OpenVZ Forum


Home » General » Support » Unable to set capability: Operation not permitted
Unable to set capability: Operation not permitted [message #15525] Fri, 03 August 2007 08:43 Go to next message
Emitkins is currently offline  Emitkins
Messages: 7
Registered: February 2006
Junior Member
i have done many installs of openvp prior to this however on this new server i get.
[root@n3 vz]# vzctl start 1003
Starting VE ...
VE is mounted
Unable to set capability: Operation not permitted
Unable to set capability
VE start failed
VE is unmounted

what woud be the capabiliy it cannot set? i have looked and quota's are off system wide.

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15542 is a reply to message #15525] Sat, 04 August 2007 20:20 Go to previous messageGo to next message
rickb is currently offline  rickb
Messages: 368
Registered: October 2006
Senior Member
show us your veid.conf

Rick

-------------
Common Terms I post with: http://wiki.openvz.org/Category:Definitions

UBC. Learn it, love it, live it: http://wiki.openvz.org/Proc/user_beancounters

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15543 is a reply to message #15542] Sat, 04 August 2007 22:22 Go to previous messageGo to next message
Emitkins is currently offline  Emitkins
Messages: 7
Registered: February 2006
Junior Member
# Copyright (C) 2000-2007 SWsoft. All rights reserved.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

ONBOOT="no"

# UBC parameters (in form of barrier:limit)
# Primary parameters
AVNUMPROC="40:40"
NUMPROC="65:65"
NUMTCPSOCK="80:80"
NUMOTHERSOCK="80:80"
VMGUARPAGES="6144:147483647"
# Secondary parameters
KMEMSIZE="2752512:2936012"
TCPSNDBUF="319488:524288"
TCPRCVBUF="319488:524288"
OTHERSOCKBUF="132096:336896"
DGRAMRCVBUF="132096:132096"
OOMGUARPAGES="6144:147483647"
# Auxiliary parameters
LOCKEDPAGES="32:32"
SHMPAGES="8192:8192"
PRIVVMPAGES="49152:53575"
NUMFILE="2048:2048"
NUMFLOCK="100:110"
NUMPTY="16:16"
NUMSIGINFO="256:256"
DCACHESIZE="1048576:1097728"

PHYSPAGES="0:2147483647"
NUMIPTENT="128:128"

# Disk quota parameters (in form of softlimit:hardlimit)
DISKSPACE="1048576:1153434"
DISKINODES="200000:220000"
QUOTATIME="0"

# CPU fair sheduler parameter
CPUUNITS="1000"
VE_ROOT="/vz/root/$VEID"
VE_PRIVATE="/vz/private/$VEID"
OSTEMPLATE="centos-4-i386-default"
ORIGIN_SAMPLE="vps.basic"

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15570 is a reply to message #15525] Mon, 06 August 2007 08:13 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
Is it probably you have installed in VE0 some capability remover application (like lcap?)?

thank you,
Vasily Averin

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15580 is a reply to message #15570] Mon, 06 August 2007 11:38 Go to previous messageGo to next message
Emitkins is currently offline  Emitkins
Messages: 7
Registered: February 2006
Junior Member
This is new to me but here is the output of lcap

Current capabilities: 0xFFF7FEFF
0) *CAP_CHOWN 1) *CAP_DAC_OVERRIDE
2) *CAP_DAC_READ_SEARCH 3) *CAP_FOWNER
4) *CAP_FSETID 5) *CAP_KILL
6) *CAP_SETGID 7) *CAP_SETUID
Cool CAP_SETPCAP 9) *CAP_LINUX_IMMUTABLE
10) *CAP_NET_BIND_SERVICE 11) *CAP_NET_BROADCAST
12) *CAP_NET_ADMIN 13) *CAP_NET_RAW
14) *CAP_IPC_LOCK 15) *CAP_IPC_OWNER
16) *CAP_SYS_MODULE 17) *CAP_SYS_RAWIO
18) *CAP_SYS_CHROOT 19) CAP_SYS_PTRACE
20) *CAP_SYS_PACCT 21) *CAP_SYS_ADMIN
22) *CAP_SYS_BOOT 23) *CAP_SYS_NICE
24) *CAP_SYS_RESOURCE 25) *CAP_SYS_TIME
26) *CAP_SYS_TTY_CONFIG 27) *CAP_MKNOD
28) *CAP_LEASE
* = Capabilities currently allowed

any more help for this?

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15581 is a reply to message #15580] Mon, 06 August 2007 12:17 Go to previous messageGo to next message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
I mean you should _not_ use lcap on your node. Lcap does not allow virtuozzo to manage capabilities properly. For example it removes CAP_SETPCAP capability and therefore VE0 admin is not able to set capabilities required for VE and it leads to "Unable to set capability" messages.

Report message to a moderator

Re: Unable to set capability: Operation not permitted [message #15594 is a reply to message #15581] Mon, 06 August 2007 19:44 Go to previous message
Emitkins is currently offline  Emitkins
Messages: 7
Registered: February 2006
Junior Member
perfect I removed lcap and rebooted the machine and now everything is fine.
Good show and thankyou, i tried just to remove the one capablity but it failed then as well.
thx for your help Cool

Report message to a moderator

Previous Topic: dcache accounting
Next Topic: Problem with language settings in a VE
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Wed Jul 17 16:19:45 GMT 2024

Total time taken to generate the page: 0.02755 seconds
Powered by FUDforum Powered by Virtuozzo Containers