Re: [Vserver] chcontext not permitted:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] chcontext not permitted

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Tue 06 Feb 2007 - 04:42:48 GMT
Message-ID: <20070206044248.GA31539@MAIL.13thfloor.at>

On Mon, Feb 05, 2007 at 01:14:24PM +0000, Lyn St George wrote:
> Hallo all
>
> I've just had a hard disk replaced with a fresh installtion of
> CentOS4.4 and so I also built a new kernel, and for the first
> time am getting this error:
> chcontext: vc_new_s_context(): Operation not permitted
> when trying to enter or stop a vserver.

EPERM means that you do not have the proper
capability (CAP_SYS_ADMIN and xid=0) or that
the guest is running with VX_INFO_PRIVATE

(probably the latter is true in your case)

> Kernel is 2.6.19.2, patch vs2.2.0-rc10, tools 30.212. The
> vservers are using the legacy configs, ie a single config
> file under /etc/vservers per vserver.

this config is deprecated for a long time now
(several years, IIRC, please upgrade that)

> Tools are built with 'ALL' as the target apis.
>
> This host is using LVM, and while I can't see how this could
> contribute towards this problem I can't see anything else
> that is different from all other kernels and installations that
> have gone without a hitch.

I guess you have this one enabled:
  CONFIG_VSERVER_PRIVACY=y

which is on by default, and honored with
new tools/configs ... probably not correctly
by the old legacy interfaces though ...

> The testme.sh script shows that everything tested is OK.
> At the moment these vservers are not working properly, ie
> they don't start up most daemons and I have to enter them
> with chroot and manually get things going. A 'ps ax' shows
> all the host's processes visible inside the vserver, so plainly
> the separation has failed.

that is jumping to conclusions, as chroot will
not change the process context, so naturally
you will see host processess ...

> Would anyone have any clues to point me to a solution?

fast solution: disable the privacy
long term solution: upgrade to the new config

HTH,
Herbert

> -
> Lyn
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Tue Feb 6 05:53:08 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 06 Feb 2007 - 05:53:15 GMT by hypermail 2.1.8