Re: [Vserver] how to set capabilities in Debian
On Thu, Sep 28, 2006 at 06:34:48PM +0200, Wilhelm Meier wrote: > Am Donnerstag, 28. September 2006 16:42 schrieb Herbert Poetzl: > > On Thu, Sep 28, 2006 at 08:03:29AM +0200, Wilhelm Meier wrote: > > > Am Mittwoch, 27. September 2006 16:40 schrieb Herbert Poetzl: > > > > > H242-meier vserver.nfs # sysctl -a | grep sun > > > > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > > > > sunrpc.tcp_slot_table_entries = 16 > > > > > sunrpc.udp_slot_table_entries = 16 > > > > > sunrpc.nlm_debug = 0 > > > > > sunrpc.nfsd_debug = 1 > > > > > sunrpc.nfs_debug = 0 > > > > > sunrpc.rpc_debug = 1 > > > > > > > > different values here will enable different debug > > > > output, I would prefer something like 65535 there > > > > (which will enable full output) > > > > > > The setting on the nfs-server: > > > > > > H242-meier ~ # sysctl -a | grep sun > > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > > sunrpc.tcp_slot_table_entries = 16 > > > sunrpc.udp_slot_table_entries = 16 > > > sunrpc.nlm_debug = 0 > > > sunrpc.nfsd_debug = 65535 > > > sunrpc.nfs_debug = 0 > > > sunrpc.rpc_debug = 65535 > > > H242-meier ~ # > > > > > > The log on the nfs-server: > > > > > > Sep 28 07:55:31 H242-meier device vmnet1 entered promiscuous mode > > > Sep 28 07:55:49 H242-meier rpc.mountd: MNT3(/home) called > > > Sep 28 07:55:49 H242-meier rpc.mountd: authenticated mount request from > > > vs01:1009 for /home ( > > > /home) Sep 28 07:55:50 H242-meier nfsd: exp_rootfh(/home [f235c628] > > > *:hda2/2277377) Sep 28 07:55:50 H242-meier nfsd: fh_compose(exp > > > 03:02/2277377 //home, ino=2277377) > > > Sep 28 07:56:09 H242-meier device vmnet1 left promiscuous mode > > > > > > The settings on the vserver-host: > > > > > > gs ~ # sysctl -a | grep sun > > > error: "Success" reading key "dev.parport.parport0.autoprobe3" > > > error: "Success" reading key "dev.parport.parport0.autoprobe2" > > > error: "Success" reading key "dev.parport.parport0.autoprobe1" > > > error: "Success" reading key "dev.parport.parport0.autoprobe0" > > > error: "Success" reading key "dev.parport.parport0.autoprobe" > > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > > sunrpc.max_resvport = 1023 > > > sunrpc.min_resvport = 650 > > > sunrpc.tcp_slot_table_entries = 16 > > > sunrpc.udp_slot_table_entries = 16 > > > sunrpc.nlm_debug = 0 > > > sunrpc.nfsd_debug = 0 > > > sunrpc.nfs_debug = 65535 > > > sunrpc.rpc_debug = 65535 > > > gs ~ # > > > > > > > > > The log on the vserver-host: > > > > > > Sep 27 22:13:18 gs rpciod_up: users 0 > > > Sep 27 22:13:18 gs RPC: setting up tcp-ipv4 transport... > > > Sep 27 22:13:18 gs RPC: created transport cf91b400 with 16 slots > > > Sep 27 22:13:18 gs RPC: xprt_create_proto created xprt cf91b400 > > > Sep 27 22:13:18 gs RPC: creating nfs client for 192.168.39.1 (xprt > > > cf91b400) Sep 27 22:13:18 gs RPC: destroying transport cf91b400 > > > Sep 27 22:13:18 gs RPC: xs_destroy xprt cf91b400 > > > Sep 27 22:13:18 gs RPC: disconnected transport cf91b400 > > > Sep 27 22:13:18 gs nfs_create_client: cannot create RPC client. Error > > > = -812534784 > > > Sep 27 22:13:18 gs rpciod_down sema 1 > > > Sep 27 22:13:18 gs nfs_get_sb: bad mount version > > > > > > ( ) > > > This doesn't semm to look good? > > > > > > Attached the tcpdump. > > > > > > > could you try with a v3,tcp mount too? > > > > > > The trace of the mount inside the vs: > > > > > > vs01 / # strace mount 192.168.39.1:/home /home -o nfsvers=3,nolock,tcp > > > execve("/bin/mount", > > > ["mount", "192.168.39.1:/home", "/home", "-o", "nfsvers=3,nolock,tcp"], > > > [/* 26 vars */]) = 0 > > > uname({sys="Linux", node="vs01", ...}) = 0 > > > brk(0) = 0x8063000 > > > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > > > directory) > > > open("/etc/ld.so.cache", O_RDONLY) = 3 > > > fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 > > > mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4e000 > > > close(3)= 0 > > > open("/lib/libblkid.so.1", O_RDONLY)= 3 > > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) > > > = 512 > > > fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 > > > mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > > > = 0xb7f46000 > > > mmap2(0xb7f4d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| > > > MAP_DENYWRITE, 3, 0x6) = 0xb7f4d000 > > > close(3)= 0 > > > open("/lib/libuuid.so.1", O_RDONLY) = 3 > > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0"..., > > > 512) = 512 > > > fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0 > > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > > > = 0xb7f45000 > > > mmap2(NULL, 11
Re: [Vserver] how to set capabilities in Debian
Am Donnerstag, 28. September 2006 16:42 schrieb Herbert Poetzl: > On Thu, Sep 28, 2006 at 08:03:29AM +0200, Wilhelm Meier wrote: > > Am Mittwoch, 27. September 2006 16:40 schrieb Herbert Poetzl: > > > > H242-meier vserver.nfs # sysctl -a | grep sun > > > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > > > sunrpc.tcp_slot_table_entries = 16 > > > > sunrpc.udp_slot_table_entries = 16 > > > > sunrpc.nlm_debug = 0 > > > > sunrpc.nfsd_debug = 1 > > > > sunrpc.nfs_debug = 0 > > > > sunrpc.rpc_debug = 1 > > > > > > different values here will enable different debug > > > output, I would prefer something like 65535 there > > > (which will enable full output) > > > > The setting on the nfs-server: > > > > H242-meier ~ # sysctl -a | grep sun > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > sunrpc.tcp_slot_table_entries = 16 > > sunrpc.udp_slot_table_entries = 16 > > sunrpc.nlm_debug = 0 > > sunrpc.nfsd_debug = 65535 > > sunrpc.nfs_debug = 0 > > sunrpc.rpc_debug = 65535 > > H242-meier ~ # > > > > The log on the nfs-server: > > > > Sep 28 07:55:31 H242-meier device vmnet1 entered promiscuous mode > > Sep 28 07:55:49 H242-meier rpc.mountd: MNT3(/home) called > > Sep 28 07:55:49 H242-meier rpc.mountd: authenticated mount request from > > vs01:1009 for /home ( > > /home) Sep 28 07:55:50 H242-meier nfsd: exp_rootfh(/home [f235c628] > > *:hda2/2277377) Sep 28 07:55:50 H242-meier nfsd: fh_compose(exp > > 03:02/2277377 //home, ino=2277377) > > Sep 28 07:56:09 H242-meier device vmnet1 left promiscuous mode > > > > The settings on the vserver-host: > > > > gs ~ # sysctl -a | grep sun > > error: "Success" reading key "dev.parport.parport0.autoprobe3" > > error: "Success" reading key "dev.parport.parport0.autoprobe2" > > error: "Success" reading key "dev.parport.parport0.autoprobe1" > > error: "Success" reading key "dev.parport.parport0.autoprobe0" > > error: "Success" reading key "dev.parport.parport0.autoprobe" > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > sunrpc.max_resvport = 1023 > > sunrpc.min_resvport = 650 > > sunrpc.tcp_slot_table_entries = 16 > > sunrpc.udp_slot_table_entries = 16 > > sunrpc.nlm_debug = 0 > > sunrpc.nfsd_debug = 0 > > sunrpc.nfs_debug = 65535 > > sunrpc.rpc_debug = 65535 > > gs ~ # > > > > > > The log on the vserver-host: > > > > Sep 27 22:13:18 gs rpciod_up: users 0 > > Sep 27 22:13:18 gs RPC: setting up tcp-ipv4 transport... > > Sep 27 22:13:18 gs RPC: created transport cf91b400 with 16 slots > > Sep 27 22:13:18 gs RPC: xprt_create_proto created xprt cf91b400 > > Sep 27 22:13:18 gs RPC: creating nfs client for 192.168.39.1 (xprt > > cf91b400) Sep 27 22:13:18 gs RPC: destroying transport cf91b400 > > Sep 27 22:13:18 gs RPC: xs_destroy xprt cf91b400 > > Sep 27 22:13:18 gs RPC: disconnected transport cf91b400 > > Sep 27 22:13:18 gs nfs_create_client: cannot create RPC client. Error > > = -812534784 > > Sep 27 22:13:18 gs rpciod_down sema 1 > > Sep 27 22:13:18 gs nfs_get_sb: bad mount version > > > > ( ) > > This doesn't semm to look good? > > > > Attached the tcpdump. > > > > > could you try with a v3,tcp mount too? > > > > The trace of the mount inside the vs: > > > > vs01 / # strace mount 192.168.39.1:/home /home -o nfsvers=3,nolock,tcp > > execve("/bin/mount", > > ["mount", "192.168.39.1:/home", "/home", "-o", "nfsvers=3,nolock,tcp"], > > [/* 26 vars */]) = 0 > > uname({sys="Linux", node="vs01", ...