[Users] Running DRBD inside a VE?
Kirill Korotaev
dev at sw.ru
Thu Jan 18 05:22:03 EST 2007
drbr_ioctl() requires CAP_SYS_ADMIN capability:
+ if (!capable(CAP_SYS_ADMIN)
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {
you can:
1. add this cap to VE (insecure).
2. replace this if() in the code with
+ if (!capable(CAP_SYS_ADMIN) && !capable(CAP_VE_SYS_ADMIN) &&
+ && cmd != DRBD_IOCTL_GET_CONFIG
+ && cmd != DRBD_IOCTL_GET_VERSION) {
Thanks,
Kirill
Lars Kellogg-Stedman wrote:
> Is it possible to run DRBD inside a VE? The drbdsetup command is
> getting EPERM when trying to execute an ioctl on a disk device:
>
> open("/dev/shared0", O_RDWR) = 4
> fstat64(4, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> open("/dev/shared0", O_RDWR) = 5
> fstat64(5, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
> ioctl(3, 0x40204406, 0xbfeaacb0) = -1 EPERM (Operation not permitted)
>
> (/dev/shared0 is actually an LVM block device. The VE has read/write
> permissions to this device, and I can successfully create a filesystem
> on and mount the device itself)
>
> Thanks,
>
> -- Lars
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
More information about the Users
mailing list