From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 13 May 2005 - 06:34:05 BST
On Fri, May 13, 2005 at 10:42:04AM +0800, Wai Phang wrote:
> Hi Herbert,
>
> My kernel had extended attributes for ext2 and ext3 compiled in.
> Anyway, is there any security concern if i can't get that working?
> Thank you.
well, yes, actually it means that the extened attributes
do not work on this path, so the barrier attribute
used to protect the chroot (not really required with
namespaces) is very likely to be missing too ...
best,
Herbert
> Cheers!
> Seph
>
> On 5/13/05, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> > On Thu, May 12, 2005 at 05:26:11PM -0700, Wai Phang wrote:
> > > Hi Herbert,
> > >
> > > chattr +i /var/lib/vservers gave me the same error as well.
> >
> > well, then you should (and probably figured already)
> > compile in/enable extended attributes for that filesystem
> > of yours (to which /var/lib/vservers belongs)
> >
> > best,
> > Herbert
> >
> > > Cheers!
> > > Seph
> > >
> > > On 5/12/05, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> > > > On Thu, May 12, 2005 at 02:12:34PM +0800, Wai Phang wrote:
> > > > > Hi Herbert,
> > > > >
> > > > > Thank you for your clarifications.
> > > > >
> > > > > I have figured most of the stuff except this
> > > > >
> > > > > chattr: Function not implemented while setting flags on /var/lib/vservers
> > > >
> > > > okay, after second thought, what about enabling
> > > > extended attributes for your filesystem?
> > > >
> > > > try something like chattr +i /var/lib/vservers
> > > > (but don't forget to remove it again if that works)
> > > >
> > > > HTH,
> > > > Herbert
> > > >
> > > >
> > > > > I am pretty sure i boot into the kernel with vserver patch when that
> > > > happens.
> > > > >
> > > > > Also, is there any documentation i can refer to to convert the legacy
> > > > > config to the new one?
> > > > >
> > > > > TIA!
> > > > > Seph
> > > > >
> > > > > On 5/12/05, Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> > > > > > On Thu, May 12, 2005 at 10:15:41AM +0800, Wai Phang wrote:
> > > > > > > Hi there,
> > > > > > >
> > > > > > > I am running debian sarge kernel 2.6.8 i686. I managed to setup
> > > > > > > everything and everything works fine except for 3 instances.
> > > > > > >
> > > > > > > 1. Whenever I start/stop my guest vserver, i get
> > > > > > >
> > > > > > > WARNING: can not find configuration, assuming legacy method
> > > > > >
> > > > > > which is a good indication that you are using
> > > > > > a linux-vserver guest with a legacy config
> > > > > > (i.e. single file vs. directory tree)
> > > > > >
> > > > > > > 2. Whenever i stop my guest vserver, i get
> > > > > > >
> > > > > > > chcontext: vc_new_s_context(): Invalid argument
> > > > > >
> > > > > > which is probably caused by using dynamic context
> > > > > > ids (which are depreciated) instead of static ones
> > > > > > (i.e. no S_CONTEXT= in your config)
> > > > > >
> > > > > > > 3. Occasionally, i get this error with util-vserver. (Using
> > > > 0.30.204-5)
> > > > > > >
> > > > > > > chattr: Function not implemented while setting flags on
> > > > /var/lib/vservers
> > > > > >
> > > > > > hmm ... might occasionally be related to not
> > > > > > having booted with a vserver enabled kernel?
> > > > > >
> > > > > > > Also, how can i verify my installation is correct. I have run the
> > > > > > > testme.sh file and everything shows up fine.
> > > > > > >
> > > > > > > Finally, do i need to enable Virtual block device for my kernel?
> > > > > >
> > > > > > not if you are not planning to use quota inside
> > > > > > your vserver guest ...
> > > > > >
> > > > > > > Really appreciate someone help me with these. TIA!
> > > > > >
> > > > > > HTH,
> > > > > > Herbert
> > > > > >
> > > > > > > Cheers!
> > > > > > > Seph
> > > > > > > _______________________________________________
> > > > > > > Vserver mailing list
> > > > > > > Vserver_at_list.linux-vserver.org
> > > > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Est Solaris Oth Mithas
> > > > > _______________________________________________
> > > > > Vserver mailing list
> > > > > Vserver_at_list.linux-vserver.org
> > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > >
> > >
> > >
> > > --
> > > Est Solaris Oth Mithas
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver_at_list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
>
> --
> Est Solaris Oth Mithas
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver