On Fri, 2005-11-11 at 10:25 -0600, Matthew Nuzum wrote:
> > on 2.x kernels, the raw_icmp capability replaces the
> > insecure CAP_NET_RAW. raw_icmp is given by default
> > on mainline util-vserver since (at least) 0.30.208
> > (and we now have 0.30.209)
> >
> > > What I did to get it to work was:
> > > * Add CAP_NET_RAW to the capabilities of the vserver (in /etc/vservers)
Well, I have 5 secs before I leave the office (weekend after all!), so
here is some info on my (working) host, if anyone needs more info, I'll
be back on monday ;) ):
vserver-info
Versions:
Kernel: 2.6.11.6-grsec-vs1.9.5
VS-API: 0x00010025
util-vserver: 0.30.196; Apr 5 2005, 16:20:45
Features:
CC: i686-pc-linux-gnu-gcc, i686-pc-linux-gnu-gcc
(GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
CXX: i686-pc-linux-gnu-g++, i686-pc-linux-gnu-g++
(GCC) 3.3.4 20040623 (Gentoo Linux 3.3.4-r1, ssp-3.3.2-2, pie-8.7.6)
CPPFLAGS: ''
CFLAGS: '-O2 -march=i686 -fomit-frame-pointer
-std=c99 -Wall -pedantic -W'
CXXFLAGS: '-O2 -march=i686 -fomit-frame-pointer -ansi
-Wall -pedantic -W -fmessage-length=0'
build/host: i686-pc-linux-gnu/i686-pc-linux-gnu
Use dietlibc: yes (0.28)
Build C++ programs: yes
Build C99 programs: yes
Available APIs: compat,v11,v13,fscompat,net,oldproc,olduts
ext2fs Source: e2fsprogs
syscall(2) invocation: fast
vserver(2) syscall#: 273/default
cat /proc/virtual/82/status (Nagios host)
UseCnt: 85
Tasks: 38
Flags: 0000000202000015
BCaps: ffffffffd44c04ff
CCaps: 0000000000000101
Ticks: 0
-- Regards, Dennis Roos Network Engineer @ InTouch N.V. Middenweg 76 1097 BS Amsterdam Tel: +31 (0)20 6752060 Fax: +31 (0)20 6758429 -=[Assumption is the mother of all f*ckups]=- _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Fri Nov 11 16:49:30 2005