_uid's new arguments. The problem is with the vx_id value, I read the source and saw the vx_id patch comes from vserver. This is the point that openmosix is initializing it's daemon setup and executes: alloc_uid(0) I'm assuming that vx_id is the vserver context ID and simply correcting it to read: alloc_uid( current->vx_id, 0); I've not looked really in depth into vserver's code, so this assumption might be entirely wrong. thanks for any help you can give me, D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
