Fw:Re: [Vserver] ACL on guest

From: Jean-Michel Caricand <jean-michel.caricand_at_laposte.net>
Date: Sat 03 Feb 2007 - 12:57:53 GMT
Message-Id: <JCW1CH$0DD47688EC0454A01BC2AA7354B156A9@laposte.net>

> On Fri, Feb 02, 2007 at 01:58:27PM +0100, Jean-Michel
Caricand wrote:
> > Hi,
> >
> > I want to know if it's possible to have acl on a guest. Show
> > my configuration :
> >
> > lifcsys3:~# cat /etc/mtab
> > /dev/hda3 / ext3 rw,errors=remount-ro 0 0
> > proc /proc proc rw 0 0
> > sysfs /sys sysfs rw 0 0
> > devpts /dev/pts devpts rw,gid=5,mode=620 0 0
> > tmpfs /dev/shm tmpfs rw 0 0
> > /dev/hda2 /boot ext3 rw 0 0
> > /dev/mapper/host-usr /usr ext3 rw 0 0
> > /dev/mapper/host-var /var ext3 rw 0 0
> > /dev/mapper/host-lifc--svnlmd /var/lib/vservers/lifc-svnlmd
> > ext3 rw,acl 0 0
> > /dev/mapper/host-lifc--webmail /var/lib/vservers/lifc-webmail
> > ext3 rw 0 0
> > /dev/mapper/host-lifc--glpi /var/lib/vservers/lifc-glpi ext3
> > rw 0 0
> > /dev/mapper/host-lifc--darkvador
> > /var/lib/vservers/lifc-darkvador ext3 rw 0 0
> > /mnt/wesson-home /var/lib/vservers/lifc-svnlmd/home none
> > rw,bind 0 0
> > usbfs /proc/bus/usb usbfs rw 0 0
> > 172.20.128.107:/home /mnt/wesson-home nfs
> > rw,addr=172.20.128.107 0 0
> > lifcsys3:~#
> >
> > The line works fine :
> > # setfacl -m u:smmsp:rwx
/var/lib/vservers/lifc-svnlmd/tmp/toto
> > # lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto
> > getfacl: Removing leading '/' from absolute path names
> > # file: var/lib/vservers/lifc-svnlmd/tmp/toto
> > # owner: root
> > # group: root
> > user::rw-
> > user:root:rwx
> > user:smmsp:rwx
> > group::r--
> > mask::rwx
> > other::r--
> >
> > lifcsys3:~#
> >
> > When I test setfacl on my guest :
> >
> > lifc-svnlmd:/tmp# setfacl -m u:root:rwx /tmp/toto
> > setfacl: /tmp/toto: Opération non supportée
>
> pleas do
> export LC_ALL=C LANG=C
>
> > lifc-svnlmd:/tmp#
> >
> > Strange. acl is supported on my guest. When I show the content
> > of /etc/mtab, I see :
> >
> > lifc-svnlmd:/tmp# cat /etc/mtab
> > /dev/hdv1 / ufs defaults 0 0
> > none /proc proc 0 0
> > none /tmp tmpfs size=16m,mode=1777 0 0
> > none /dev/pts devpts gid=5,mode=620 0 0
> > lifc-svnlmd:/tmp#
> >
> > Why this behavior ? Is it normal ?
>
> what behaviour?
> /etc/mtab contains what was written there, if you
> want to get information about mounts, check with
> /proc/mounts ...
>
> HTH,
> Herbert
>
> > Thank.
> >
> > Jean-Michel Caricand
> > mail : jean-michel.caricand@laposte.net
> >
> >
> > Envoyez vos cartes de voeux depuis www.laposte.net
> > Elles seront ensuite distribuées par le facteur : pratique
et malin !
> >
> > _______________________________________________
> > Vserver mailing list
> > Vserver@list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
>

