From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 07 Jan 2004 - 07:45:27 GMT
On Wed, Jan 07, 2004 at 07:19:54AM -0000, Luís Miguel Silva wrote:
> I forgot to mention that this is happening on ALL my vservers since I
> upgraded to kernel 2.4.24-vs1.22!
please download and execute the following script
on one of your 'failing' machines ...
http://vserver.13thfloor.at/Stuff/testme.sh
(it is okay, when the last test fails)
if you get any errors in the tests < 202
try again with -v, and send the output
if everything looks okay, please try to upgrade/update
one thing at a time so in your case, just try the 'new'
kernel with the 'old' tools you where using with
2.4.23-vs1.00 or downgrade/change the tools ...
my vs1.22 installation, running for 23 days without
any issues (2.4.23-vs1.22) uses util-vserver 0.26
from enrico
HTH,
Herbert
> Best,
> +-------------------------------------------
> | Luís Miguel Silva
> | Network Administrator@ ISPGaya.pt
> | Rua António Rodrigues da Rocha, 291/341
> | Sto. Ovídio • 4400-025 V. N. de Gaia
> | Portugal
> | T: +351 22 3745730/3/5 F: +351 22 3745738
> | G: +351 93 6371253 E: lms_at_ispgaya.pt
> | H: http://lms.ispgaya.pt/
> +-------------------------------------------
>
> -----Original Message-----
> From: vserver-admin_at_list.linux-vserver.org
> [mailto:vserver-admin_at_list.linux-vserver.org] On Behalf Of Luís Miguel Silva
> Sent: quarta-feira, 7 de Janeiro de 2004 7:14
> To: 'Herbert Poetzl'
> Cc: vserver_at_list.linux-vserver.org
> Subject: RE: [Vserver] Problem with kernel 2.4.24 + vs1.22
>
> Hello Herbert (and all others),
>
> Here are my configurations and tools versions:
> root_at_leonardo-root /usr/src/installs/new-vserver# ls
> patch-vserver-0.29-fix01.diff util-vserver-0.26/ util-vserver-0.26.tar.bz2
> vserver-0.29/ vserver-0.29.src.tar.gz
> root_at_leonardo-root /usr/src/installs/new-vserver# cat /etc/vservers.conf
> # Configuration file for the vservers service
> # BACKGROUND=yes
> # start the vservers on tty9, in background so the rest of the
> # boot process end early
> BACKGROUND=no
> # This variable controls where the vservers are stored.
> # This file is sourced by the various vservers configuration files
> # in /etc/vservers. Each vserver may redefine the value so it points
> # elsewhere. So vservers may be located in various places on the system.
> # To make it simple, when you want to learn what is the vserver root
> # source one vserver configuration and you will learn what is the
> # actual vserver root for this vserver
> VSERVERS_ROOT=/vservers
> # When starting or entering a vserver, its /etc/mtab is generated on
> # the fly so it matches the various volumes mounted inside the vserver
> GENERATEMTAB=yes
>
> root_at_leonardo-root /usr/src/installs/new-vserver# cat
> /etc/vservers/srmi.conf
> # Description: sapienflex-rmi
> # Select an unused context (this is optional)
> # The default is to allocate a free context on the fly
> # In general you don't need to force a context
> #S_CONTEXT=
> # Select the IP number assigned to the virtual server
> # This IP must be one IP of the server, either an interface
> # or an IP alias
> IPROOT=192.168.3.86
> # You can define on which device the IP alias will be done
> # The IP alias will be set when the server is started and unset
> # when the server is stopped
> # The netmask and broadcast are computed by default from IPROOTDEV
> #IPROOTMASK=
> #IPROOTBCAST=
> IPROOTDEV=eth0
> # Uncomment the onboot line if you want to enable this
> # virtual server at boot time
> ONBOOT=yes
> # You can set a different host name for the vserver
> # If empty, the host name of the main server is used
> S_HOSTNAME=sapienflex-rmi.server.pt
> # You can set a different NIS domain for the vserver
> # If empty, the current on is kept
> # Set it to "none" to have no NIS domain set
> S_DOMAINNAME=
> # You can set the priority level (nice) of all process in the vserver
> # Even root won't be able to raise it
> S_NICE=
> # You can set various flags for the new security context
> # lock: Prevent the vserver from setting new security context
> # sched: Merge scheduler priority of all processes in the vserver
> # so that it acts a like a single one.
