Herbert Poetzl wrote:
>On Sun, Mar 12, 2006 at 12:26:43PM +1000, Russell Kliese wrote:
>
>
>>>>$NICE is set to 10 in /etc/updatedb.conf, so -n ${NICE:-10} is the same
>>>>as
>>>>-n 0.
>>>>
>>>>
>>>>
>>>In a shell script? Doesn't ":-" set a default value if the variable is
>>>not already set?
>>>
>>>
>>Yes, my mistake. With $NICE being 10, the priority in this cause would be
>>incremented by 10 (i.e. lowered).
>>
>>Anyway, this is an aside. Even when running nice without the -n option
>>still causes problems.
>>
>>
>
>hmm, two things:
>
> a) could you strace -fF -o nice.trace the nice command as is?
>
>
I ran strace with the following 2 commands:
strace -fF -o /tmp/normal.trace su nobody
strace -fF -o /tmp/nice.trace nice su nobody
I then removed the first columns in the trace outputs (it just contains
the PIDs?) and diffed the outputs:
diff normal2.trace nice2.trace. I've attached the output (I snipped off
stuff at the end of the normal2.trace that I didn't think was important).
To me it looks like su tries to set the PRIO_PROCESS priority to 0 after
nice has set the PRIO_PROCESS priority to 10, causing the permission
denied error. Is this what su is supposed to do? If so, then using nice
would have no benefit in the script it is being used in if su is going
to set the priority back to 0 anyway.
Have I interpreted this correctly?
> b) what does your ulimit -a show on the host and guest?
>
ulimit -a outputs the same on both the guest and host:
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) unlimited
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) unlimited
virtual memory (kbytes, -v) unlimited
Thanks for your help so far,
Regards,
Russell
>>>>>>>>>>>>Would enabling CAP_SYS_NICE help in this case even though a
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>lower
>>>>>>
>>>>>>
>>>>>>>>>>>>priority is being set? Or is there something else causing
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>this
>>>>
>>>>
>>>>>>>>>>problem?
>>>>>>>>>>
-- <http://www.eminence.com.au/> Eminence Technology Pty Ltd PO Box 118, Moorooka QLD 4105 Web: www.eminence.com.au <http://www.eminence.com.au/> Ph: +61-7-3277-4100 Fax: +61-7-3105-7484
0a1,36
> execve("/usr/bin/nice", ["nice", "su", "nobody"], [/* 16 vars */]) = 0
> uname({sys="Linux", node="secure", ...}) = 0
> brk(0) = 0x505000
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a9556a000
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
> open("/etc/ld.so.cache", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=21397, ...}) = 0
> mmap(NULL, 21397, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2a9556b000
> close(3) = 0
> access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
> open("/lib/libc.so.6", O_RDONLY) = 3
> read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\324"..., 640) = 640
> fstat(3, {st_mode=S_IFREG|0755, st_size=1295328, ...}) = 0
> mmap(NULL, 2354760, PROT_READ|PROT_EXEC, MAP_PRIVATE, 3, 0) = 0x2a9566c000
> mprotect(0x2a9578e000, 1166920, PROT_NONE) = 0
> mmap(0x2a9586c000, 241664, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x100000) = 0x2a9586c000
> mmap(0x2a958a7000, 15944, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a958a7000
> close(3) = 0
> mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2a958ab000
> arch_prctl(0x1002, 0x2a958ab640) = 0
> munmap(0x2a9556b000, 21397) = 0
> open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
> fstat(3, {st_mode=S_IFREG|0644, st_size=290512, ...}) = 0
> mmap(NULL, 290512, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2a9556b000
> close(3) = 0
> brk(0) = 0x505000
> brk(0x526000) = 0x526000
> brk(0) = 0x526000
> getpriority(PRIO_PROCESS, 0) = 20
> setpriority(PRIO_PROCESS, 0, 10) = 0
> execve("/usr/local/sbin/su", ["su", "nobody"], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
> execve("/usr/local/bin/su", ["su", "nobody"], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
> execve("/usr/sbin/su", ["su", "nobody"], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
> execve("/usr/bin/su", ["su", "nobody"], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
> execve("/sbin/su", ["su", "nobody"], [/* 16 vars */]) = -1 ENOENT (No such file or directory)
299c335
< getpid() = 6203
---
> getpid() = 6216
304c340
< sendto(3, "<86>Mar 13 11:36:35 su[6203]: + "..., 49, 0, NULL, 0) = 49
---
> sendto(3, "<86>Mar 13 11:42:04 su[6216]: + "..., 49, 0, NULL, 0) = 49
354c390
< getpid() = 6203
---
> getpid() = 6216
356c392
< sendto(3, "<38>Mar 13 11:36:35 su[6203]: (p"..., 86, 0, NULL, 0) = 86
---
> sendto(3, "<38>Mar 13 11:42:04 su[6216]: (p"..., 86, 0, NULL, 0) = 86
396,400c432,442
< setpriority(PRIO_PROCESS, 0, 0) = 0
< setuid(65534) = 0
< close(3) = 0
< execve("/bin/sh", ["sh"], [/* 16 vars */]) = 0
< =========== snip ==============
---
> setpriority(PRIO_PROCESS, 0, 0) = -1 EACCES (Permission denied)
> getpid() = 6216
> rt_sigaction(SIGPIPE, {0x2a95a7b4f0, [], 0x4000000}, {SIG_DFL}, 8) = 0
> sendto(3, "<83>Mar 13 11:42:04 su[6216]: pa"..., 66, 0, NULL, 0) = 66
> rt_sigaction(SIGPIPE, {SIG_DFL}, NULL, 8) = 0
> write(2, "su: Permission denied\n", 22) = 22
> munmap(0x2a96122000, 1053392) = 0
> munmap(0x2a96244000, 1146800) = 0
> munmap(0x2a9635c000, 1062280) = 0
> munmap(0x2a96466000, 1063096) = 0
> exit_group(0x1, 0x1, 0x2a95be7530, 0x2a95be8e08, 0x2a95cef090 <unfinished ... exit status 1>
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Mon Mar 13 02:06:11 2006