Re: [Vserver] chcontext not permitted
Hello Lyn, * Lyn St George <[EMAIL PROTECTED]>, [2007-02-08 1:13 +]: > On Thu, 8 Feb 2007 00:47:26 +0100 (CET), Daniel Hokka Zakrisson wrote: > >Lyn St George wrote: > >> They still don't stop properly, and 'ps -ax' does not show all > >> processes, so I guess things need to be tweaked. But at least they > >> run. > > > >What? ps ax is not supposed to show _all_ processes, just the ones > >belonging to the current context. If you want to show all of them, use vps > >on the host. > > I meant all processes in the guest, not also those on the host. Some > were known to be running, eg Apache could be connected to, but > were not showing in the process list. I don't know if this is the problem, but 'ps -ax' is different from 'ps ax' (the latter is probably what you want). Quoting ps(1): -a Select all processes except session leaders (see getsid(2)) and processes not associated with a terminal. a ... this option causes ps to list all processes with a terminal (tty), or to list all processes when used together with the x option. ciao, ema signature.asc Description: Digital signature ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
On Thu, 8 Feb 2007 00:47:26 +0100 (CET), Daniel Hokka Zakrisson wrote: >Lyn St George wrote: >> In the end, it seems that it was LVM. I eventually found this > >No, this was an actual bug. It should be fixed in 2.2.0-rc12. Ah ... though applying the specified config did fix it. >> page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 >> which specifically mentions that LVM needs a different >> configuration. So I did that - and with the new-style config >> so the LVM fix would work - and now the vservers start and >> can be entered properly. They still don't stop properly, and >> 'ps -ax' does not show all processes, so I guess things need >> to be tweaked. But at least they run. > >What? ps ax is not supposed to show _all_ processes, just the ones >belonging to the current context. If you want to show all of them, use vps >on the host. I meant all processes in the guest, not also those on the host. Some were known to be running, eg Apache could be connected to, but were not showing in the process list. And my current configuration is to explicitly mount both proc and dev/pts on the host's fstab. Doing this allows things to work as expected, and as they used to do before being hit with LVM on the host. >-- >Daniel Hokka Zakrisson - Lyn ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
Lyn St George wrote: > In the end, it seems that it was LVM. I eventually found this No, this was an actual bug. It should be fixed in 2.2.0-rc12. > page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 > which specifically mentions that LVM needs a different > configuration. So I did that - and with the new-style config > so the LVM fix would work - and now the vservers start and > can be entered properly. They still don't stop properly, and > 'ps -ax' does not show all processes, so I guess things need > to be tweaked. But at least they run. What? ps ax is not supposed to show _all_ processes, just the ones belonging to the current context. If you want to show all of them, use vps on the host. -- Daniel Hokka Zakrisson ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
On Tue, 6 Feb 2007 05:42:48 +0100, Herbert Poetzl wrote: >On Mon, Feb 05, 2007 at 01:14:24PM +, Lyn St George wrote: >> Hallo all >> >> I've just had a hard disk replaced with a fresh installtion of >> CentOS4.4 and so I also built a new kernel, and for the first >> time am getting this error: >> chcontext: vc_new_s_context(): Operation not permitted >> when trying to enter or stop a vserver. > >EPERM means that you do not have the proper >capability (CAP_SYS_ADMIN and xid=0) or that >the guest is running with VX_INFO_PRIVATE > >(probably the latter is true in your case) > >> Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The >> vservers are using the legacy configs, ie a single config >> file under /etc/vservers per vserver. > >this config is deprecated for a long time now >(several years, IIRC, please upgrade that) > >> Tools are built with 'ALL' as the target apis. >> >> This host is using LVM, and while I can't see how this could >> contribute towards this problem I can't see anything else >> that is different from all other kernels and installations that >> have gone without a hitch. > >I guess you have this one enabled: > CONFIG_VSERVER_PRIVACY=y > >which is on by default, and honored with >new tools/configs ... probably not correctly >by the old legacy interfaces though ... > >> The testme.sh script shows that everything tested is OK. >> At the moment these vservers are not working properly, ie >> they don't start up most daemons and I have to enter them >> with chroot and manually get things going. A 'ps ax' shows >> all the host's processes visible inside the vserver, so plainly >> the separation has failed. > >that is jumping to conclusions, as chroot will >not change the process context, so naturally >you will see host processess ... > >> Would anyone have any clues to point me to a solution? > >fast solution: disable the privacy >long term solution: upgrade to the new config In the end, it seems that it was LVM. I eventually found this page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 which specifically mentions that LVM needs a different configuration. So I did that - and with the new-style config so the LVM fix would work - and now the vservers start and can be entered properly. They still don't stop properly, and 'ps -ax' does not show all processes, so I guess things need to be tweaked. But at least they run. >HTH, >Herbert - Lyn ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] chcontext not permitted
On Mon, Feb 05, 2007 at 01:14:24PM +, Lyn St George wrote: > Hallo all > > I've just had a hard disk replaced with a fresh installtion of > CentOS4.4 and so I also built a new kernel, and for the first > time am getting this error: > chcontext: vc_new_s_context(): Operation not permitted > when trying to enter or stop a vserver. EPERM means that you do not have the proper capability (CAP_SYS_ADMIN and xid=0) or that the guest is running with VX_INFO_PRIVATE (probably the latter is true in your case) > Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The > vservers are using the legacy configs, ie a single config > file under /etc/vservers per vserver. this config is deprecated for a long time now (several years, IIRC, please upgrade that) > Tools are built with 'ALL' as the target apis. > > This host is using LVM, and while I can't see how this could > contribute towards this problem I can't see anything else > that is different from all other kernels and installations that > have gone without a hitch. I guess you have this one enabled: CONFIG_VSERVER_PRIVACY=y which is on by default, and honored with new tools/configs ... probably not correctly by the old legacy interfaces though ... > The testme.sh script shows that everything tested is OK. > At the moment these vservers are not working properly, ie > they don't start up most daemons and I have to enter them > with chroot and manually get things going. A 'ps ax' shows > all the host's processes visible inside the vserver, so plainly > the separation has failed. that is jumping to conclusions, as chroot will not change the process context, so naturally you will see host processess ... > Would anyone have any clues to point me to a solution? fast solution: disable the privacy long term solution: upgrade to the new config HTH, Herbert > - > Lyn > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
[Vserver] chcontext not permitted
Hallo all I've just had a hard disk replaced with a fresh installtion of CentOS4.4 and so I also built a new kernel, and for the first time am getting this error: chcontext: vc_new_s_context(): Operation not permitted when trying to enter or stop a vserver. Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The vservers are using the legacy configs, ie a single config file under /etc/vservers per vserver. Tools are built with 'ALL' as the target apis. This host is using LVM, and while I can't see how this could contribute towards this problem I can't see anything else that is different from all other kernels and installations that have gone without a hitch. The testme.sh script shows that everything tested is OK. At the moment these vservers are not working properly, ie they don't start up most daemons and I have to enter them with chroot and manually get things going. A 'ps ax' shows all the host's processes visible inside the vserver, so plainly the separation has failed. Would anyone have any clues to point me to a solution? - Lyn ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
