On Fri, Apr 21, 2006 at 05:30:53PM +0300, Nikolay Kichukov wrote:
> hi, the version is:
>
> util-vserver 0.30.209-2
>
> Would you suggest an upgrade to get the traceroute going? It is not so
> important to make traceroute working. It is the idea that stays behind
> that. ;-) To have the guest at full operational power as if it is a
> real machine.
can you provide a static binary of that traceroute tool
for testing? it is supposed to work with ram_icmp
capability enabled ...
TIA,
Herbert
>
> Thanks and regards,
> -Nikolay Kichukov
>
>
> ----- Original Message -----
> From: "Herbert Poetzl" <herbert@13thfloor.at>
> To: "Nikolay Kichukov" <hijacker@oldum.net>
> Cc: <vserver@list.linux-vserver.org>
> Sent: Thursday, April 20, 2006 9:43 PM
> Subject: Re: [Vserver] vserver traceroute
>
>
> > On Thu, Apr 20, 2006 at 05:24:00PM +0300, Nikolay Kichukov wrote:
> > > hello,
> > > even trying to traceroute -I is still giving that same error message.
> > > What could be wrong? Do I need to set some extra ccapabilities?
> > >
> > > Also, what does the --secure option of the vattribute do ?
> >
> > that really depends on the tool version, which
> > one do you have?
> >
> > usually it removes most capabilites from the guest
> >
> > best,
> > Herbert
> >
> > >
> > > Regards,
> > > -Nikolay Kichukov
> > >
> > > ----- Original Message -----
> > > From: "Xavier Montagutelli" <xavier.montagutelli@unilim.fr>
> > > To: <vserver@list.linux-vserver.org>
> > > Sent: Thursday, April 20, 2006 3:33 PM
> > > Subject: Re: [Vserver] vserver traceroute
> > >
> > >
> > > > On Thursday 20 April 2006 13:29, Nikolay Kichukov wrote:
> > > > > Hello guys,
> > > > > Thanks for the advice, and sorry for taking me so long to respond.
> > > > >
> > > > > I tried setting:
> > > > >
> > > > > host# vattribute --set --xid <xid> --secure --ccap raw_icmp
> > > > >
> > > > > and when i try to traceroute a host I am again getting:
> > > > >
> > > > > traceroute: raw socket: Operation not permitted
> > > >
> > > > On my debian box, traceroute use by default UDP packets, not ICMP
> packets.
> > > >
> > > > Try "-I icmp" to use icmp.
> > > >
> > > > >
> > > > > Any further ideas?
> > > > >
> > > > > Another problem has now appeared:
> > > > > When i try to ssh to the guest sshd, i am getting the following
> error:
> > > > >
> > > > > fatal: chroot("/var/run/sshd"): Operation not permitted
> > > > >
> > > > > /var/run/sshd is rwx for root and r-x for the group and others
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > Additional info:
> > > > >
> > > > > util-vserver 0.30.209-2 debian package
> > > > > kernel 1.6.14.4-vs2.1.0
> > > > >
> > > > > On Tue, 2006-04-11 at 13:17 +0200, Daniel Hokka Zakrisson wrote:
> > > > > > Nikolay Kichukov wrote:
> > > > > > > Hi,
> > > > > > > Thanks for the advise,
> > > > > > > I'd like to test that and I already have raw_icmp in the flags
> file
> > > for
> > > > > > > the vserver, but is there a way i can set that without rebooting
> the
> > > > > > > vserver?
> > > > > >
> > > > > > It's a context capability, so you should put it in ccapabilities
> file.
> > > > > >
> > > > > > > I've searched for information about chcontext and did not find a
> lot
> > > > > > > about setting those caps and flags dynamically. Is that
> possible? If
> > > > > > > yes, how?
> > > > > >
> > > > > > vattribute --set --xid <name or xid of the guest> --secure --ccap
> > > > > > raw_icmp (add additional --bcaps here if you have any, as they'll
> be
> > > > > > reset otherwise)
> > > > > >
> > > > > > > Also, another question is, i have already created(built) the
> vserver
> > > > > > > without --context NNN, and now I would like to get the vserver
> > > running
> > > > > > > only in a specified context, ie. 444. How can i implement that?
> > > > > >
> > > > > > echo NNN > /etc/vservers/<name>/context
> > > > > >
> > > > > > http://www.nongnu.org/util-vserver/doc/conf/configuration.html
> > > > >
> > > > > _______________________________________________
> > > > > Vserver mailing list
> > > > > Vserver@list.linux-vserver.org
> > > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > >
> > > > --
> > > > Xavier Montagutelli Tel : +33 (0)5 55 45 77 20
> > > > Service Commun Informatique Fax : +33 (0)5 55 45 77 60
> > > > Universite de Limoges
> > > > 123, avenue Albert Thomas
> > > > 87060 Limoges cedex
> > > > _______________________________________________
> > > > Vserver mailing list
> > > > Vserver@list.linux-vserver.org
> > > > http://list.linux-vserver.org/mailman/listinfo/vserver
> > > >
> > >
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver@list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver
> >
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sun Apr 23 16:33:12 2006