About this list Date view Thread view Subject view Author view Attachment view

From: Mauro Luzi (linux_at_sanmarcoinformatica.it)
Date: Thu 02 Jan 2003 - 11:07:56 GMT


On Sun, 2002-12-29 at 02:44, edward_at_DigitalAngel.com.au wrote:
> Hi Mauro,
>
> It appears that pppd needs the following extra privileges:
>
> S_CAPS="CAP_SYS_TTY_CONFIG CAP_NET_ADMIN CAP_NET_RAW CAP_SYS_ADMIN"
>
> If you modify your vserver conf file and put the above line in there, pppd should work ok.
>
> However, the power of root inside vserver with the above capabilities would be fairly close to
> that of the root server so it may not be the most secure thing to do because one could do
> a lot of damage to the host system from inside such vserver when compromised
> (particularly with CAP_SYS_ADMIN and CAP_NET_ADMIN enabled)
>
> hth
> Ed

Thanks for your help, but with this option I have another error:

Dec 30 10:49:10 vpnsist pptpd[6798]: CTRL: Starting call (launching
pppd, opening GRE)
Dec 30 10:49:10 vpnsist pptpd[6798]: CTRL: pty_fd = 5
Dec 30 10:49:10 vpnsist pptpd[6798]: CTRL: tty_fd = 6
Dec 30 10:49:10 vpnsist pptpd[6798]: CTRL: I wrote 32 bytes to the
client.
Dec 30 10:49:10 vpnsist pptpd[6799]: CTRL (PPPD Launcher): Connection
speed = 115200
Dec 30 10:49:10 vpnsist pptpd[6799]: CTRL (PPPD Launcher): local address
= 10.0.0.1
Dec 30 10:49:10 vpnsist pptpd[6799]: CTRL (PPPD Launcher): remote
address = 10.0.0.101
Dec 30 10:49:10 vpnsist pptpd[6798]: CTRL: Sent packet to client
Dec 30 10:49:10 vpnsist pppd[6799]: pppd 2.4.1 started by root, uid 0
Dec 30 10:49:10 vpnsist pppd[6799]: Using interface ppp0
Dec 30 10:49:10 vpnsist pppd[6799]: Connect: ppp0 <--> /dev/pts/0
Dec 30 10:49:14 vpnsist pppd[6799]: MSCHAP-v2 peer authentication
succeeded for uservpn
--> Dec 30 10:49:16 vpnsist pppd[6799]: ioctl(SIOCSIFDSTADDR): Cannot
assign requested address(99)
--> Dec 30 10:49:16 vpnsist pppd[6799]: ioctl(SIOCSIFFLAGS): Cannot
assign requested address(99)
--> Dec 30 10:49:16 vpnsist pppd[6799]: ioctl(SIOCSIFADDR): Cannot
assign requested address(99)
Dec 30 10:49:17 vpnsist pppd[6799]: Connection terminated.
Dec 30 10:49:17 vpnsist pppd[6799]: Connect time 0.2 minutes.
Dec 30 10:49:17 vpnsist pppd[6799]: Sent 99 bytes, received 75 bytes.
Dec 30 10:49:17 vpnsist pppd[6799]: Exit.
Dec 30 10:49:17 vpnsist pptpd[6798]: Error reading from pppd:
Input/output error
Dec 30 10:49:17 vpnsist pptpd[6798]: CTRL: GRE read or PTY write failed
(gre,pty)=(6,5)
Dec 30 10:49:17 vpnsist pptpd[6798]: CTRL: Client 212.141.244.2 control
connection finished
Dec 30 10:49:17 vpnsist pptpd[6798]: CTRL: Exiting now
Dec 30 10:49:17 vpnsist pptpd[4529]: MGR: Reaped child 6798

Greethings

> On Saturday, 28 December 2002 at 23:49, Mauro Luzi wrote:
>
> > Hi!
> >
> > I'm trying to run pptpd daemon inside a vserver, but when the process
> > calls pppd I obtain this message:
> >
> > pppd: This system lacks kernel support for PPP. This could be because
> > the PPP kernel module could not be loaded, or because PPP was not
> > included in the kernel configuration. If PPP was included as a
> > module, try `/sbin/modprobe -v ppp'. If that fails, check that
> > ppp.o exists in /lib/modules/`uname -r`/net.
> > See README.linux file in the ppp distribution for more details.
> >
> >
> > >From the root server pptpd runs correctly. PPP is a module.
> >
> > Can I use ppp on vserver? I think that it could be useful, e.g. for
> > ppp-over-ssh.

-- 
Mauro Luzi <linux_at_sanmarcoinformatica.it>
Sanmarco Informatica S.p.A.


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 15 Jan 2003 - 17:17:03 GMT by hypermail 2.1.3