}) = 0 > > brk(0) = 0x8063000 > > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > > directory) > > open("/etc/ld.so.cache", O_RDONLY) = 3 > > fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 > > mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4e000 > > close(3)= 0 > > open("/lib/libblkid.so.1", O_RDONLY)= 3 > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) > > = 512 > > fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 > > mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > > = 0xb7f46000 > > mmap2(0xb7f4d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| > > MAP_DENYWRITE, 3, 0x6) = 0xb7f4d000 > > close(3)= 0 > > open("/lib/libuuid.so.1", O_RDONLY) = 3 > > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0"..., > > 512) = 512 > > fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0 > > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) > > = 0xb7f45000 > > mmap2(NULL, 11544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) > > = 0xb7f42000 > > mmap2(0xb7f44000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| > > MAP_DENYWRITE, 3, 0x1) = 0xb7f44000 > > close(3)= 0 > > open("/lib/libc.so.6", O_RDONLY)= 3
Re: [Vserver] how to set capabilities in Debian
On Thu, Sep 28, 2006 at 08:03:29AM +0200, Wilhelm Meier wrote: > Am Mittwoch, 27. September 2006 16:40 schrieb Herbert Poetzl: > > > H242-meier vserver.nfs # sysctl -a | grep sun > > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > > sunrpc.tcp_slot_table_entries = 16 > > > sunrpc.udp_slot_table_entries = 16 > > > sunrpc.nlm_debug = 0 > > > sunrpc.nfsd_debug = 1 > > > sunrpc.nfs_debug = 0 > > > sunrpc.rpc_debug = 1 > > > > different values here will enable different debug > > output, I would prefer something like 65535 there > > (which will enable full output) > > The setting on the nfs-server: > > H242-meier ~ # sysctl -a | grep sun > error: "Operation not permitted" reading key "net.ipv4.route.flush" > sunrpc.tcp_slot_table_entries = 16 > sunrpc.udp_slot_table_entries = 16 > sunrpc.nlm_debug = 0 > sunrpc.nfsd_debug = 65535 > sunrpc.nfs_debug = 0 > sunrpc.rpc_debug = 65535 > H242-meier ~ # > > The log on the nfs-server: > > Sep 28 07:55:31 H242-meier device vmnet1 entered promiscuous mode > Sep 28 07:55:49 H242-meier rpc.mountd: MNT3(/home) called > Sep 28 07:55:49 H242-meier rpc.mountd: authenticated mount request from > vs01:1009 for /home ( /home) > Sep 28 07:55:50 H242-meier nfsd: exp_rootfh(/home [f235c628] *:hda2/2277377) > Sep 28 07:55:50 H242-meier nfsd: fh_compose(exp 03:02/2277377 //home, > ino=2277377) > Sep 28 07:56:09 H242-meier device vmnet1 left promiscuous mode > > The settings on the vserver-host: > > gs ~ # sysctl -a | grep sun > error: "Success" reading key "dev.parport.parport0.autoprobe3" > error: "Success" reading key "dev.parport.parport0.autoprobe2" > error: "Success" reading key "dev.parport.parport0.autoprobe1" > error: "Success" reading key "dev.parport.parport0.autoprobe0" > error: "Success" reading key "dev.parport.parport0.autoprobe" > error: "Operation not permitted" reading key "net.ipv4.route.flush" > sunrpc.max_resvport = 1023 > sunrpc.min_resvport = 650 > sunrpc.tcp_slot_table_entries = 16 > sunrpc.udp_slot_table_entries = 16 > sunrpc.nlm_debug = 0 > sunrpc.nfsd_debug = 0 > sunrpc.nfs_debug = 65535 > sunrpc.rpc_debug = 65535 > gs ~ # > > > The log on the vserver-host: > > Sep 27 22:13:18 gs rpciod_up: users 0 > Sep 27 22:13:18 gs RPC: setting up tcp-ipv4 transport... > Sep 27 22:13:18 gs RPC: created transport cf91b400 with 16 slots > Sep 27 22:13:18 gs RPC: xprt_create_proto