| Re: Running DRBD inside a VE? [message #9709 is a reply to message #9703] |
Thu, 18 January 2007 10:13   |
dev
Messages: 1693
Registered: September 2005
Location: Moscow
|
Senior Member |
|
|
drbr_ioctl() requires CAP_SYS_ADMIN capability:
+ if (!capable(CAP_SYS_ADMIN)
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {
you can:
1. add this cap to VE (insecure).
2. replace this if() in the code with
+ if (!capable(CAP_SYS_ADMIN) && !capable(CAP_VE_SYS_ADMIN) &&
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {
Thanks,
Kirill
Lars Kellogg-Stedman wrote:
> Is it possible to run DRBD inside a VE? The drbdsetup command is
> getting EPERM when trying to execute an ioctl on a disk device:
>
> open("/dev/shared0", O_RDWR) = 4
> fstat64(4, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> open("/dev/shared0", O_RDWR) = 5
> fstat64(5, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> ioctl(3, 0x40204406, 0xbfeaacb0) = -1 EPERM (Operation not permitted)
>
> (/dev/shared0 is actually an LVM block device. The VE has read/write
> permissions to this device, and I can successfully create a filesystem
> on and mount the device itself)
>
> Thanks,
>
> -- Lars
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
