Hi all!
Here the list from Paul, with my comments where appropriate ;) ]Needs fixing: as of 2003 Jan 26 Paul Sladen <[EMAIL PROTECTED]> okay, maybe an update should be done, paul? ](This is kernel side stuff considered, not userspace) I'll comment on that one by one ... ]------------------------------------------- ] ]PS Tools. ] ]ps wants to read the System.map, so it looks for: ] ]$PS_SYSTEM_MAP ]/boot/System.map-`uname -r` ]/boot/System.map ]/lib/modules/`uname -r`/System.map ]/usr/src/linux/System.map hmm, and how does the System.map get there on a 'normal' server, I assume it is written to this location, right? so why not just copy it there, so everybody should be happy again ... by the way, my ps doesn't show this behaviour # strace -F ps 2>&1 | grep System ]fix: could we fake this under `/proc' and then link to it? why should we put userspace data into the kernel? ]------------------------------------------- ] ]Nmap. ] ]nmap needs help finding the default Interface and IP. ] ]Failed to lookup device subnet/netmask: SIOCGIFADDR: eth0: Cannot assign requested address ]Failed to lookup device subnet/netmask: eth0: no IPv4 address assigned ]I cannot figure out what source address to use for device eth0:foobar, does it even exist? agreed, will hopefully be addressed by the future virtualized network ... ]nmap works fine *if* you do: ] ] % nmap -e eth0:foobar -S 1.2.3.4 target.to.scan.com ] ]------------------------------------------- ] ]Ping. ] ]Ping generates raw IP packets but leaves the kernel to put the headers on. agreed, same answer as above ]This can probably be fixed by doing selection in `ip_route' rather than ]the UDP / TCP functions. ] ]------------------------------------------- ] ]Init. ] ]init tries to bind to the console, it knows about: ] ]/dev/console ]/dev/tty* hmm, any reason for not doing the pip & pipe handler in userspace? this sounds like a typical userspace problem/solution to me .. ]fix: We need to write a fake `console' driver that can pipe to a file. ] ]------------------------------------------- ] ]Quotaing. ] ]Quota calls `ioctl()s' on the `/dev/partition' to get sizes. It also ]calls `sys_quotactl()'. ] ]fix: Provide a fake `root device' and proxy `sys_quotactl()' through ]to userspace. is solved by the vr patches and vr-tools ... http://www.13thfloor.at/vserver/s_addons/vroot/ ]Herbert Po"etzl has done the fake `/dev/root'. ] ] [ http://www.13thfloor.at/VServer/ ] ] ]Q: how does `df' figure out the size of the disk/ CTX-quota? the same way as usual, via sys_statfs() ... ]------------------------------------------- ] ]lsof. ] ]lsof (List open files) tries to stat all the mounted partitions. ] ]It gets these from `/proc/mounts' instead of `/etc/mtab' which we ]already fake. ] ]lsof: WARNING: can't stat() ext2 file system /vservers ] Output information may be incomplete. ]lsof: WARNING: can't stat() proc file system /vservers/hutch/proc ] Output information may be incomplete. ]lsof: WARNING: can't stat() devpts file system /vservers/hutch/dev/pts ] Output information may be incomplete. ]lsof: WARNING: can't stat() proc file system /vservers/muse/proc ] Output information may be incomplete. ]lsof: WARNING: can't stat() devpts file system /vservers/muse/dev/pts ] Output information may be incomplete. ] ](Note: This doesn't stop it working). there is a patch which hides _all_ /proc/mounts entries which should solve this and other issues ... http://vserver.13thfloor.at/Experimental/no-proc-mounts.diff ]fix: fake `/proc/mounts' so that stuff below the current chroot() is ]not shown. ] ]------------------------------------------- ] ]reboot ] ]kernel sys_reboot() replacement for rebootmgr/vreboot ] ]If we start a vserver with fakeinit, it would normally expect to ]shut itself down by called the kernel again. ] ]fix: hook the kernel call and pass it back to userspace to kill the context this is solved starting with devel release vs1.1.3 kernel activates a reboot helper (userspace) which then decides what to do ... (credits go to paul and mark, I presume?) ]Mark Lawrence and Paul