Hello Herbert,

I use this path and this kernel : vs2.0.2.1, 2.6.17.13

On my guest (lifc-svnlmd) :
-------------------------

lifc-svnlmd:/# mount
/dev/hdv1 on / type ufs (defaults)
none on /proc type proc (0)
none on /tmp type tmpfs (size=16m,mode=1777)
none on /dev/pts type devpts (gid=5,mode=620)
lifc-svnlmd:/#

lifc-svnlmd:/# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev/root / ext3 rw,data=ordered 0 0
none /proc proc rw,nodiratime 0 0
none /tmp tmpfs rw,nodev 0 0
none /dev/pts devpts rw 0 0
lifc-svnlmd:/#

lifc-svnlmd:/# export LC_ALL=C LANG=C
lifc-svnlmd:/# touch /tmp/toto; setfacl -m u:root:rxw /tmp/toto
setfacl: /tmp/toto: Operation not supported
lifc-svnlmd:/#

Apparently, I can't use ACL in my guest. I am surprised
because I can use ACL on the host (the root filesystem for the
guest is mounted with ACL support on the host).

On my host (lifcsys3) :
---------------------

lifcsys3:~# mount
/dev/hda3 on / type ext3 (rw,errors=remount-ro)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
devpts on /dev/pts type devpts (rw,gid=5,mode=620)
tmpfs on /dev/shm type tmpfs (rw)
/dev/hda2 on /boot type ext3 (rw)
/dev/mapper/host-usr on /usr type ext3 (rw)
/dev/mapper/host-var on /var type ext3 (rw)
/dev/mapper/host-lifc--webmail on
/var/lib/vservers/lifc-webmail type ext3 (rw)
/dev/mapper/host-lifc--glpi on /var/lib/vservers/lifc-glpi
type ext3 (rw)
/dev/mapper/host-lifc--darkvador on
/var/lib/vservers/lifc-darkvador type ext3 (rw)
usbfs on /proc/bus/usb type usbfs (rw)
/dev/mapper/host-lifc--svnlmd on /var/lib/vservers/lifc-svnlmd
type ext3 (rw,acl)
lifcsys3:~#

lifcsys3:~# cat /proc/mounts
rootfs / rootfs rw 0 0
/dev2/root2 / ext3 rw,data=ordered 0 0
proc /proc proc rw,nodiratime 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw 0 0
tmpfs /dev/shm tmpfs rw 0 0
/dev/hda2 /boot ext3 rw,data=ordered 0 0
/dev/mapper/host-usr /usr ext3 rw,data=ordered 0 0
/dev/mapper/host-var /var ext3 rw,data=ordered 0 0
/dev/host/lifc-webmail /var/lib/vservers/lifc-webmail ext3
rw,data=ordered 0 0
/dev/host/lifc-glpi /var/lib/vservers/lifc-glpi ext3
rw,data=ordered 0 0
/dev/host/lifc-darkvador /var/lib/vservers/lifc-darkvador ext3
rw,data=ordered 0 0
usbfs /proc/bus/usb usbfs rw 0 0
/dev/host/lifc-svnlmd /var/lib/vservers/lifc-svnlmd ext3
rw,data=ordered 0 0
lifcsys3:~#

lifcsys3:~# setfacl -m u:testuser:rwx
/var/lib/vservers/lifc-svnlmd/tmp/toto
lifcsys3:~# getfacl /var/lib/vservers/lifc-svnlmd/tmp/toto
getfacl: Removing leading '/' from absolute path names
# file: var/lib/vservers/lifc-svnlmd/tmp/toto
# owner: root
# group: root
user::rw-
user:testuser:rwx
group::r--
mask::rwx
other::r--
 
lifcsys3:~#

If it's possible to use ACL in a guest, where is my error ?

Thank.

Jean-Michel Caricand
mail : jean-michel.caricand@laposte.net
 

Envoyez vos cartes de voeux depuis www.laposte.net
Elles seront ensuite distribuées par le facteur : pratique et
malin !

Jean-Michel Caricand
mail : jean-michel.caricand@laposte.net
  Envoyez vos cartes de voeux depuis www.laposte.net
Elles seront ensuite distribuées par le facteur : pratique et malin !

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Feb 3 13:40:07 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 03 Feb 2007 - 13:40:13 GMT by hypermail 2.1.8