Re: [Vserver] vserver traceroute

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Thu 20 Apr 2006 - 19:43:03 BST
Message-ID: <20060420184302.GA28159@MAIL.13thfloor.at>

On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote:
> hello,
> even trying to traceroute -I is still giving that same error message.
> What could be wrong? Do I need to set some extra ccapabilities?
>
> Also, what does the --secure option of the vattribute do ?

that really depends on the tool version, which
one do you have?

usually it removes most capabilites from the guest

best,
Herbert

>
> Regards,
> -Nikolay Kichukov
>
> ----- Original Message -----
> From: "Xavier Montagutelli" <xavier.montagutelli@unilim.fr>
> To: <vserver@list.linux-vserver.org>
> Sent: Thursday, April 20, 2006 3:33 PM
> Subject: Re: [Vserver] vserver traceroute
>
>
> > On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote:
> > > Hello guys,
> > > Thanks for the advice, and sorry for taking me so long to respond.
> > >
> > > I tried setting:
> > >
> > > host# vattribute --set --xid <xid> --secure --ccap raw_icmp
> > >
> > > and when i try to traceroute a host I am again getting:
> > >
> > > traceroute: raw socket: Operation not permitted
> >
> > On my debian box, traceroute use by default UDP packets, not ICMP packets.
> >
> > Try "-I icmp" to use icmp.
> >
> > >
> > > Any further ideas?
> > >
> > > Another problem has now appeared:
> > > When i try to ssh to the guest sshd, i am getting the following error:
> > >
> > > fatal: chroot("/var/run/sshd"): Operation not permitted
> > >
> > > /var/run/sshd is rwx for root and r-x for the group and others
> > >
> > > Any ideas?
> > >
> > > Additional info:
> > >
> > > util-vserver 0.30.209-2 debian package
> > > kernel 1.6.14.4-vs2.1.0
> > >
> > > On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote:
> > > > Nikolay Kichukov wrote:
> > > > > Hi,
> > > > > Thanks for the advise,
> > > > > I'd like to test that and I already have raw_icmp in the flags file
> for
> > > > > the vserver, but is there a way i can set that without rebooting the
> > > > > vserver?
> > > >
> > > > It's a context capability, so you should put it in ccapabilities file.
> > > >
> > > > > I've searched for information about chcontext and did not find a lot
> > > > > about setting those caps and flags dynamically. Is that possible? If
> > > > > yes, how?
> > > >
> > > > vattribute --set --xid <name or xid of the guest> --secure --ccap
> > > > raw_icmp (add additional --bcaps here if you have any, as they'll be
> > > > reset otherwise)
> > > >
> > > > > Also, another question is, i have already created(built) the vserver
> > > > > without --context NNN, and now I would like to get the vserver
> running
> > > > > only in a specified context, ie. 444. How can i implement that?
> > > >
> > > > echo NNN > /etc/vservers/<name>/context
> > > >
> > > > http://www.nongnu.org/util-vserver/doc/conf/configuration.html
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
> > --
> > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20
> > Service Commun Informatique Fax : +33 (0)5 55 45 77 60
> > Universite de Limoges
> > 123, avenue Albert Thomas
> > 87060 Limoges cedex
> > _______________________________________________
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Thu Apr 20 19:43:29 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 20 Apr 2006 - 19:43:34 BST by hypermail 2.1.8