> # nproc: Limit the number of processes in the vserver according to ulimit
> # (instead of a per user limit, this becomes a per vserver limit)
> # private: No other process can join this security context. Even root
> # Do not forget the quotes around the flags
> S_FLAGS="lock nproc"
> # You can set various ulimit flags and they will be inherited by the
> # vserver. You enter here various command line argument of ulimit
> # ULIMIT="-HS -u 200"
> # The example above, combined with the nproc S_FLAGS will limit the
> # vserver to a maximum of 200 processes
> ULIMIT="-HS -u 500"
> # You can set various capabilities. By default, the vserver are run
> # with a limited set, so you can let root run in a vserver and not
> # worry about it. He can\'t take over the machine. In some cases
> # you can to give a little more capabilities \(such as CAP_NET_RAW\)
> #S_CAPS="CAP_NET_RAW"
> S_CAPS=""
> root_at_leonardo-root /usr/src/installs/new-vserver# ls /var/run/vservers/ -l
> total 28
> -rw-r--r-- 1 root root 27 Jan 6 21:57 ciisp.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:57 lsmb-nss.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:57 ns2.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:57 shares.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:58 srmi.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:58 sweb.ctx
> -rw-r--r-- 1 root root 27 Jan 6 21:58 www.ctx
> root_at_leonardo-root /usr/src/installs/new-vserver# ls -ld /var/run/vservers
> drwx------ 2 root root 4096 Jan 6 21:58 /var/run/vservers/
> root_at_leonardo-root /usr/src/installs/new-vserver#
>
> To sum it all up:
> a) I didn’t change any configuration from version 2.4.23-vs1.00 to
> 2.4.24-vs1.22
> b) I changed the /etc/vservers.conf cause it couldn’t find my /vservers dir
> c) iam using the versions of the tools you recommend on your site
>
> Do you need any extra information I can provide? :o)
>
> Thanks,
> +-------------------------------------------
> | Luís Miguel Silva
> | Network Administrator@ ISPGaya.pt
> | Rua António Rodrigues da Rocha, 291/341
> | Sto. Ovídio • 4400-025 V. N. de Gaia
> | Portugal
> | T: +351 22 3745730/3/5 F: +351 22 3745738
> | G: +351 93 6371253 E: lms_at_ispgaya.pt
> | H: http://lms.ispgaya.pt/
> +-------------------------------------------
>
> -----Original Message-----
> From: Herbert Poetzl [mailto:herbert_at_13thfloor.at]
> Sent: quarta-feira, 7 de Janeiro de 2004 0:02
> To: Luís Miguel Silva
> Cc: vserver_at_list.linux-vserver.org
> Subject: Re: [Vserver] Problem with kernel 2.4.24 + vs1.22
>
> On Tue, Jan 06, 2004 at 09:41:14PM -0000, Luís Miguel Silva wrote:
> > Hello all,
> >
> > Today I updated my servers kernel to 2.4.24-vs1.22 and im having some
> > trouble when I try to stop the vserver.
>
> could you provide the type and version of your tools
> and the config for that vserver, please?
>
> TIA,
> Herbert
>
> > root_at_leonardo-root /usr/src/installs/new-vserver# vserver srmi stop
> > Stopping the virtual server srmi
> > Server srmi is running
> > ipv4root is now 192.168.3.86
> > Can't set the new security context
> > : Invalid argument
> > sleeping 5 seconds
> > Killing all processes
> > chcontext version 0.29
> > chcontext [ options ] command arguments ...
> > chcontext allocate a new security context and executes
> > a command in that context.
> > By default, a new/unused context is allocated
> > --cap CAP_NAME
> > Add a capability from the command. This option may be
> > repeated several time.
> > See /usr/include/linux/capability.h
> > In general, this option is used with the --secure option
> > --secure removes most critical capabilities and --cap
> > adds specific ones.
> > --cap !CAP_NAME
> > Remove a capability from the command. This option may be
> > repeated several time.
> > See /usr/include/linux/capability.h
> > --ctx num
> > Select the context. On root in context 0 is allowed to
> > select a specific context.
> > Context number 1 is special. It can see all processes
> > in any contexts, but can't kill them though.
> > Option --ctx may be repeated several times to specify up to 16
> > contexts.
> > --disconnect
> > Start the command in background and make the process
> > a child of process 1.
> > --domainname new_domainname
> > Set the domainname (NIS) in the new security context.
> > Use "none" to unset the domain name.
> > --flag
> > Set one flag in the new or current security context. The following
> > flags are supported. The option may be used several time.
> >
> > fakeinit: The new process will believe it is process number 1.
> > Useful to run a real /sbin/init in a vserver.
> > lock: The new process is trapped and can't use chcontext anymore.
> > sched: The new process and its children will share a common
> > execution priority.
> > nproc: Limit the number of process in the vserver according to
> > ulimit setting. Normally, ulimit is a per user thing.
> > With this flag, it becomes a per vserver thing.
> > private: No one can join this security context once created.
> > ulimit: Apply the current ulimit to the whole context
> > --hostname new_hostname
> > Set the hostname in the new security context
> > This is need because if you create a less privileged
> > security context, it may be unable to change its hostname
> > --secure
> > Remove all the capabilities to make a virtual server trustable
> > --silent
> > Do not print the allocated context number.
> >
> > Information about context is found in /proc/self/status
> > root_at_leonardo-root /usr/src/installs/new-vserver# uname -a
> > Linux leonardo-root.ispgaya.pt 2.4.24-vs1.22 #1 SMP Tue Jan 6 09:52:07 WET
> > 2004 i686 unknown unknown GNU/Linux
> > root_at_leonardo-root /usr/src/installs/new-vserver#
> >
> >
> > Is this the problem with vkill you mention on your site (Herbert)?
> >
> > Best,
> > +-------------------------------------------
> > | Luís Miguel Silva
> > | Network Administrator@ ISPGaya.pt
> > | Rua António Rodrigues da Rocha, 291/341
> > | Sto. Ovídio • 4400-025 V. N. de Gaia
> > | Portugal
> > | T: +351 22 3745730/3/5 F: +351 22 3745738
> > | G: +351 93 6371253 E: lms_at_ispgaya.pt
> > | H: http://lms.ispgaya.pt/
> > +-------------------------------------------
> >
> >
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver