On Wed, 2003-07-23 at 03:19, Herbert Pötzl wrote: > On Tue, Jul 22, 2003 at 11:06:15PM -1000, Warren Togami wrote: > > [EMAIL PROTECTED] root]# vserver test4 enter > > /usr/sbin/vserver: line 586: ulimit: max user processes: cannot modify > > limit: Invalid argument > > ipv4root is now 10.0.0.12 > > New security context is 11 > > > > Upgraded from 2.4.20-ctx17 to 2.4.22-pre7-ctx17 and I now see this error > > message when I enter a vserver. Is this a known bug? Serious? > > hmm, a few questions *grin* > > - do you use Jacques patch(es)? if yes which one(s)? > - what is in your /etc/vservers/test4.conf file? > - which vserver tools are you using 0.22 or 0.23? > > best, > Herbert > > > Warren > >
http://www.13thfloor.at/VServer/Patches.shtml Running patch-2.4.22-pre7-ctx17.diff.bz2 vserver-0.22 tools. # Select an unused context (this is optional) # The default is to allocate a free context on the fly # In general you don't need to force a context #S_CONTEXT= # Select the IP number assigned to the virtual server # This IP must be one IP of the server, either an interface # or an IP alias IPROOT=10.0.0.12 # The netmask and broadcast are computed by default from IPROOTDEV #IPROOTMASK= #IPROOTBCAST= # You can define on which device the IP alias will be done # The IP alias will be set when the server is started and unset # when the server is stopped #IPROOTDEV=eth0 # Uncomment the onboot line if you want to enable this # virtual server at boot time ONBOOT=yes # You can set a different host name for the vserver # If empty, the host name of the main server is used S_HOSTNAME=test4 # You can set a different NIS domain for the vserver # If empty, the current on is kept # Set it to "none" to have no NIS domain set S_DOMAINNAME= # You can set the priority level (nice) of all process in the vserver # Even root won't be able to raise it S_NICE= # You can set various flags for the new security context # lock: Prevent the vserver from setting new security context # sched: Merge scheduler priority of all processes in the vserver # so that it acts a like a single one. # nproc: Limit the number of processes in the vserver according to ulimit # (instead of a per user limit, this becomes a per vserver limit) # private: No other process can join this security context. Even root # Do not forget the quotes around the flags S_FLAGS="lock nproc" # You can set various ulimit flags and they will be inherited by the # vserver. You enter here various command line argument of ulimit # ULIMIT="-H -u 200" # The example above, combined with the nproc S_FLAGS will limit the # vserver to a maximum of 200 processes ULIMIT="-H -u 1000" # You can set various capabilities. By default, the vserver are run # with a limited set, so you can let root run in a vserver and not # worry about it. He can't take over the machine. In some cases # you can to give a little more capabilities (such as CAP_NET_RAW) # S_CAPS="CAP_NET_RAW" S_CAPS=""
