OpenVZ Forum


Home » General » Support » *SOLVED* VE capabilies
*SOLVED* VE capabilies [message #11641] Fri, 30 March 2007 11:07 Go to next message
dagr is currently offline  dagr
Messages: 83
Registered: February 2006
Member
How can i see the current list of capabilities of VE?
And where can i find description what are they for - couldnt find in wiki. 

You can  use  the  following  values  for  capname:  chown,
dac_override,  dac_read_search,  fowner, fsetid, kill, set-
gid, setuid,  setpcap,  linux_immutable,  net_bind_service,
net_broadcast,  net_admin,  net_raw,  ipc_lock,  ipc_owner,
sys_module, sys_rawio, sys_chroot,  sys_ptrace,  sys_pacct,
sys_admin,   sys_boot,  sys_nice,  sys_resource,  sys_time,
sys_tty_config, mknod, lease, setveid, ve_admin.

[Updated on: Wed, 04 April 2007 12:21] by Moderator

Report message to a moderator

Re: VE capabilies [message #11642 is a reply to message #11641] Fri, 30 March 2007 11:53 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Hello,

well, you can obtain information about what capabilities are on by inspecting /proc/<pid>/status file of any process in VE. For example:
[root@white ~]# vzctl enter 1
entered into VE 1
[root@white /]# cat /proc/1/status
Name:   init.real
State:  S (sleeping)
SleepAVG:       98%
Tgid:   1
Pid:    1
PPid:   0
TracerPid:      0
FNid:   1
Uid:    0       0       0       0
Gid:    0       0       0       0
FDSize: 256
Groups: 0 1 2 3 4 6 10
envID:  1
VPid:   1
PNState:        0
StopState:      0
VmPeak:     1628 kB
VmSize:     1624 kB
VmLck:         0 kB
VmHWM:       600 kB
VmRSS:       600 kB
VmData:      184 kB
VmStk:        16 kB
VmExe:        28 kB
VmLib:      1360 kB
VmPTE:        16 kB
Threads:        1
SigQ:   0/36864
SigPnd: 0000000000000000
ShdPnd: 0000000000000000
SigBlk: 0000000000000000
SigIgn: fffffffe57f0d8fc
SigCgt: 00000000280b2603
SigSvd: 0000000000000000
CapInh: 000000005dcceeff
CapPrm: 000000005dcceeff
CapEff: 000000005dcceeff
TaskUB: 1
MMUB:   1

This part concerns capabilities:
CapInh: 000000005dcceeff
CapPrm: 000000005dcceeff
CapEff: 000000005dcceeff

The only question is how to translate these digits into something more meaningful? Smile Well, you can dig in kernel sources and investigate it. You can even write a tool (or kernel patch), that will extract needed information to VE0. Then we'll include it in OpenVZ Smile

Vasily

Report message to a moderator

Re: VE capabilies [message #11643 is a reply to message #11642] Fri, 30 March 2007 12:08 Go to previous messageGo to next message
dagr is currently offline  dagr
Messages: 83
Registered: February 2006
Member
very strange - you give tool to set/unset property. At the same time nobody can say, if this property was set before . Not saying about unclear meaning . For instance "ve_admin" - can it give some more features to VE, or is it set already by default ? Quite confusing to find it in man vzctl and nowhere else.

Report message to a moderator

Re: VE capabilies [message #11644 is a reply to message #11643] Fri, 30 March 2007 12:14 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
I agree, it is a big field for work, but this functionality (I mean adding/removing capabilities to VE) is utilized very seldom and this is the reason why nobody has tried to implement it.

Report message to a moderator

Re: VE capabilies [message #11645 is a reply to message #11644] Fri, 30 March 2007 12:52 Go to previous messageGo to next message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member
Maybe its possbile to virtualize the /proc/sys/kernel/cap-bound to VE so the program lcap can show the used capabilites ?

Report message to a moderator

Re: VE capabilies [message #11646 is a reply to message #11645] Fri, 30 March 2007 13:55 Go to previous messageGo to next message
Vasily Tarasov is currently offline  Vasily Tarasov
Messages: 1345
Registered: January 2006
Senior Member
Good idea! For me it seems to be a very good solution. Can you post a bug in bugzilla about it?

Thanks,
Vasily.

Report message to a moderator

Re: VE capabilies [message #11647 is a reply to message #11646] Fri, 30 March 2007 14:13 Go to previous message
curx
Messages: 739
Registered: February 2006
Location: Nürnberg, Germany
Senior Member
done, http://bugzilla.openvz.org/show_bug.cgi?id=524

Report message to a moderator

Previous Topic: *SOLVED* Plesk 7.5 user - what happens at disk quota limit?
Next Topic: *CLOSED* Init running problem, pls help me
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sat Nov 16 08:47:54 GMT 2024

Total time taken to generate the page: 0.03284 seconds
Powered by FUDforum Powered by Virtuozzo Containers