created xprt cf91b400 > Sep 27 22:13:18 gs RPC: creating nfs client for 192.168.39.1 (xprt cf91b400) > Sep 27 22:13:18 gs RPC: destroying transport cf91b400 > Sep 27 22:13:18 gs RPC: xs_destroy xprt cf91b400 > Sep 27 22:13:18 gs RPC: disconnected transport cf91b400 > Sep 27 22:13:18 gs nfs_create_client: cannot create RPC client. Error > = -812534784 > Sep 27 22:13:18 gs rpciod_down sema 1 > Sep 27 22:13:18 gs nfs_get_sb: bad mount version > > ( ) > This doesn't semm to look good? > > Attached the tcpdump. > > > > > could you try with a v3,tcp mount too? > > The trace of the mount inside the vs: > > vs01 / # strace mount 192.168.39.1:/home /home -o nfsvers=3,nolock,tcp > execve("/bin/mount", > ["mount", "192.168.39.1:/home", "/home", "-o", "nfsvers=3,nolock,tcp"], [/* > 26 vars */]) = 0 > uname({sys="Linux", node="vs01", ...}) = 0 > brk(0) = 0x8063000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 > mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4e000 > close(3)= 0 > open("/lib/libblkid.so.1", O_RDONLY)= 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) = > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 > mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0xb7f46000 > mmap2(0xb7f4d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| > MAP_DENYWRITE, 3, 0x6) = 0xb7f4d000 > close(3)= 0 > open("/lib/libuuid.so.1", O_RDONLY) = 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0"..., 512) = > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0 > mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = > 0xb7f45000 > mmap2(NULL, 11544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0xb7f42000 > mmap2(0xb7f44000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| > MAP_DENYWRITE, 3, 0x1) = 0xb7f44000 > close(3)= 0 > open("/lib/libc.so.6", O_RDONLY)= 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240T\1"..., 512) = > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=122, ...}) = 0 > mmap2(NULL, 1158452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0xb7e27000 > mmap2(0xb7f3c000, 1638
Re: [Vserver] how to set capabilities in Debian
Am Mittwoch, 27. September 2006 16:40 schrieb Herbert Poetzl: > > H242-meier vserver.nfs # sysctl -a | grep sun > > error: "Operation not permitted" reading key "net.ipv4.route.flush" > > sunrpc.tcp_slot_table_entries = 16 > > sunrpc.udp_slot_table_entries = 16 > > sunrpc.nlm_debug = 0 > > sunrpc.nfsd_debug = 1 > > sunrpc.nfs_debug = 0 > > sunrpc.rpc_debug = 1 > > different values here will enable different debug > output, I would prefer something like 65535 there > (which will enable full output) The setting on the nfs-server: H242-meier ~ # sysctl -a | grep sun error: "Operation not permitted" reading key "net.ipv4.route.flush" sunrpc.tcp_slot_table_entries = 16 sunrpc.udp_slot_table_entries = 16 sunrpc.nlm_debug = 0 sunrpc.nfsd_debug = 65535 sunrpc.nfs_debug = 0 sunrpc.rpc_debug = 65535 H242-meier ~ # The log on the nfs-server: Sep 28 07:55:31 H242-meier device vmnet1 entered promiscuous mode Sep 28 07:55:49 H242-meier rpc.mountd: MNT3(/home) called Sep 28 07:55:49 H242-meier rpc.mountd: authenticated mount request from vs01:1009 for /home ( /home) Sep 28 07:55:50 H242-meier nfsd: exp_rootfh(/home [f235c628] *:hda2/2277377) Sep 28 07:55:50 H242-meier nfsd: fh_compose(exp 03:02/2277377 //home, ino=2277377) Sep 28 07:56:09 H242-meier device vmnet1 left promiscuous mode The settings on the vserver-host: gs ~ # sysctl -a | grep sun error: "Success" reading key "dev.parport.parport0.autoprobe3" error: "Success" reading key "dev.parport.parport0.autoprobe2" error: "Success" reading key "dev.parport.parport0.autoprobe1" error: "Success" reading key "dev.parport.parport0.autoprobe0" error: "Success" reading key "dev.parport.parport0.autoprobe" error: "Operation not permitted" reading key "net.ipv4.route.flush" sunrpc.max_resvport = 1023 