vserver development mailing list: Re: [Vserver] Bringing down vsever brings down _all

Re: [Vserver] Bringing down vsever brings down _all_ interfaces:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 13 Oct 2004 - 15:35:51 BST

Previous message: Herbert Poetzl: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"
In reply to: Christian Mayrhuber: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"
Next in thread: David MacKinnon: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"

On Wed, Oct 13, 2004 at 04:00:17PM +0200, Christian Mayrhuber wrote:
> On Wednesday 13 October 2004 15:32, Björn Steinbrink wrote:
> > On Wed, 13 Oct 2004 13:39:53 +1000
> > David MacKinnon <davidm_at_obsidian.com.au> wrote:
> >
> > > Just ran into this today one some new servers I'm setting up.
> > >
> > > util-vserver 0.30.195 (but it happened with 190 as well)
> > > vserver 2.6 patch 1.9.2 on 2.6.8.1 (with dm/drbd and nfs patches)
> > >
> > > When I stop _any_ vserver, it brings down _both_ eth0 and eth1
> > > (leaving only lo up).
> > >
> > > This happens with vservers on the same subnet as the host, or on
> > > completely different networks.
> > >
> > > I haven't come across this before, I have another box with 2.6.8 +
> > > vs1.9.2 (no other patches) with util-vserver 0.30.190 that doesn't
> > > exhibit this behaviour. Copying the config from this working machine
> > > doesn't help at all.
> > >
> > > Anyone come across this before? I suppose I'll try stripping out other
> > > kernel patches, but I'm not wonderfully hopeful.
> >
> > Did you build your kernel with CONFIG_SECURITY enabled? If so, make sure
> > that you also enabled CONFIG_SECURITY_CAPABILITIES and that the module
> > is loaded if it was built as a module. Otherwise the default capability
> > handling is disabled and your vserver is therefore allowed to
> > remove the interfaces.

good catch! thanks!

> > HTH
> > Bjoern
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> Thanks!
> Thats it. At least for me...
>
> modprobe capability does the trick.
> Debian default kernel config setting is to compile it
> as a module, but to not load it per default.
>
> Very strange default setting.

who needs security, if you have debian ;)
(just a not so funny joke)

best,
Herbert

> --
> lg, Chris
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Herbert Poetzl: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"
In reply to: Christian Mayrhuber: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"
Next in thread: David MacKinnon: "Re: [Vserver] Bringing down vsever brings down _all_ interfaces"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 13 Oct 2004 - 15:30:40 BST by hypermail 2.1.3