Sladen have patches: ] ] [ http://www.paul.sladen.org/vserver/sys_reboot/ ] ] ]------------------------------------------- ]Others: ]-*- -*- -*- -*- -*- -*- -*- -*- -*- -*- -*- ] ]bind(0.0.0.0) ] ]Jacques has two solutions, I prefer the second, should be here RSN(tm) I assume this works now, any examples prooving the oposite? ]fix: anything is just not nice. ] ]------------------------------------------- ] ]private loopback device: (networking) ] ]Currently the "lo" device looks like a piece of shared ethernet. ]eg. all vserver can dump other vserver private loopback communications. will hopefully be solved with the virtualized network too ... ]fix: allow the kernel to route stuff to `dev_loopback' but then ]pipe it to `current->dev_loopback' instead of global loopback. ] ]------------------------------------------- ] ]UDP mangling: ] ]Only TCP mangling was being done to force the source address, this ]showed up when querying bind through localhost. please provide more details, if this isn't in the vserver patches yet ... ]fix: Mark Lawrence patched the `net/ipv4/udp.c' a la TCP ] ]alternative: do it at the lower IP level instead of seperately, see ping above ] ]------------------------------------------- ] ]SSH X Forwarding: ] ]SSHd tries to create the X socket on the `127.0.0.1' which gets broken ]by our current mangling. This should go away once we fix this. virtualized network ]The the mean time with pretty recent OpenSSHd's you can: ] ] echo "X11UseLocalhost no" >> /etc/ssh/sshd_config ] ]------------------------------------------- ] ]private filesystem loopback devices: ] ]If we want to be able to mount floppy-disk images or ISOs within a vserver ]I think we need to provide seperate loopback(s) per vserver? (?) well, I assume you don't want to do this, because if you allow loop devices or ramdisk, you are openeing the system completely ... if you don't care about security, you can just provide the 'default' loop devices ... ]------------------------------------------- ] ]NFS (network filesystem) hmm, well it seems to work for some ... maybe an example what fails? ]This don't work. Userspace NFS client /might/ work. (or will it?) ] ]------------------------------------------- ] ]Midnight Commander/ terminals ]MC causes a segv under vservers; The easist workaround for this is: well, probably a mc issue, and most likely, it's already solved in a newer mc version .. mc-4.5.55-7mdk.i586.rpm runs without any changes for me ... ] $ export TERM=xterm ] $ mc ] ]Thread at: ] ] http://www.paul.sladen.org/vserver/archives/200301/0060.html ] ]<sam villian> Try: ] apt-get install ncurses-term ]or `reportbug libncurses5' :-) ] ]w3m crashes out with: ] ]> stat64("/dev/vc/0", 0xbffff9d0) = -1 ENOENT (No such file or directory) ]> stat64("/dev/tty0", 0xbffff9d0) = -1 ENOENT (No such file or directory) ] ]MC crashes out with: (eg, same thing...) ] ]> getdents64(0x4, 0x80f4158, 0x1000, 0x4) = 0 ]> close(4) = 0 ]> rt_sigaction(SIGWINCH, {0x8075028, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 ]> stat64("/dev/vc/0", 0xbffffa10) = -1 ENOENT (No such file or directory) ]> stat64("/dev/tty0", 0xbffffa10) = -1 ENOENT (No such file or directory) ]> --- SIGSEGV (Segmentation fault) --- ] ]MC good run (TERM=xterm): ] ]> getdents64(0x4, 0x80f4580, 0x1000, 0xa) = 0 ]> close(4) = 0 ]> rt_sigaction(SIGWINCH, {0x8075028, [], SA_RESTART|0x4000000}, {SIG_DFL}, 8) = 0 ]> write(1, "\33[?1001s\33[?1000h", 16) = 16 ]> time(NULL) = 1043624513 ]> time(NULL) = 1043624513 ] ]------------------------------------------- ] ]Binfmt_Misc ] ]Seperate per-context (write-only /proc) to only ]Java and CLR/mono to run nicely hmm, is this useful in any way? (just asking) ]------------------------------------------- so what remains for this list: kernel related: - make virtual network possible - make virtualized lo interface userspace related: - code a userspace reboot helper - code a userspace console logger unrelated: - rethink security (loop/ramdisk) - fix mc and or use sane setup best, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver