[Vserver] OCS Inventory
Hi, I want to install OCS Inventory Agent on a guest. When I launch agent, I can read this error in log file: Lauching OCS Inventory NG Agent Thu Mar 15 13:46:31 2007 = You don't have enough rights to run this program *** ERROR: Unable to launch OCS Inventory NG Agent I'am under root account. How can I resolve this ? Thank. Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
On 3/15/07, Jean-Michel Caricand [EMAIL PROTECTED] wrote: I want to install OCS Inventory Agent on a guest. When I launch agent, I can read this error in log file: I'am under root account. How can I resolve this ? When you are running in a guest you don have as many rights as root on the host, the guest has certain capabilities disabled. Do you know what the Agent is trying to do when it installs, perhaps starting the installer with strace will give you an idea what capability it needs to install. D. blaze your trail -- redhat ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver I use strace. I can see this : ... skip ... read(3, ?($n++):($n=0);}\n\t\tif((/dmi type..., 4096) = 4096 brk(0x86d8000) = 0x86d8000 brk(0x86d7000) = 0x86d7000 read(3, ($1);\n\t\t\t};\n\t\t\tif((/driver\\s+\(, 4096) = 4096 read(3, \t# If we receive account informa..., 4096) = 4096 read(3, n LAST_STATE, \$install_path/la..., 4096) = 1202 brk(0x86f8000) = 0x86f8000 read(3, , 4096) = 0 close(3)= 0 time(NULL) = 1173973225 open(/var/log/ocsinventory-client/ocsinv.log, O_WRONLY|O_APPEND|O_CREAT|O_LARGEFILE, 0666) = 3 _llseek(3, 0, [423], SEEK_END) = 0 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0xbf8df118) = -1 ENOTTY (Inappropriate ioctl for device) _llseek(3, 0, [423], SEEK_CUR) = 0 fstat64(3, {st_mode=S_IFREG|0644, st_size=423, ...}) = 0 fcntl64(3, F_SETFD, FD_CLOEXEC) = 0 time([1173973225]) = 1173973225 write(3, Thu Mar 15 16:40:25 2007 = Gene..., 47) = 47 close(3)= 0 dup(1) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 _llseek(3, 0, 0xbf8df190, SEEK_CUR) = -1 ESPIPE (Illegal seek) fstat64(3, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 1), ...}) = 0 dup2(3, 2) = 2 close(3)= 0 fcntl64(2, F_SETFD, 0) = 0 ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 _llseek(2, 0, 0xbf8df160, SEEK_CUR) = -1 ESPIPE (Illegal seek) stat64(/dev/mem, 0x814e0c8) = -1 ENOENT (No such file or directory) time([1173973225]) = 1173973225 write(2, Thu Mar 15 16:40:25 2007 = You ..., 77Thu Mar 15 16:40:25 2007 = You don't have enough rights to run this program ) = 77 exit_group(2) = ? Process 5092 detached Do you have a idea ? bcapabilities ? Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] OCS Inventory
Bonjour, We are using ocs both on vserver guests (fedora core 5/6 ) and hosts without any problems and no need to add more capabilities than these provide in standard install.But we are not using RPM to do install ocs Jean-Michel Caricand a écrit : Hi, I want to install OCS Inventory Agent on a guest. When I launch agent, I can read this error in log file: Lauching OCS Inventory NG Agent Thu Mar 15 13:46:31 2007 = You don't have enough rights to run this program *** ERROR: Unable to launch OCS Inventory NG Agent I'am under root account. How can I resolve this ? Thank. Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver Error occurs when we launch ocsinventory-client.pl (/dev/mem access) I think we'll install ocs client on host, not on guests. For make a test on guest, I commented on these lines in ocsinventory-client.pl (version 1.01) : unless(-r /dev/mem){ die localtime(). = You don't have enough rights to run this program\n; } It works but I must verify that tomorrow at office. Thank. Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Fw:Re: [Vserver] ACL on guest