sunrpc.min_resvport = 650 sunrpc.tcp_slot_table_entries = 16 sunrpc.udp_slot_table_entries = 16 sunrpc.nlm_debug = 0 sunrpc.nfsd_debug = 0 sunrpc.nfs_debug = 65535 sunrpc.rpc_debug = 65535 gs ~ # The log on the vserver-host: Sep 27 22:13:18 gs rpciod_up: users 0 Sep 27 22:13:18 gs RPC: setting up tcp-ipv4 transport... Sep 27 22:13:18 gs RPC: created transport cf91b400 with 16 slots Sep 27 22:13:18 gs RPC: xprt_create_proto created xprt cf91b400 Sep 27 22:13:18 gs RPC: creating nfs client for 192.168.39.1 (xprt cf91b400) Sep 27 22:13:18 gs RPC: destroying transport cf91b400 Sep 27 22:13:18 gs RPC: xs_destroy xprt cf91b400 Sep 27 22:13:18 gs RPC: disconnected transport cf91b400 Sep 27 22:13:18 gs nfs_create_client: cannot create RPC client. Error = -812534784 Sep 27 22:13:18 gs rpciod_down sema 1 Sep 27 22:13:18 gs nfs_get_sb: bad mount version ( ) This doesn't semm to look good? Attached the tcpdump. > > could you try with a v3,tcp mount too? The trace of the mount inside the vs: vs01 / # strace mount 192.168.39.1:/home /home -o nfsvers=3,nolock,tcp execve("/bin/mount", ["mount", "192.168.39.1:/home", "/home", "-o", "nfsvers=3,nolock,tcp"], [/* 26 vars */]) = 0 uname({sys="Linux", node="vs01", ...}) = 0 brk(0) = 0x8063000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f4e000 close(3)= 0 open("/lib/libblkid.so.1", O_RDONLY)= 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f46000 mmap2(0xb7f4d000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 3, 0x6) = 0xb7f4d000 close(3)= 0 open("/lib/libuuid.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f45000 mmap2(NULL, 11544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f42000 mmap2(0xb7f44000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 3, 0x1) = 0xb7f44000 close(3)= 0 open("/lib/libc.so.6", O_RDONLY)= 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240T\1"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=122, ...}) = 0 mmap2(NULL, 1158452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7e27000 mmap2(0xb7f3c000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 3, 0x115) = 0xb7f3c000 mmap2(0xb7f4, 7476, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_ANONYMOUS, -1, 0) = 0xb7f4 close(3)= 0 mprotect(0xb7f3c000, 4096, PROT_READ) = 0 mprotect(0xb7f64000, 4096,
Re: [Vserver] how to set capabilities in Debian
On Wed, Sep 27, 2006 at 11:54:40AM +0200, Wilhelm Meier wrote: > Am Dienstag, 26. September 2006 18:05 schrieb Herbert Poetzl: > > On Tue, Sep 26, 2006 at 11:50:57AM +0200, Wilhelm Meier wrote: > > > Am Dienstag, 26. September 2006 11:10 schrieb Jim Wight: > > > > On Sat, 2006-09-23 at 18:40 +0200, Herbert Poetzl wrote: > > > > > c) why would you want to add CAP_SYS_ADMIN to a guest? > > > > > > > > Taking 'you' in the sense of 'anyone', I would say for NFS. > > > > > > > > I don't want to hijack this thread, so can I refer you to one > > > > started by Wilhelm Meier on 13th Sep entitled 'How do I nfs-mount > > > > inside a vserver?', and which has gone quiet without being resolved. > > > > > > Thank you for reactivating! > > > > it was not forgot, it is on my todo list ... > > > > unfortunately I have no test systems available > > ATM to test an nfs setup, but I will try to > > recreate the setup with a QEMU network shortly > > > > > > I have never > > > > been able to get NFS to work without using CAP_SYS_ADMIN, even after > > > > upgrading to 2.6.17.11-vs2.0.2/0.30.210, > > > > > > Seems to be still impossible in dev-branch vs2.1.1 (BINARY_MOUNT > > > should do the job but doesn't) > > > > in general, the answers to the following questions > > could be very helpful: > > > > - what NFS version and tcp or udp? > > - what is the actual error you get? > > - tcpdump of the ongoing negotiation? > > - logs on both, client and filer with the > >appropriate sysctl debug options enabled > >sunrpc.nfsd_debug (filer) > >sunrpc.nfs_debug (client) > >sunrpc.rpc_debug (both) > > O.k., here comes the information: > > On the NFS-Server (h242-meier): > > H242-meier vserver.nfs # rpcinfo -p >program vers proto port > 102 tcp111 portmapper > 102 udp111 portmapper > 1000241 udp 33321 status > 1000241 tcp 32804 status > 1000111 udp 4003 rquotad > 1000112 udp 4003 rquotad > 1000111 tcp 4003 rquotad > 1000112 tcp 4003 rquotad > 132 udp 2049 nfs > 133 udp 2049 nfs > 134 udp 2049 nfs > 132 tcp 2049 nfs > 133 tcp 2049 nfs > 134 tcp 2049 nfs > 1000211 udp 33322 nlockmgr > 1000213 udp 33322 nlockmgr > 1000214 udp 33322 nlockmgr > 1000211 tcp 32805 nlockmgr > 1000213 tcp 32805 nlockmgr > 1000214 tcp 32805 nlockmgr > 151 udp772 mountd > 151 tcp775 mountd > 152 udp772 mountd > 152 tcp775 mountd > 153 udp772 mountd > 153 tcp775 mountd > H242-meier vserver.nfs # sysctl -a | grep sun > error: "Operation not permitted" reading key "net.ipv4.route.flush" > sunrpc.tcp_slot_table_entries = 16 > sunrpc.udp_slot_table_entries = 16 > sunrpc.nlm_debug = 0 > sunrpc.nfsd_debug = 1 > sunrpc.nfs_debug = 0 > sunrpc.rpc_debug = 1 different values here will enable different debug output, I would prefer something like 65535 there (which will enable full output) > H242-meier vserver.nfs # > > extracted from the log on the nfs-server when the vs tries to mount: > > Sep 27 11:46:42 H242-meier device vmnet1 entered promiscuous mode > Sep 27 11:46:58 H242-meier rpc.mountd: MNT3(/home) called > Sep 27 11:46:58 H242-meier rpc.mountd: authenticated mount request from > vs01:637 for /home (/home) > Sep 27 11:46:58 H242-meier rpc.mountd: MNT1(/home) called > Sep 27 11:46:58 H242-meier rpc.mountd: authenticated mount request from > vs01:641 for /home (/home) > Sep 27 11:47:07 H242-meier device vmnet1 left promiscuous mode > > The tcpdump of the conversation is in the attached file. > > The error inside the vs (vs01) is the following: > > vs01 / # mount 192.168.39.1:/home /home -o nolock,tcp > mount: permission denied so that is udp, v2 or v3 then? could you try with a v3,tcp mount too? > vs01 / # > > The trace of this command: > > vs01 / # strace mount 192.168.39.1:/home /home -o nolock,tcp > execve("/bin/mount", > ["mount", "192.168.39.1:/home", "/home", "-o", "nolock,tcp"], [/* 26 vars > */]) = 0 > uname({sys="Linux", node="vs01", ...}) = 0 > brk(0) = 0x8063000 > access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or > directory) > open("/etc/ld.so.cache", O_RDONLY) = 3 > fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 > mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f76000 > close(3)= 0 > open("/lib/libblkid.so.1", O_RDONLY)= 3 > read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) = > 512 > fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 > mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = > 0xb7f6e000 > mmap2(0xb7f75000, 4096, PROT_READ|PROT_WRITE, MAP_PRIV
Re: [Vserver] how to set capabilities in Debian
Am Dienstag, 26. September 2006 18:05 schrieb Herbert Poetzl: > On Tue, Sep 26, 2006 at 11:50:57AM +0200, Wilhelm Meier wrote: > > Am Dienstag, 26. September 2006 11:10 schrieb Jim Wight: > > > On Sat, 2006-09-23 at 18:40 +0200, Herbert Poetzl wrote: > > > > c) why would you want to add CAP_SYS_ADMIN to a guest? > > > > > > Taking 'you' in the sense of 'anyone', I would say for NFS. > > > > > > I don't want to hijack this thread, so can I refer you to one > > > started by Wilhelm Meier on 13th Sep entitled 'How do I nfs-mount > > > inside a vserver?', and which has gone quiet without being resolved. > > > > Thank you for reactivating! > > it was not forgot, it is on my todo list ... > > unfortunately I have no test systems available > ATM to test an nfs setup, but I will try to > recreate the setup with a QEMU network shortly > > > > I have never > > > been able to get NFS to work without using CAP_SYS_ADMIN, even after > > > upgrading to 