On Sat, Mar 06, 2004 at 03:44:01AM +0100, Bjoern Steinbrink wrote: > On Sat, 2004-03-06 at 03:19, Kern Wolfgang wrote: > > Hello folks, > > > > today i have updated one of our development servers to kernel 2.4.25 > > and vs-1.26 with enricos util-vserver-0.29 and have some problems. > > > > After we build up a v-child all works fine, if i would like to start > > one of the new build up v-childs it tells me only this: > > > > developmuc01:/# vserver vm1 start > > Starting the virtual server vm1 > > Server vm1 is not running > > ipv4root is now 192.168.1.31 > > Host name is now vm1 > > New security context is 49159 > > developmuc01:/#
this means, that for whatever reason no runlevel scripts where executed, maybe none are selected, maybe the config is just wrong ... > > developmuc01:/# vserver-stat > > > > CTX PROC VSZ RSS userTIME sysTIME UPTIME NAME > > DESCRIPTION > > > > 0 34 802MB 15kB 4m32.51 1m22.41 8h26m11 root server > > > IIRC vserver-stat works by looking at the processes and in what context > they are running, so when no processes are started in a context, > vserver-stat won't show that context correct, no daemons started inside the vserver, so no vserver context information will be shown ... > > It seems like no vm1 v-child is running. But i can enter and ping this > > v-child without problems. > You can always enter a vServer, upon entering you basically just get a > bash in the context of the vServer, not matter if it is running or not. > The vServer is pingable, as the script brings up the interface (or just > adds an adress to an existing interface, don't know what's true f�r > 0.29) upon starting the vServer. Normally that interface is brought down > when stopping the vServer but as the vServer does not start any process, > the script thinks it is already stopped. (To Enrico: Is there anything i > don't know that fixes this case?) > > So we need the output from ???vserver-stat??? for our PBVSC (PHP Based > > vServer Control). If i would like to stop this v-child it tells me: > > > > developmuc01:/# vserver vm1 stop > > Stopping the virtual server vm1 > > Server vm1 is not running which is true, as there are no processes ... > > But it???s still pingable and i can enter it??? oh one thing, why only > > root can ping? ;) > > > > developmuc01:/# vserver vm1 enter > > ipv4root is now 192.168.1.31 > > Host name is now vm1 > > New security context is 49159 > > [EMAIL PROTECTED]:/# ping 192.168.1.1 > > ping: ping must run as root > > > The vServer 'lacks' the CAP_NET_RAW capability, actually this is a good > thing. You won't need this cap and it is a security leak as it allows > sniffing on the network interface. IIRC there was hping2 or something > that you can use instead of ping. comment: ping is evil, in that way, that it builds the icmp packets itself, which requires a raw socket which in turn requires CAP_NET_RAW, which makes the vserver somewhat insecure ... > Bj�rn HTH, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