On Fri, Feb 02, 2007 at 01:58:27PM +0100, Jean-Michel Caricand wrote: Hi, I want to know if it's possible to have acl on a guest. Show my configuration : lifcsys3:~# cat /etc/mtab /dev/hda3 / ext3 rw,errors=remount-ro 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 tmpfs /dev/shm tmpfs rw 0 0 /dev/hda2 /boot ext3 rw 0 0 /dev/mapper/host-usr /usr ext3 rw 0 0 /dev/mapper/host-var /var ext3 rw 0 0 /dev/mapper/host-lifc--svnlmd /var/lib/vservers/lifc-svnlmd ext3 rw,acl 0 0 /dev/mapper/host-lifc--webmail /var/lib/vservers/lifc-webmail ext3 rw 0 0 /dev/mapper/host-lifc--glpi /var/lib/vservers/lifc-glpi ext3 rw 0 0 /dev/mapper/host-lifc--darkvador /var/lib/vservers/lifc-darkvador ext3 rw 0 0 /mnt/wesson-home /var/lib/vservers/lifc-svnlmd/home none rw,bind 0 0 usbfs /proc/bus/usb usbfs rw 0 0 172.20.128.107:/home /mnt/wesson-home nfs rw,addr=172.20.128.107 0 0 lifcsys3:~# The line works fine : # setfacl -m u:smmsp:rwx /var/lib/vservers/lifc-svnlmd/tmp/toto # lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto getfacl: Removing leading '/' from absolute path names # file: var/lib/vservers/lifc-svnlmd/tmp/toto # owner: root # group: root user::rw- user:root:rwx user:smmsp:rwx group::r-- mask::rwx other::r-- lifcsys3:~# When I test setfacl on my guest : lifc-svnlmd:/tmp# setfacl -m u:root:rwx /tmp/toto setfacl: /tmp/toto: Opération non supportée pleas do export LC_ALL=C LANG=C lifc-svnlmd:/tmp# Strange. acl is supported on my guest. When I show the content of /etc/mtab, I see : lifc-svnlmd:/tmp# cat /etc/mtab /dev/hdv1 / ufs defaults 0 0 none /proc proc 0 0 none /tmp tmpfs size=16m,mode=1777 0 0 none /dev/pts devpts gid=5,mode=620 0 0 lifc-svnlmd:/tmp# Why this behavior ? Is it normal ? what behaviour? /etc/mtab contains what was written there, if you want to get information about mounts, check with /proc/mounts ... HTH, Herbert Thank. Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver Hello Herbert, I use this path and this kernel : vs2.0.2.1, 2.6.17.13 On my guest (lifc-svnlmd) : - lifc-svnlmd:/# mount /dev/hdv1 on / type ufs (defaults) none on /proc type proc (0) none on /tmp type tmpfs (size=16m,mode=1777) none on /dev/pts type devpts (gid=5,mode=620) lifc-svnlmd:/# lifc-svnlmd:/# cat /proc/mounts rootfs / rootfs rw 0 0 /dev/root / ext3 rw,data=ordered 0 0 none /proc proc rw,nodiratime 0 0 none /tmp tmpfs rw,nodev 0 0 none /dev/pts devpts rw 0 0 lifc-svnlmd:/# lifc-svnlmd:/# export LC_ALL=C LANG=C lifc-svnlmd:/# touch /tmp/toto; setfacl -m u:root:rxw /tmp/toto setfacl: /tmp/toto: Operation not supported lifc-svnlmd:/# Apparently, I can't use ACL in my guest. I am surprised because I can use ACL on the host (the root filesystem for the guest is mounted with ACL support on the host). On my host (lifcsys3) : - lifcsys3:~# mount /dev/hda3 on / type ext3 (rw,errors=remount-ro) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/hda2 on /boot type ext3 (rw) /dev/mapper/host-usr on /usr type ext3 (rw) /dev/mapper/host-var on /var type ext3 (rw) /dev/mapper/host-lifc--webmail on /var/lib/vservers/lifc-webmail type ext3 (rw) /dev/mapper/host-lifc--glpi on /var/lib/vservers/lifc-glpi type ext3 (rw) /dev/mapper/host-lifc--darkvador on /var/lib/vservers/lifc-darkvador type ext3 (rw) usbfs on /proc/bus/usb type usbfs (rw) /dev/mapper/host-lifc--svnlmd on /var/lib/vservers/lifc-svnlmd type ext3 (rw,acl) lifcsys3:~# lifcsys3:~# cat /proc/mounts rootfs / rootfs rw 0 0 /dev2/root2 / ext3 rw,data=ordered 0 0 proc /proc proc rw,nodiratime 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw 0 0 tmpfs /dev/shm tmpfs rw 0 0 /dev/hda2 /boot ext3 rw,data=ordered 0 0 /dev/mapper/host-usr /usr ext3 rw,data=ordered 0 0 /dev/mapper/host-var /var ext3 rw,data=ordered 0 0 /dev/host/lifc-webmail /var/lib/vservers/lifc-webmail ext3 rw,data=ordered 0 0 /dev/host/lifc-glpi /var/lib/vservers/lifc-glpi ext3 rw,data=ordered 0 0 /dev/host/lifc-darkvador /var/lib/vservers/lifc-darkvador ext3 rw,data=ordered 0 0 usbfs /proc/bus/usb usbfs rw 0 0 /dev/host/lifc-svnlmd /var/lib/vservers/lifc-svnlmd ext3 rw,data=ordered 0 0 lifcsys3:~# lifcsys3:~# setfacl -m u:testuser:rwx /var/lib/vservers/lifc-svnlmd/tmp/toto lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto getfacl: Removing leading '/' from absolute path names # file: var/lib/vservers/lifc-svnlmd/tmp/toto # owner: root # group: root user::rw
