On Tue, Aug 08, 2006 at 11:07:21AM +0200, Oliver Heinz wrote:
> Am Montag, 7. August 2006 20:24 schrieb Herbert Poetzl:
> > On Mon, Aug 07, 2006 at 12:24:54PM +0200, Oliver Heinz wrote:
> > > Am Montag, 7. August 2006 11:42 schrieb Oliver Heinz:
> > > > Hi there,
> > > >
> > > > I want to remount temporarily an noexec filesystem (/tmp) that is
> > > > mounted in a vserver. I don't want to change the fstab and restart the
> > > > vserver, and I don't want to give the vserver the caps to do it from
> > > > within.
> > > >
> > > > I'm sure there is a way to do that from the root-vserver, right?
> > > >
> > > > Within the vserver it would be a 'mount -o remount,exec /tmp'
> > > >
> > > > I found the secure-mount command but did not manage to get it to do
> > > > what I wanted.
> > >
> > > Just found that I forgot to add the second part. Same with Network
> > > Interfaces, how cann I add/delete an Interface from the outside to a
> > > running vserver.
> >
> > first, with recent devel kernels and proper tools you
> > can add ips to a running guest, given that the guest
> > already had at least two ips assigned (single ip
> > special casing is still there)
>
> Why do I need already two IPs assigned?
because a single IP will get special casing if you do not
tell the guest otherwise, which makes it impossible for
already bound services to accomodate to a new ip
> > now, 'how' to do that depends on the tools you use,
> > but basically its a single command which adds or removes
> > a single ip ...
>
> I tried a
> vnamespace -e service ip addr add 172.29.50.163/24 brd 172.29.50.255
> dev eth1 to add an interface to the guest called service
>
> But this is probably the wrong command :-(
yep, vnamespace enters the 'file system namespace' for that
guest, which is not really related to ips as you figured
> I get an additional ip that is shown on the root-vserver
>
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:0e:0c:71:0f:8e brd ff:ff:ff:ff:ff:ff
> inet 172.29.50.100/24 brd 172.29.50.255 scope global eth1
> inet 172.29.50.199/24 brd 172.29.50.255 scope global secondary eth1
> ...
> inet 172.29.50.163/24 brd 172.29.50.255 scope global secondary eth1
>
> But no new interface is shown inside the guest:
>
> root@gobi:/etc/snappy# vserver service enter
> service:/# ip addr show
> 3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
> link/ether 00:0e:0c:71:0f:8e brd ff:ff:ff:ff:ff:ff
> inet 172.29.50.199/24 brd 172.29.50.255 scope global secondary eth1
>
> I'm running:
> Kernel: 2.6.16.25-vs2.0.2-rc20-grsec2.1.9
> VS-API: 0x00020001
> util-vserver: 0.30.210; Mar 3 2006, 14:06:42
with vserver-utils (according to Hollow):
nx -add-addr <nid> <ip>/<prefix>
with vcmd (hack tool):
vcmd -i <nid> -C net_add .type=1 .count=1 .ip[0]=<ip> .mask=<mask>
note: (older) vcmd takes the if/mask as dotted quad, but
in reverse order (fixed in newer version)
HTH,
Herbert
> TIA,
> Oliver
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Aug 8 15:09:29 2006