2.6.17.11-vs2.0.2/0.30.210, > > > > Seems to be still impossible in dev-branch vs2.1.1 (BINARY_MOUNT > > should do the job but doesn't) > > in general, the answers to the following questions > could be very helpful: > > - what NFS version and tcp or udp? > - what is the actual error you get? > - tcpdump of the ongoing negotiation? > - logs on both, client and filer with the >appropriate sysctl debug options enabled >sunrpc.nfsd_debug (filer) >sunrpc.nfs_debug (client) >sunrpc.rpc_debug (both) O.k., here comes the information: On the NFS-Server (h242-meier): H242-meier vserver.nfs # rpcinfo -p program vers proto port 102 tcp111 portmapper 102 udp111 portmapper 1000241 udp 33321 status 1000241 tcp 32804 status 1000111 udp 4003 rquotad 1000112 udp 4003 rquotad 1000111 tcp 4003 rquotad 1000112 tcp 4003 rquotad 132 udp 2049 nfs 133 udp 2049 nfs 134 udp 2049 nfs 132 tcp 2049 nfs 133 tcp 2049 nfs 134 tcp 2049 nfs 1000211 udp 33322 nlockmgr 1000213 udp 33322 nlockmgr 1000214 udp 33322 nlockmgr 1000211 tcp 32805 nlockmgr 1000213 tcp 32805 nlockmgr 1000214 tcp 32805 nlockmgr 151 udp772 mountd 151 tcp775 mountd 152 udp772 mountd 152 tcp775 mountd 153 udp772 mountd 153 tcp775 mountd H242-meier vserver.nfs # sysctl -a | grep sun error: "Operation not permitted" reading key "net.ipv4.route.flush" sunrpc.tcp_slot_table_entries = 16 sunrpc.udp_slot_table_entries = 16 sunrpc.nlm_debug = 0 sunrpc.nfsd_debug = 1 sunrpc.nfs_debug = 0 sunrpc.rpc_debug = 1 H242-meier vserver.nfs # extracted from the log on the nfs-server when the vs tries to mount: Sep 27 11:46:42 H242-meier device vmnet1 entered promiscuous mode Sep 27 11:46:58 H242-meier rpc.mountd: MNT3(/home) called Sep 27 11:46:58 H242-meier rpc.mountd: authenticated mount request from vs01:637 for /home (/home) Sep 27 11:46:58 H242-meier rpc.mountd: MNT1(/home) called Sep 27 11:46:58 H242-meier rpc.mountd: authenticated mount request from vs01:641 for /home (/home) Sep 27 11:47:07 H242-meier device vmnet1 left promiscuous mode The tcpdump of the conversation is in the attached file. The error inside the vs (vs01) is the following: vs01 / # mount 192.168.39.1:/home /home -o nolock,tcp mount: permission denied vs01 / # The trace of this command: vs01 / # strace mount 192.168.39.1:/home /home -o nolock,tcp execve("/bin/mount", ["mount", "192.168.39.1:/home", "/home", "-o", "nolock,tcp"], [/* 26 vars */]) = 0 uname({sys="Linux", node="vs01", ...}) = 0 brk(0) = 0x8063000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat64(3, {st_mode=S_IFREG|0644, st_size=12117, ...}) = 0 mmap2(NULL, 12117, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f76000 close(3)= 0 open("/lib/libblkid.so.1", O_RDONLY)= 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\35\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=28764, ...}) = 0 mmap2(NULL, 30740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f6e000 mmap2(0xb7f75000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED| MAP_DENYWRITE, 3, 0x6) = 0xb7f75000 close(3)= 0 open("/lib/libuuid.so.1", O_RDONLY) = 3 read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320\n\0"..., 512) = 512 fstat64(3, {st_mode=S_IFREG|0755, st_size=9600, ...}) = 0 mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f6d000 mmap2(NULL, 11544, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7f6a000 mmap2(0xb7f6c000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|
Re: [Vserver] how to set capabilities in Debian
