Re: [Vserver] nfs mount

Xavier Montagutelli Tue, 04 Apr 2006 14:36:27 -0700

On Tuesday 04 April 2006 18:40, Herbert Poetzl wrote:
> On Tue, Apr 04, 2006 at 01:27:43PM +0200, Albert Shih wrote:
> > Hi all
> >
> > I want my guest (yes the guest) mount some nfs partition from  my central
> > NFS server.
> >
> > When I try this I got this message
> >
> > mount: permission denied
>
> you are very likely missing the secure_mount and
> binary_mount context capabilities for your guest,
> (see http://linux-vserver.org/Caps+and+Flags)


Just to be sure (personally, I don't use NFS inside a guest), I tried that :

[EMAIL PROTECTED] ~]# cat /etc/vservers/esup-test/ccapabilities
BINARY_MOUNT
SECURE_MOUNT

[EMAIL PROTECTED] ~]# cat /proc/virtual/206/status
UseCnt: 48
Tasks:  24
Flags:  00000002020f0010
BCaps:  00000000344c04ff
CCaps:  0000000000050101
Ticks:  0

[EMAIL PROTECTED] ~]# vserver esup-test enter

[EMAIL PROTECTED] /]# mount auth:/usr/local/dataprotector /tmp/a
mount: permission denied

Ethereal shows my NFS server responding with "Status: OK". I can mount the 
share, exported to '*(ro,no_root_squash,insecure)', on the host.

Are there other requisities ? 

If I give the SYS_ADMIN capability, it works (but of course, I don't want 
that ;-)
Even "vattribute --bcap 0xFFFFFFFF --ccap 0xFFFFFFFF" is not enough ...


[EMAIL PROTECTED] ~]# vserver-info
Versions:
                   Kernel: 2.6.12.4-vs2.0-redhat
                   VS-API: 0x00020001
             util-vserver: 0.30.208; Sep 20 2005, 19:04:20

The same occurs on another host :

[EMAIL PROTECTED] ~]# vserver-info
Versions:
                   Kernel: 2.6.14.6-vs2.1.0-www
                   VS-API: 0x00020001
             util-vserver: 0.30.210; Feb 16 2006, 11:23:06


>
> > What's wrong ?
> >
> > I've google and some message tell me that's no really good idea to do
> > this because the guest can make new /dev. But I «don't care» because I
> > need nfs (home-dir).
>
> well, that's not the problem, secure_mount will
> take care of that by adding the nodev option,
> but still, if the server goes away, your host
> will experience timeouts, so it should be a
> trusted scenario for the guests ...
>
> HTH,
> Herbert
>
> > Any one can help me ?
> >
> > Regards.
> > --
> > Albert SHIH
> > Universite de Paris 7 (Denis DIDEROT)
> > U.F.R. de Mathematiques.
> > 7 ième étage, plateau D, bureau 10
> > Heure local/Local time:
> > Tue Apr 4 13:25:36 CEST 2006
> > _______________________________________________
> > Vserver mailing list
> > [email protected]
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> [email protected]
> http://list.linux-vserver.org/mailman/listinfo/vserver

-- 
Xavier Montagutelli                      Tel : +33 (0)5 55 45 77 20
Service Commun Informatique              Fax : +33 (0)5 55 45 77 60
Universite de Limoges
123, avenue Albert Thomas
87060 Limoges cedex
_______________________________________________
Vserver mailing list
[email protected]
http://list.linux-vserver.org/mailman/listinfo/vserver

Re: [Vserver] nfs mount

Reply via email to