subject:"Re\: \[Vserver\] bcapabilities not working\?"

Re: [Vserver] bcapabilities not working?

2005-01-26 Thread Andrew Mendelsohn

Hi,
  Here is the Debug output.  There is no corresponding line for bcap, as
++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap.
Hope this helps.
Andy
++ local cap_opts
++ local flag
++ test '(' '!' -e /etc/vservers/apache2server/hostname -o -e 
/etc/vservers/apac
he2server/uts/nodename ')' -a '(' '!' -e 
/etc/vservers/apache2server/domainname
-o -e /etc/vservers/apache2server/uts/domainname ')'
++ test -z ''
++ _generateCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ _generateBCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ local f=/etc/vservers/apache2server/bcapabilities
++ test -e /etc/vservers/apache2server/bcapabilities
++ read cap
++ _generateCCapabilityOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ local cap
++ local f=/etc/vservers/apache2server/ccapabilities
++ test -e /etc/vservers/apache2server/ccapabilities
++ read cap
++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap)
++ read cap
++ test -e /etc/vservers/apache2server/capabilities
++ return 0
++ _generateFlagOptions /etc/vservers/apache2server
++ local vdir=/etc/vservers/apache2server
++ CHCONTEXT_FLAG_OPTS=()
++ test '!' -e /etc/vservers/apache2server/flags


Herbert Poetzl wrote:
On Fri, Jan 14, 2005 at 06:34:02PM -0800, Andrew Mendelsohn wrote:
 

Hi,
Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling 
util-vserver 0.30.196, it seems that I can't remove capabilities via the 
/usr/local//etc/vservers/webserver/bcapabilities configuration file 
using  ~ALL.  The /usr/local//etc/vservers/webserver/ccapabilities file 
does what it is supposed to when set to ~ALL.

Output of cat /proc/self/vinfo before config files are set to ~ALL
XID:10
BCaps:  d44c04ff
CCaps:  0101
CFlags: 00020210
CIPid:  0
Output of cat /proc/self/vinfo after both config files are set to ~ALL
XID:10
BCaps:  d44c04ff
CCaps:  
CFlags: 00020210
CIPid:  0
Is it a bug, or do I need an additional configuration step?
   

hmm, didn't test with the config setup, but a quick
check with vxc showed that it is working as expected
$ vxc --xid 100 -- grep Cap /proc/self/status
New security context is 100
CapInh: 
CapPrm: feff
CapEff: feff
$ vxc --xid 100 --bcap ~ALL -- cat /proc/self/vinfo  
New security context is 100
XID:	100
BCaps:	
CCaps:	
CFlags:	0002
CIPid:	0

$ vxc --xid 100 --bcap ~ALL -- grep Cap /proc/self/status
New security context is 100
CapInh: 
CapPrm: 
CapEff: 
(kernel) 2.6.11-rc1-vs1.9.4-rc1
no relevant changes to 2.6.10-vs1.9.3.17
please check with --debug if the --bcap arg is
passed properly to vattribue ...
TIA,
Herbert
 

Thanks,
Andy


___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
   


 

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bcapabilities not working?

2005-01-26 Thread Enrico Scholz

[EMAIL PROTECTED] (Andrew Mendelsohn) writes:

Here is the Debug output.  There is no corresponding line for bcap, as
 ++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap.
 ...
 ++ local f=/etc/vservers/apache2server/bcapabilities
 ++ test -e /etc/vservers/apache2server/bcapabilities
   ~
 ...
 Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling
 util-vserver 0.30.196, it seems that I can't remove capabilities
 via the /usr/local//etc/vservers/webserver/bcapabilities
 ~
 configuration file using  ~ALL.

Are you sure that the '~ALL' was configured in the correct
vserver?



Enrico

-- 
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?  
A: Top-posting.  
Q: What is the most annoying thing in e-mail?
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bcapabilities not working?

2005-01-26 Thread Andrew Mendelsohn

Hi,
 Yes the files were both in the correct directory for the vserver.  
They both contained '~ALL'
However:

cmp bcapabilities ccapabilities
cmp: EOF on bcapabilities
So there was a problem with the bcapabilties file.  Copying the 
ccapabilities to the bcapabilities.

cat /proc/self/vinfo
XID:16
BCaps:  
CCaps:  
CFlags: 00020210
CIPid:  0
Andy
Enrico Scholz wrote:
[EMAIL PROTECTED] (Andrew Mendelsohn) writes:
 

  Here is the Debug output.  There is no corresponding line for bcap, as
++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap.
...
++ local f=/etc/vservers/apache2server/bcapabilities
++ test -e /etc/vservers/apache2server/bcapabilities
   

  ~
 

...
   

Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling
util-vserver 0.30.196, it seems that I can't remove capabilities
via the /usr/local//etc/vservers/webserver/bcapabilities
   

~
 

configuration file using  ~ALL.
   

Are you sure that the '~ALL' was configured in the correct
vserver?

Enrico
 

___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bcapabilities not working?

2005-01-15 Thread Herbert Poetzl

On Fri, Jan 14, 2005 at 06:34:02PM -0800, Andrew Mendelsohn wrote:
 Hi,
 
 Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling 
 util-vserver 0.30.196, it seems that I can't remove capabilities via the 
 /usr/local//etc/vservers/webserver/bcapabilities configuration file 
 using  ~ALL.  The /usr/local//etc/vservers/webserver/ccapabilities file 
 does what it is supposed to when set to ~ALL.
 
 Output of cat /proc/self/vinfo before config files are set to ~ALL
 
 XID:10
 BCaps:  d44c04ff
 CCaps:  0101
 CFlags: 00020210
 CIPid:  0
 
 Output of cat /proc/self/vinfo after both config files are set to ~ALL
 
 XID:10
 BCaps:  d44c04ff
 CCaps:  
 CFlags: 00020210
 CIPid:  0
 
 Is it a bug, or do I need an additional configuration step?

hmm, didn't test with the config setup, but a quick
check with vxc showed that it is working as expected

$ vxc --xid 100 -- grep Cap /proc/self/status
New security context is 100
CapInh: 
CapPrm: feff
CapEff: feff

$ vxc --xid 100 --bcap ~ALL -- cat /proc/self/vinfo  
New security context is 100
XID:100
BCaps:  
CCaps:  
CFlags: 0002
CIPid:  0

$ vxc --xid 100 --bcap ~ALL -- grep Cap /proc/self/status
New security context is 100
CapInh: 
CapPrm: 
CapEff: 

(kernel) 2.6.11-rc1-vs1.9.4-rc1
no relevant changes to 2.6.10-vs1.9.3.17

please check with --debug if the --bcap arg is
passed properly to vattribue ...

TIA,
Herbert

 Thanks,
 Andy
 
 
 
 
 
 
 ___
 Vserver mailing list
 Vserver@list.linux-vserver.org
 http://list.linux-vserver.org/mailman/listinfo/vserver
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] bcapabilities not working?

Re: [Vserver] bcapabilities not working?

Re: [Vserver] bcapabilities not working?

Re: [Vserver] bcapabilities not working?

4 matches

Site Navigation

Mail list logo

Footer information