On Tue, Sep 26, 2006 at 11:50:57AM +0200, Wilhelm Meier wrote: > Am Dienstag, 26. September 2006 11:10 schrieb Jim Wight: > > On Sat, 2006-09-23 at 18:40 +0200, Herbert Poetzl wrote: > > > c) why would you want to add CAP_SYS_ADMIN to a guest? > > > > Taking 'you' in the sense of 'anyone', I would say for NFS. > > > > I don't want to hijack this thread, so can I refer you to one > > started by Wilhelm Meier on 13th Sep entitled 'How do I nfs-mount > > inside a vserver?', and which has gone quiet without being resolved. > > Thank you for reactivating! it was not forgot, it is on my todo list ... unfortunately I have no test systems available ATM to test an nfs setup, but I will try to recreate the setup with a QEMU network shortly > > I have never > > been able to get NFS to work without using CAP_SYS_ADMIN, even after > > upgrading to 2.6.17.11-vs2.0.2/0.30.210, > Seems to be still impossible in dev-branch vs2.1.1 (BINARY_MOUNT > should do the job but doesn't) in general, the answers to the following questions could be very helpful: - what NFS version and tcp or udp? - what is the actual error you get? - tcpdump of the ongoing negotiation? - logs on both, client and filer with the appropriate sysctl debug options enabled sunrpc.nfsd_debug (filer) sunrpc.nfs_debug (client) sunrpc.rpc_debug (both) TIA, Herbert > > and was on the point of raising the matter when that thread > > appeared. I too would like to know the circumstances under which NFS > > mounting can be achieved without resorting to CAP_SYS_ADMIN. > > Jim ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] how to set capabilities in Debian
On Sat, 2006-09-23 at 18:40 +0200, Herbert Poetzl wrote: > c) why would you want to add CAP_SYS_ADMIN to a guest? Taking 'you' in the sense of 'anyone', I would say for NFS. I don't want to hijack this thread, so can I refer you to one started by Wilhelm Meier on 13th Sep entitled 'How do I nfs-mount inside a vserver?', and which has gone quiet without being resolved. I have never been able to get NFS to work without using CAP_SYS_ADMIN, even after upgrading to 2.6.17.11-vs2.0.2/0.30.210, and was on the point of raising the matter when that thread appeared. I too would like to know the circumstances under which NFS mounting can be achieved without resorting to CAP_SYS_ADMIN. Jim ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] how to set capabilities in Debian
Am Dienstag, 26. September 2006 11:10 schrieb Jim Wight: > On Sat, 2006-09-23 at 18:40 +0200, Herbert Poetzl wrote: > > c) why would you want to add CAP_SYS_ADMIN to a guest? > > Taking 'you' in the sense of 'anyone', I would say for NFS. > > I don't want to hijack this thread, so can I refer you to one started by > Wilhelm Meier on 13th Sep entitled 'How do I nfs-mount inside a > vserver?', and which has gone quiet without being resolved. Thank you for reactivating! > I have never > been able to get NFS to work without using CAP_SYS_ADMIN, even after > upgrading to 2.6.17.11-vs2.0.2/0.30.210, Seems to be still impossible in dev-branch vs2.1.1 (BINARY_MOUNT should do the job but doesn't) > and was on the point of raising > the matter when that thread appeared. I too would like to know the > circumstances under which NFS mounting can be achieved without resorting > to CAP_SYS_ADMIN. > > Jim > > > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver -- Wilhelm ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
Re: [Vserver] how to set capabilities in Debian
On Fri, Sep 22, 2006 at 09:09:19PM +0100, Konstantinos Pachopoulos wrote: > Hi, > while searching i saw that by editing the following > files one can set the capabilities in Debian > /etc/vservers/vserver-name/bcapabilities > /etc/vservers/vserver-name/ccapabilities. > However, trying with CAP_SYS_ADMIN doesn't seem to > make any difference. Any advice? a) did you add it to bcapabilities or ccapabilities (the correct one for CAP_SYS_ADMIN is the former) b) did you restart the guest afterwards? c) why would you want to add CAP_SYS_ADMIN to a guest? best, Herbert > Thanks > > ___ > All new Yahoo! Mail "The new Interface is stunning in its simplicity and ease > of use." - PC Magazine > http://uk.docs.yahoo.com/nowyoucan.html > ___ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver ___ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver