Re: [Vserver] bcapabilities not working?
Hi, Here is the Debug output. There is no corresponding line for bcap, as ++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap. Hope this helps. Andy ++ local cap_opts ++ local flag ++ test '(' '!' -e /etc/vservers/apache2server/hostname -o -e /etc/vservers/apac he2server/uts/nodename ')' -a '(' '!' -e /etc/vservers/apache2server/domainname -o -e /etc/vservers/apache2server/uts/domainname ')' ++ test -z '' ++ _generateCapabilityOptions /etc/vservers/apache2server ++ local vdir=/etc/vservers/apache2server ++ local cap ++ _generateBCapabilityOptions /etc/vservers/apache2server ++ local vdir=/etc/vservers/apache2server ++ local cap ++ local f=/etc/vservers/apache2server/bcapabilities ++ test -e /etc/vservers/apache2server/bcapabilities ++ read cap ++ _generateCCapabilityOptions /etc/vservers/apache2server ++ local vdir=/etc/vservers/apache2server ++ local cap ++ local f=/etc/vservers/apache2server/ccapabilities ++ test -e /etc/vservers/apache2server/ccapabilities ++ read cap ++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) ++ read cap ++ test -e /etc/vservers/apache2server/capabilities ++ return 0 ++ _generateFlagOptions /etc/vservers/apache2server ++ local vdir=/etc/vservers/apache2server ++ CHCONTEXT_FLAG_OPTS=() ++ test '!' -e /etc/vservers/apache2server/flags Herbert Poetzl wrote: On Fri, Jan 14, 2005 at 06:34:02PM -0800, Andrew Mendelsohn wrote: Hi, Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling util-vserver 0.30.196, it seems that I can't remove capabilities via the /usr/local//etc/vservers/webserver/bcapabilities configuration file using ~ALL. The /usr/local//etc/vservers/webserver/ccapabilities file does what it is supposed to when set to ~ALL. Output of cat /proc/self/vinfo before config files are set to ~ALL XID:10 BCaps: d44c04ff CCaps: 0101 CFlags: 00020210 CIPid: 0 Output of cat /proc/self/vinfo after both config files are set to ~ALL XID:10 BCaps: d44c04ff CCaps: CFlags: 00020210 CIPid: 0 Is it a bug, or do I need an additional configuration step? hmm, didn't test with the config setup, but a quick check with vxc showed that it is working as expected $ vxc --xid 100 -- grep Cap /proc/self/status New security context is 100 CapInh: CapPrm: feff CapEff: feff $ vxc --xid 100 --bcap ~ALL -- cat /proc/self/vinfo New security context is 100 XID: 100 BCaps: CCaps: CFlags: 0002 CIPid: 0 $ vxc --xid 100 --bcap ~ALL -- grep Cap /proc/self/status New security context is 100 CapInh: CapPrm: CapEff: (kernel) 2.6.11-rc1-vs1.9.4-rc1 no relevant changes to 2.6.10-vs1.9.3.17 please check with --debug if the --bcap arg is passed properly to vattribue ... TIA, Herbert Thanks, Andy ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] bcapabilities not working?
[EMAIL PROTECTED] (Andrew Mendelsohn) writes: Here is the Debug output. There is no corresponding line for bcap, as ++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap. ... ++ local f=/etc/vservers/apache2server/bcapabilities ++ test -e /etc/vservers/apache2server/bcapabilities ~ ... Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling util-vserver 0.30.196, it seems that I can't remove capabilities via the /usr/local//etc/vservers/webserver/bcapabilities ~ configuration file using ~ALL. Are you sure that the '~ALL' was configured in the correct vserver? Enrico -- A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] bcapabilities not working?
Hi, Yes the files were both in the correct directory for the vserver. They both contained '~ALL' However: cmp bcapabilities ccapabilities cmp: EOF on bcapabilities So there was a problem with the bcapabilties file. Copying the ccapabilities to the bcapabilities. cat /proc/self/vinfo XID:16 BCaps: CCaps: CFlags: 00020210 CIPid: 0 Andy Enrico Scholz wrote: [EMAIL PROTECTED] (Andrew Mendelsohn) writes: Here is the Debug output. There is no corresponding line for bcap, as ++ OPTS_VATTRIBUTE=([EMAIL PROTECTED] --ccap $cap) for ccap. ... ++ local f=/etc/vservers/apache2server/bcapabilities ++ test -e /etc/vservers/apache2server/bcapabilities ~ ... Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling util-vserver 0.30.196, it seems that I can't remove capabilities via the /usr/local//etc/vservers/webserver/bcapabilities ~ configuration file using ~ALL. Are you sure that the '~ALL' was configured in the correct vserver? Enrico ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] bcapabilities not working?
On Fri, Jan 14, 2005 at 06:34:02PM -0800, Andrew Mendelsohn wrote: Hi, Using 2.6.10 with patch-2.6.10-vs1.9.3.17.diff and compiling util-vserver 0.30.196, it seems that I can't remove capabilities via the /usr/local//etc/vservers/webserver/bcapabilities configuration file using ~ALL. The /usr/local//etc/vservers/webserver/ccapabilities file does what it is supposed to when set to ~ALL. Output of cat /proc/self/vinfo before config files are set to ~ALL XID:10 BCaps: d44c04ff CCaps: 0101 CFlags: 00020210 CIPid: 0 Output of cat /proc/self/vinfo after both config files are set to ~ALL XID:10 BCaps: d44c04ff CCaps: CFlags: 00020210 CIPid: 0 Is it a bug, or do I need an additional configuration step? hmm, didn't test with the config setup, but a quick check with vxc showed that it is working as expected $ vxc --xid 100 -- grep Cap /proc/self/status New security context is 100 CapInh: CapPrm: feff CapEff: feff $ vxc --xid 100 --bcap ~ALL -- cat /proc/self/vinfo New security context is 100 XID:100 BCaps: CCaps: CFlags: 0002 CIPid: 0 $ vxc --xid 100 --bcap ~ALL -- grep Cap /proc/self/status New security context is 100 CapInh: CapPrm: CapEff: (kernel) 2.6.11-rc1-vs1.9.4-rc1 no relevant changes to 2.6.10-vs1.9.3.17 please check with --debug if the --bcap arg is passed properly to vattribue ... TIA, Herbert Thanks, Andy ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver