[Users] Running DRBD inside a VE?

Kirill Korotaev dev at sw.ru
Thu Jan 18 05:22:03 EST 2007


drbr_ioctl() requires CAP_SYS_ADMIN capability:

+       if (!capable(CAP_SYS_ADMIN)
+           && cmd != DRBD_IOCTL_GET_CONFIG
+           && cmd != DRBD_IOCTL_GET_VERSION) {

you can:
1. add this cap to VE (insecure).
2. replace this if() in the code with 

+       if (!capable(CAP_SYS_ADMIN) && !capable(CAP_VE_SYS_ADMIN) &&
+           && cmd != DRBD_IOCTL_GET_CONFIG
+           && cmd != DRBD_IOCTL_GET_VERSION) {

Thanks,
Kirill

Lars Kellogg-Stedman wrote:
> Is it possible to run DRBD inside a VE?  The drbdsetup command is
> getting EPERM when trying to execute an ioctl on a disk device:
> 
>   open("/dev/shared0", O_RDWR)            = 4
>   fstat64(4, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
>   open("/dev/shared0", O_RDWR)            = 5
>   fstat64(5, {st_mode=S_IFBLK|0644, st_rdev=makedev(253, 7), ...}) = 0
>   ioctl(3, 0x40204406, 0xbfeaacb0)        = -1 EPERM (Operation not permitted)
> 
> (/dev/shared0 is actually an LVM block device.  The VE has read/write
> permissions to this device, and I can successfully create a filesystem
> on and mount the device itself)
> 
> Thanks,
> 
> -- Lars
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
> 



More information about the Users mailing list