[Vserver] vattribute & reducecap usage

Peter V. Saveliev Wed, 24 Aug 2005 00:06:56 -0700

...

8<---------------------------------------------------------------


1st question:

~ # cat /proc/virtual/49159/status 
UseCnt: 24
Tasks:  9
Flags:  0000000300000200
BCaps:  fffffffffffffeff
CCaps:  0000000000000000
Ticks:  0

~ # vattribute --set --xid 49159 --bcap !CAP_MKNOD 

~ # cat /proc/virtual/49159/status 
UseCnt: 24
Tasks:  9
Flags:  0000000300000200
BCaps:  0000000000000000
CCaps:  0000000000000000
Ticks:  0

what's wrong?

8<---------------------------------------------------------------

2nd question: I have two virtual servers. The first starts with:
chbind    --ip 192.168.213.103 -- \
        vcontext --create -- \
        vsched  --fill-rate 95 --interval 100 --tokens-max 200 --tokens 100  -- 
\
        vuname --xid self --set -t nodename=peet.spb.ru -- \
        vattribute  --flag sched_prio  -- \
        sctxinfo /var/run/rt-network/virtual/peet.spb.ru -- \
        `which env` -i PATH=$PATH  `which vcontext` --migrate-self --endsetup 
-- \
        reducecap --secure -- \
        chroot .  /usr/local/sbin/init -i /dev/initctl -t /etc/inittab

and I've got then:
~ # cat /proc/virtual/49156/status 
UseCnt: 239
Tasks:  66
Flags:  0000000300000200
BCaps:  00000000344c04ff
^^^^^^^^^^^^^^^^^^^
CCaps:  0000000000000000
Ticks:  0

sctxinfo is an sh scripts that saves current xid to the file and exec() string 
after "--"

The second starts:
chbind    --ip 192.168.213.102 -- \
        vcontext --create -- \
        vsched  --fill-rate 95 --interval 100 --tokens-max 200 --tokens 100  -- 
\
        vuname --xid self --set -t nodename=apache2.hst.ru -- \
        vattribute  --flag sched_prio  -- \
        sctxinfo /var/run/rt-network/virtual/apache2.hst.ru -- \
        `which env` -i PATH=$PATH  `which vcontext` --migrate-self --endsetup 
-- \
        reducecap --secure -- \
        chroot .  /usr/local/sbin/init -i /dev/initctl -t /etc/inittab

~ # cat /proc/virtual/49160/status 
UseCnt: 24
Tasks:  9
Flags:  0000000300000200
BCaps:  fffffffffffffeff
^^^^^^^^^^^^^^^^^^^
CCaps:  0000000000000000
Ticks:  0

Why I got normal security in the first case and no security at all in the 
second?


Thanks.
-- 
Peter V. Saveliev
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

[Vserver] vattribute & reducecap usage

Reply via email to