On Tue, 6 Feb 2007 05:42:48 +0100, Herbert Poetzl wrote: >On Mon, Feb 05, 2007 at 01:14:24PM +0000, Lyn St George wrote: >> Hallo all >> >> I've just had a hard disk replaced with a fresh installtion of >> CentOS4.4 and so I also built a new kernel, and for the first >> time am getting this error: >> chcontext: vc_new_s_context(): Operation not permitted >> when trying to enter or stop a vserver. > >EPERM means that you do not have the proper >capability (CAP_SYS_ADMIN and xid=0) or that >the guest is running with VX_INFO_PRIVATE > >(probably the latter is true in your case) > >> Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The >> vservers are using the legacy configs, ie a single config >> file under /etc/vservers per vserver. > >this config is deprecated for a long time now >(several years, IIRC, please upgrade that) > >> Tools are built with 'ALL' as the target apis. >> >> This host is using LVM, and while I can't see how this could >> contribute towards this problem I can't see anything else >> that is different from all other kernels and installations that >> have gone without a hitch. > >I guess you have this one enabled: > CONFIG_VSERVER_PRIVACY=y > >which is on by default, and honored with >new tools/configs ... probably not correctly >by the old legacy interfaces though ... > >> The testme.sh script shows that everything tested is OK. >> At the moment these vservers are not working properly, ie >> they don't start up most daemons and I have to enter them >> with chroot and manually get things going. A 'ps ax' shows >> all the host's processes visible inside the vserver, so plainly >> the separation has failed. > >that is jumping to conclusions, as chroot will >not change the process context, so naturally >you will see host processess ... > >> Would anyone have any clues to point me to a solution? > >fast solution: disable the privacy >long term solution: upgrade to the new config
In the end, it seems that it was LVM. I eventually found this page: http://oldwiki.linux-vserver.org/Step-by-Step+Guide+2.6 which specifically mentions that LVM needs a different configuration. So I did that - and with the new-style config so the LVM fix would work - and now the vservers start and can be entered properly. They still don't stop properly, and 'ps -ax' does not show all processes, so I guess things need to be tweaked. But at least they run. >HTH, >Herbert - Lyn _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver
