From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 16 Feb 2004 - 19:55:36 GMT
On Mon, Feb 16, 2004 at 08:11:48PM +0100, Martin wrote:
> Hello people,
>
> I have just set up a Gentoo machine with both VServer development
> (kernel-2.4.25-rc1-vs1.3.7) and stable patches (kernel-2.4.24-vs1.26). I am
> using the newest util-vserver tools (0.29).
> Made my way through the installation of a Gentoo template VServer
> (http://vserver.strahlungsfrei.de/tiki-index.php?page=VServerGentooNew).
well, it seems that most users did miss the
security changes, anyway, here the archived mail:
http://archives.linux-vserver.org/200401/0125.html
and the additional info: both devel and experimental
branch (1.3.7 and 0.07) do turn the vserver proc
entries off (-d) by default, you ahve to enable
those entries which are required and secure ;)
HTH,
Herbert
> Now I am stuck with fatal errors in both kernel versions. Using kernel 2.6
> with the development patches:
> ,----[ ]
> | vserver template-gentoo start
> | Starting the virtual server template-gentoo
> | Error: /proc must be mounted
> | To mount /proc at boot you need an /etc/fstab line like:
> | /proc /proc proc defaults
> | In the meantime, mount /proc /proc -t proc
> | Server template-gentoo is not running
> | ...
> `----
>
> Shortly thereafter, during the init phase, it fails with
> ,----[ ]
> | Error: /proc must be mounted
> | To mount /proc at boot you need an /etc/fstab line like:
> | /proc /proc proc defaults
> | In the meantime, mount /proc /proc -t proc
> `----
>
> From the host system:
> ,----[ ]
> | > mount
> | none on /vservers/template-gentoo/proc type proc (rw)
> `----
>
> After entering the guest system, it is obvious that the proc filesystem
> doesn't work:
> ,----[ ]
> | > ps
> | Error: /proc must be mounted
> | To mount /proc at boot you need an /etc/fstab line like:
> | /proc /proc proc defaults
> | In the meantime, mount /proc /proc -t proc
> `----
>
> Those seem to be kernel messages. I didn't find those strings in any files
> under /usr.. Or is this a problem with the Gentoo init scripts?! I don't
> think so.
>
>
>
> Different problems under kernel 2.4, with stable VServer patches 1.26. Not
> even a simple chcontext works:
> ,----[ ]
> | > chcontext /bin/bash
> | New security context is 49153
> | Can't exec /bin/bash (Permission denied)
> `----
>
>
>
> So what is this all about??
>
>
> Greetz,
> Martin
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver