OpenVZ Forum


Home » Mailing lists » Users » Running DRBD inside a VE?
Running DRBD inside a VE? [message #9703] Thu, 18 January 2007 02:13 Go to next message
larsks is currently offline  larsks
Messages: 3
Registered: January 2007
Junior Member
Is it possible to run DRBD inside a VE? The drbdsetup command is
getting EPERM when trying to execute an ioctl on a disk device:

open("/dev/shared0", O_RDWR) = 4
fstat64(4, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
open("/dev/shared0", O_RDWR) = 5
fstat64(5, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
ioctl(3, 0x40204406, 0xbfeaacb0) = -1 EPERM (Operation not permitted)

(/dev/shared0 is actually an LVM block device. The VE has read/write
permissions to this device, and I can successfully create a filesystem
on and mount the device itself)

Thanks,

-- Lars
Re: Running DRBD inside a VE? [message #9709 is a reply to message #9703] Thu, 18 January 2007 10:13 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

drbr_ioctl() requires CAP_SYS_ADMIN capability:

+ if (!capable(CAP_SYS_ADMIN)
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {

you can:
1. add this cap to VE (insecure).
2. replace this if() in the code with

+ if (!capable(CAP_SYS_ADMIN) && !capable(CAP_VE_SYS_ADMIN) &&
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {

Thanks,
Kirill

Lars Kellogg-Stedman wrote:
> Is it possible to run DRBD inside a VE? The drbdsetup command is
> getting EPERM when trying to execute an ioctl on a disk device:
>
> open("/dev/shared0", O_RDWR) = 4
> fstat64(4, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> open("/dev/shared0", O_RDWR) = 5
> fstat64(5, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> ioctl(3, 0x40204406, 0xbfeaacb0) = -1 EPERM (Operation not permitted)
>
> (/dev/shared0 is actually an LVM block device. The VE has read/write
> permissions to this device, and I can successfully create a filesystem
> on and mount the device itself)
>
> Thanks,
>
> -- Lars
Re: Running DRBD inside a VE? [message #9759 is a reply to message #9709] Fri, 19 January 2007 16:04 Go to previous message
larsks is currently offline  larsks
Messages: 3
Registered: January 2007
Junior Member
> 1. add this cap to VE (insecure).
> 2. replace this if() in the code with...

Kirill,

Thanks for the pointer. (1) works fine for me since I'm creating
development environments of which I'm the only user.

--
Lars Kellogg-Stedman <lars@larsshack.org>
Previous Topic: Modules iptables
Next Topic: Coming from virtuozzo
Goto Forum:
  


Current Time: Sat Oct 25 17:21:22 GMT 2025

Total time taken to generate the page: 0.07704 seconds