On Tue, Aug 08, 2006 at 11:07:21AM +0200, Oliver Heinz wrote: > Am Montag, 7. August 2006 20:24 schrieb Herbert Poetzl: > > On Mon, Aug 07, 2006 at 12:24:54PM +0200, Oliver Heinz wrote: > > > Am Montag, 7. August 2006 11:42 schrieb Oliver Heinz: > > > > Hi there, > > > > > > > > I want to remount temporarily an noexec filesystem (/tmp) that is > > > > mounted in a vserver. I don't want to change the fstab and restart the > > > > vserver, and I don't want to give the vserver the caps to do it from > > > > within. > > > > > > > > I'm sure there is a way to do that from the root-vserver, right? > > > > > > > > Within the vserver it would be a 'mount -o remount,exec /tmp' > > > > > > > > I found the secure-mount command but did not manage to get it to do > > > > what I wanted. > > > > > > Just found that I forgot to add the second part. Same with Network > > > Interfaces, how cann I add/delete an Interface from the outside to a > > > running vserver. > > > > first, with recent devel kernels and proper tools you > > can add ips to a running guest, given that the guest > > already had at least two ips assigned (single ip > > special casing is still there) > > Why do I need already two IPs assigned?
because a single IP will get special casing if you do not tell the guest otherwise, which makes it impossible for already bound services to accomodate to a new ip > > now, 'how' to do that depends on the tools you use, > > but basically its a single command which adds or removes > > a single ip ... > > I tried a > vnamespace -e service ip addr add 172.29.50.163/24 brd 172.29.50.255 > dev eth1 to add an interface to the guest called service > > But this is probably the wrong command :-( yep, vnamespace enters the 'file system namespace' for that guest, which is not really related to ips as you figured > I get an additional ip that is shown on the root-vserver > > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:0e:0c:71:0f:8e brd ff:ff:ff:ff:ff:ff > inet 172.29.50.100/24 brd 172.29.50.255 scope global eth1 > inet 172.29.50.199/24 brd 172.29.50.255 scope global secondary eth1 > ... > inet 172.29.50.163/24 brd 172.29.50.255 scope global secondary eth1 > > But no new interface is shown inside the guest: > > [EMAIL PROTECTED]:/etc/snappy# vserver service enter > service:/# ip addr show > 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 > link/ether 00:0e:0c:71:0f:8e brd ff:ff:ff:ff:ff:ff > inet 172.29.50.199/24 brd 172.29.50.255 scope global secondary eth1 > > I'm running: > Kernel: 2.6.16.25-vs2.0.2-rc20-grsec2.1.9 > VS-API: 0x00020001 > util-vserver: 0.30.210; Mar 3 2006, 14:06:42 with vserver-utils (according to Hollow): nx -add-addr <nid> <ip>/<prefix> with vcmd (hack tool): vcmd -i <nid> -C net_add .type=1 .count=1 .ip[0]=<ip> .mask=<mask> note: (older) vcmd takes the if/mask as dotted quad, but in reverse order (fixed in newer version) HTH, Herbert > TIA, > Oliver > _______________________________________________ > Vserver mailing list > Vserver@list.linux-vserver.org > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver