From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Thu 17 Feb 2005 - 01:33:57 GMT
On Thu, Feb 17, 2005 at 02:23:53AM +0100, Christoph Kuhles wrote:
> Hi,
>
> I encountered a strange problem today on a SuSE 9.0 machine (SMP).
>
> After compiling util-vserver as usual and trying to start a vserver, I
> got the following error:
>
> [...]
> New security context is XXXX
> Can't chroot to directory . (Operation not permitted)
>
> Debugging the problem together with Herbert, we found out that, for
> some reason, the utilities drop capabilities when they shouldn't.
>
> Herbert suspected this was a compiler problem and suggested I
> recompile util-vserver on another machine - and it worked indeed.
>
> The box this problem happened on was SuSE 9.0 as said above, with gcc
> 3.3.1 (RPM release 3.3.1-29).
additional info: how to detect this?
$ chcontext grep Cap /proc/self/status
New security context is 49152
CapInh: 0000000000000000
CapPrm: 00000000fffffeff
CapEff: 00000000fffffeff
CapBset: 00000000fffffeff
$ chcontext --secure grep Cap /proc/self/status
New security context is 49153
CapInh: 0000000000000000
CapPrm: 00000000d40c04ff
CapEff: 00000000d40c04ff
CapBset: 00000000d40c04ff
if you get something different for the Cap*
lines, I would compile the tools somewhere
else ...
(btw, this happened with util-vserver 0.30)
HTH,
Herbert
> I might need to mention this worked fine on another SuSE 9.0 with the
> only difference being SMP - so my guess would be this is a problem
> when using SuSE's gcc to compile util-vserver on SMP machines.
>
> Just in case someone else should encounter this problem... The fix is
> simple: Compile util-vserver somewhere else. ;-)
>
> Cheers
> Chris
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver