| 
		
			| [answered] Dbus inside VE [message #34569] | Mon, 19 January 2009 03:59  |  
			| 
				
				
					|  n00b_admin Messages: 77
 Registered: July 2006
 Location: Romania
 | Member |  |  |  
	| Hello, 
 I'm having a problem running dbus inside a CentOS 5 VE.
 
 The service fails to start without logging any error messages.
 
 If I try to start it from the command line by running:
 
 dbus-daemon --system --nofork
 
 I receive the following output:
 
 Failed to start message bus: Failed to drop capabilities
 
 Using a CentOS 4 template, the service starts without problems.
 
 Any advice would be much appreciated. Thank you.
 [Updated on: Mon, 19 January 2009 10:27] by Moderator Report message to a moderator |  
	|  |  | 
	|  | 
	|  | 
	| 
		
			| Re: [answered] Dbus inside VE [message #34593 is a reply to message #34589] | Mon, 19 January 2009 15:03   |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hi. 
 
 | Quote: |  | If i understand correctly, i require to add the "CAP_AUDIT" capability to the VE to make dbus work correctly ?
 
 Can i add auditing support in the kernel without breaking anything ?
 
 Is it at least related ?
 
 | 
 
 Yes, it's related. Yes, adding  "CAP_AUDIT" into the Container could make dbus happy but it's not so easy. This capability is used for other needs by OVZ code thus simple providing this capability to the Container will create a big security whole on your node...
 
 --
 Konstantin
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  | 
	|  | 
	| 
		
			| Re: [answered] Dbus inside VE [message #34601 is a reply to message #34596] | Mon, 19 January 2009 22:38   |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hi again. 
 | Quote: |  | 
 Capability CAP_AUDIT is unknown
 Bad parameter for --capability: CAP_AUDIT:on
 
 Can you please tell me the exact name of the capability required by dbus ?
 
 | 
 You tried the correct name - CAP_AUDIT, but the thing is "vzctl" knows nothing about this capability up to now.
 
 
 | Quote: |  | Is there some other way to add this capability ?
 
 | 
 i'm afraid in any case you'll have to get specially patched kernel and vzctl with new functionality added. Unfortunately at the moment both of them do not exist, but they definitely will be created.
 
 --
 Konstantin
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  | 
	|  | 
	| 
		
			| Re: [answered] Dbus inside VE [message #34626 is a reply to message #34623] | Thu, 22 January 2009 13:01   |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hi. 
 you are asking difficult questions.
  
 
 | Quote: |  | So, what i understand is that there is no support for running dbus in a VE at this moment ?
 
 | 
 If we are talking about RHEL5 Container running under RHEL5-based OpenVZ kernel - yes. But support for the dbus has been already added to the test kernels, so it will be available soon, may be even in several days.
 
 
 | Quote: |  | Then how can be explained that dbus works without problems in a CentOS 4 container ?
 
 It is VE template dependent ? Is it kernel dependent ?
 
 | 
 i can guess this is because that(older) version of dbus did not use AUDIT capability. But this is only my guess, i have not checked it.
 
 
 | Quote: |  | Can you suggest a workaround for running the ricci tool inside a VE without dbus ?
 
 Ricci is part of the RedHat Clustering Suite.
 
 | 
 Unfortunately i don't know any workarounds. i suggest you just to wait for several days and try again using the new OVZ kernel with support for dbus.
 BTW, please, share the results then about your attempts to configure RedHat Clustering Suite inside a Container, it may be quite interesting for many people.
 
 Hope to hear from you soon.
 
 --
 Konstantin
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  | 
	|  | 
	| 
		
			| Re: [answered] Dbus inside VE [message #34635 is a reply to message #34633] | Thu, 22 January 2009 16:32   |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hello. 
 
 | Quote: |  | Can you tell me for which kernel versions this capability will be available ?
 
 | 
 2.6.18-028stab060.2 RHEL5-based
 
 --
 Konstantin
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  | 
	|  | 
	|  | 
	|  | 
	| 
		
			| Re: [answered] Dbus inside VE [message #34731 is a reply to message #34730] | Thu, 29 January 2009 09:58  |  
			| 
				
				
					|  khorenko Messages: 533
 Registered: January 2006
 Location: Moscow, Russia
 | Senior Member |  |  |  
	| Hi, 
 please, file a feature request on this matter to the bugzilla, thus you can be sure this issue won't be lost in forum archive.
 But i cannot provide you any ETA when/if this will be implemented.
 
 --
 Konstantin
 
 If your problem is solved - please, report it!
 It's even more important than reporting the problem itself...
 |  
	|  |  |