Re: Fw:Re: [Vserver] ACL on guest
On Sat, 3 Feb 2007 13:57:53 +0100 Jean-Michel Caricand [EMAIL PROTECTED] wrote: I use this path and this kernel : vs2.0.2.1, 2.6.17.13 On my guest (lifc-svnlmd) : - lifc-svnlmd:/# mount /dev/hdv1 on / type ufs (defaults) none on /proc type proc (0) none on /tmp type tmpfs (size=16m,mode=1777) none on /dev/pts type devpts (gid=5,mode=620) lifc-svnlmd:/# lifc-svnlmd:/# cat /proc/mounts rootfs / rootfs rw 0 0 /dev/root / ext3 rw,data=ordered 0 0 none /proc proc rw,nodiratime 0 0 none /tmp tmpfs rw,nodev 0 0 none /dev/pts devpts rw 0 0 lifc-svnlmd:/# lifc-svnlmd:/# export LC_ALL=C LANG=C lifc-svnlmd:/# touch /tmp/toto; setfacl -m u:root:rxw /tmp/toto setfacl: /tmp/toto: Operation not supported lifc-svnlmd:/# Apparently, I can't use ACL in my guest. I am surprised because I can use ACL on the host (the root filesystem for the guest is mounted with ACL support on the host). On my host (lifcsys3) : - lifcsys3:~# mount /dev/hda3 on / type ext3 (rw,errors=remount-ro) proc on /proc type proc (rw) sysfs on /sys type sysfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) tmpfs on /dev/shm type tmpfs (rw) /dev/hda2 on /boot type ext3 (rw) /dev/mapper/host-usr on /usr type ext3 (rw) /dev/mapper/host-var on /var type ext3 (rw) /dev/mapper/host-lifc--webmail on /var/lib/vservers/lifc-webmail type ext3 (rw) /dev/mapper/host-lifc--glpi on /var/lib/vservers/lifc-glpi type ext3 (rw) /dev/mapper/host-lifc--darkvador on /var/lib/vservers/lifc-darkvador type ext3 (rw) usbfs on /proc/bus/usb type usbfs (rw) /dev/mapper/host-lifc--svnlmd on /var/lib/vservers/lifc-svnlmd type ext3 (rw,acl) lifcsys3:~# lifcsys3:~# cat /proc/mounts rootfs / rootfs rw 0 0 /dev2/root2 / ext3 rw,data=ordered 0 0 proc /proc proc rw,nodiratime 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw 0 0 tmpfs /dev/shm tmpfs rw 0 0 /dev/hda2 /boot ext3 rw,data=ordered 0 0 /dev/mapper/host-usr /usr ext3 rw,data=ordered 0 0 /dev/mapper/host-var /var ext3 rw,data=ordered 0 0 /dev/host/lifc-webmail /var/lib/vservers/lifc-webmail ext3 rw,data=ordered 0 0 /dev/host/lifc-glpi /var/lib/vservers/lifc-glpi ext3 rw,data=ordered 0 0 /dev/host/lifc-darkvador /var/lib/vservers/lifc-darkvador ext3 rw,data=ordered 0 0 usbfs /proc/bus/usb usbfs rw 0 0 /dev/host/lifc-svnlmd /var/lib/vservers/lifc-svnlmd ext3 rw,data=ordered 0 0 lifcsys3:~# lifcsys3:~# setfacl -m u:testuser:rwx /var/lib/vservers/lifc-svnlmd/tmp/toto lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto getfacl: Removing leading '/' from absolute path names # file: var/lib/vservers/lifc-svnlmd/tmp/toto # owner: root # group: root user::rw- user:testuser:rwx group::r-- mask::rwx other::r-- lifcsys3:~# If it's possible to use ACL in a guest, where is my error ? the difference is due to namespaces. when you write to /var/lib/vservers/lifc-svnlmd/tmp/ from context 0, you are writing to the device /dev/host/lifc-svnlmd. when you write to /tmp from the context of the guest, you are writing to the tmpfs. the tmpfs was mounted from the context of the guest, so context 0 (the host or any other context) cannot see the mounted filesystem. instead, the host is writing to the original filesystem, not the mounted filesystem as it cannot see it. but of course since the tmpfs filesystem is mounted within the context of the guest, the guest can see and write to it. but the tmpfs was not mounted with ACL support (if tmpfs even supports ACLs), so the guest cannot use ACLs on the tmpfs, ie /tmp. trying using ACLs somewhere else within the guest and it should work. to better illustrate the point, do this: host# vserver guest start host# vserver guest enter guest# mkdir /tmp/foo guest# touch /tmp/foo/bar guest# vserver guest exit host# ls -al /var/lib/vservers/guest/tmp/ host# touch /var/lib/vservers/guest/tmp/foo/bar the last command should generate an error for obvious reasons (after you analyze the output of ls -al for the tmp directory and realize the foo directory you created within the guest is not there, or at least not visible/accessible from the host). this is no different than on a non-vserver host creating files within a directory that serves as a mountpoint, then mounting a filesystem at that mountpoint. the files you created within the directory are still there (under the newly mounted filesystem), but you cannot see them. as soon as you unmount the filesystem, you will again see the files within the mountpoint directory. the only difference is with vserver both the mountpoint directory and the newly mounted filesystem are accessible at the same time, just within different namespaces/contexts (host and guest). it's all about different namespaces. (and it really gets ugly when you have to create a lvm snapshot within the context
[Vserver] ACL on guest
Hi, I want to know if it's possible to have acl on a guest. Show my configuration : lifcsys3:~# cat /etc/mtab /dev/hda3 / ext3 rw,errors=remount-ro 0 0 proc /proc proc rw 0 0 sysfs /sys sysfs rw 0 0 devpts /dev/pts devpts rw,gid=5,mode=620 0 0 tmpfs /dev/shm tmpfs rw 0 0 /dev/hda2 /boot ext3 rw 0 0 /dev/mapper/host-usr /usr ext3 rw 0 0 /dev/mapper/host-var /var ext3 rw 0 0 /dev/mapper/host-lifc--svnlmd /var/lib/vservers/lifc-svnlmd ext3 rw,acl 0 0 /dev/mapper/host-lifc--webmail /var/lib/vservers/lifc-webmail ext3 rw 0 0 /dev/mapper/host-lifc--glpi /var/lib/vservers/lifc-glpi ext3 rw 0 0 /dev/mapper/host-lifc--darkvador /var/lib/vservers/lifc-darkvador ext3 rw 0 0 /mnt/wesson-home /var/lib/vservers/lifc-svnlmd/home none rw,bind 0 0 usbfs /proc/bus/usb usbfs rw 0 0 172.20.128.107:/home /mnt/wesson-home nfs rw,addr=172.20.128.107 0 0 lifcsys3:~# The line works fine : # setfacl -m u:smmsp:rwx /var/lib/vservers/lifc-svnlmd/tmp/toto # lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto getfacl: Removing leading '/' from absolute path names # file: var/lib/vservers/lifc-svnlmd/tmp/toto # owner: root # group: root user::rw- user:root:rwx user:smmsp:rwx group::r-- mask::rwx other::r-- lifcsys3:~# When I test setfacl on my guest : lifc-svnlmd:/tmp# setfacl -m u:root:rwx /tmp/toto setfacl: /tmp/toto: Opération non supportée lifc-svnlmd:/tmp# Strange. acl is supported on my guest. When I show the content of /etc/mtab, I see : lifc-svnlmd:/tmp# cat /etc/mtab /dev/hdv1 / ufs defaults 0 0 none /proc proc 0 0 none /tmp tmpfs size=16m,mode=1777 0 0 none /dev/pts devpts gid=5,mode=620 0 0 lifc-svnlmd:/tmp# Why this behavior ? Is it normal ? Thank. Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re:[Vserver] How to show processes
Hi, ps works fine on vserver host and guest. Perhaps bad permissions on /proc (on host system). Cheers I am new to linux vserver and I have inherited a machine running it. I may be wrong but I believe this machine should be running quite a few processes but this is not the case when I issue the ps command. Does each vserver partition the output of its processes? If so, how do I access this information? Peter ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver Jean-Michel Caricand mail : [EMAIL PROTECTED] Envoyez vos cartes de voeux depuis www.laposte.net Elles seront ensuite distribuées par le facteur : pratique et malin ! ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver