Hi,
I've just suffered this same issue with my vservers breaking. The
problem is your use of
mount -n --bind / /.root
By default, vservers have no capabilities and so this call fails with
"Permission denied". The only solution I came across was to restart the
vserver with CAP_SYS_ADMIN so that the mount call would succeed. Doing
this makes the vserver about as insecure as a normal non-vserver based
system. It's problematic though because it order to give it the
capability, you have to restart the vserver and with the initscripts in
chaos at the time, it's slightly worrying...
#
# Create /var/run and /var/lock on the root partition to make sure
# they are available if RAMRUN or RAMLOCK is enabled.
#
if dpkg --compare-versions "$PREV_VER" lt "2.86.ds1-22"
then
# We need to quickly bind / to another location so we can make
# them
# just in case /var is a mountpoint or a symlink to one.
mkdir /.root
mount -n --bind / /.root
mkdir -p /.root/var/run /.root/var/lock
umount /.root
rmdir /.root
fi
Is there anyway of achieving this without the use of mount? The other
problem is that having died at the mount call, you then have to work out
to rm -rf /.root before you can try reinstalling. Ideally, if you really
need mount to work, you should check for the presence of the necessary
capability and exit cleanly (preinit?).
Cheers,
Matthew
--
Matthew Sackman
BOFH excuse #68:
only available on a need to know basis
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
