Il 16.01.2012 23:43 Daniel Hokka Zakrisson ha scritto:
> Roberto Puzzanghera wrote:
>>>> <snip>
>>>> Unfortunately, while apparently inode tagging and disk limits
>>>> were working fine, I observed that when I bind mount a host
>>>> directory inside a running guest I lose all read priviledges
>>>> related to *newly* created files (I mean files created *after*
>>>> the inode tagging).
>>>
>>> hmm? not sure what you are trying to tell us here ...
>>
>> I am mounting a host's directory inside the guest as follows inside
>> fstab
>>
>> /vservers/test2/usr/local/shared_dir /shared none bind 0 0
>>
>> When I create a new file inside /vservers/test2/usr/local/shared_dir
>> I
>> don't have the read priviledges inside the guest.
>
> "The guest" referring to a guest other than test2, right?
yes. This happens with all the guests, regardless of the fact that the
2 guests have been tagged or not.
>
>>>> I solved simply rebooting without the tag mount flag. And the
>>>> shared files, created with the tag flag on, now have strange
>>>> owners:
>>>
>>>> -rw-r--r-- 1 50333648 3892314192 6 Jan 15 16:41 test.html
>>>
>>> which is the expected result with your tagging (ID24)
>>> i.e. the upper uid/gid bits have been used for storing
>>> the xid, for example, 50333648 = 30007D0(hex) which
>>> is 0x03 (xid part) and 0x7D0 (uid part), similar for
>>> the gid ...
>>>
>>> the best way to 'fix' this is to turn tagging back on
>>> and the remove the xid from all affected files. after
>>> that you can turn it off and all uid/gid will be fine
>>
>> Thanks, but I have already solved manually.
>>
>> Anyway, it's not clear to me if is there a chance to have both tags
>> and
>> bind mount working..
>
> There is. Depending on what it is you want to achieve, you have two
> ways to go about it. Number one is the option notagcheck, which
> tags all files, but doesn't use tags as an access restriction. This
> is what you want if you still want to have disk limits apply to the
> two guests separately.
Actually I don't have to apply the disk limits and 'bind mounts' to the
same context.
>
> Number two is setting the two guests to use the same tag. That would
> mean you can't limit them separately, but you can still use tags
> for access restrictions between those guests and others. This would
> be accomplished by setting /etc/vservers/<guest>/tag to the same
> value (e.g. one of the xids).
the first one sounds much simple. If I have understood correctly, the
'notagcheck' has to be used in conjunction with the 'bind' option,
right?
Thank you, best regards
Roberto Puzzanghera
Received on Tue Jan 17 09:00:44 2012