On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote: > hello, > even trying to traceroute -I is still giving that same error message. > What could be wrong? Do I need to set some extra ccapabilities? > > Also, what does the --secure option of the vattribute do ?
that really depends on the tool version, which one do you have? usually it removes most capabilites from the guest best, Herbert > > Regards, > -Nikolay Kichukov > > ----- Original Message ----- > From: "Xavier Montagutelli" <[EMAIL PROTECTED]> > To: <vserver@list.linux-vserver.org> > Sent: Thursday, April 20, 2006 3:33 PM > Subject: Re: [Vserver] vserver traceroute > > > > On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote: > > > Hello guys, > > > Thanks for the advice, and sorry for taking me so long to respond. > > > > > > I tried setting: > > > > > > host# vattribute --set --xid <xid> --secure --ccap raw_icmp > > > > > > and when i try to traceroute a host I am again getting: > > > > > > traceroute: raw socket: Operation not permitted > > > > On my debian box, traceroute use by default UDP packets, not ICMP packets. > > > > Try "-I icmp" to use icmp. > > > > > > > > Any further ideas? > > > > > > Another problem has now appeared: > > > When i try to ssh to the guest sshd, i am getting the following error: > > > > > > fatal: chroot("/var/run/sshd"): Operation not permitted > > > > > > /var/run/sshd is rwx for root and r-x for the group and others > > > > > > Any ideas? > > > > > > Additional info: > > > > > > util-vserver 0.30.209-2 debian package > > > kernel 1.6.14.4-vs2.1.0 > > > > > > On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote: > > > > Nikolay Kichukov wrote: > > > > > Hi, > > > > > Thanks for the advise, > > > > > I'd like to test that and I already have raw_icmp in the flags file > for > > > > > the vserver, but is there a way i can set that without rebooting the > > > > > vserver? > > > > > > > > It's a context capability, so you should put it in ccapabilities file. > > > > > > > > > I've searched for information about chcontext and did not find a lot > > > > > about setting those caps and flags dynamically. Is that possible? If > > > > > yes, how? > > > > > > > > vattribute --set --xid <name or xid of the guest> --secure --ccap > > > > raw_icmp (add additional --bcaps here if you have any, as they'll be > > > > reset otherwise) > > > > > > > > > Also, another question is, i have already created(built) the vserver > > > > > without --context NNN, and now I would like to get the vserver > running > > > > > only in a specified context, ie. 444. How can i implement that? > > > > > > > > echo NNN > /etc/vservers/<name>/context > > > > > > > > http://www.nongnu.org/util-vserver/doc/conf/configuration.html > > > > > > _______________________________________________ > > > Vserver mailing list > > > Vserver@list.linux-vserver.org > > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > -- > > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20 > > Service Commun Informatique Fax : +33 (0)5 55 45 77 60 > > Universite de Limoges > > 123, avenue Albert Thomas > > 87060 Limoges cedex > > _______________________________________________ > > Vserver mailing list > > Vserver@list.linux-vserver.org > > http://list.linux-vserver.org/mailman/listinfo/vserver > > > > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver