PLDWWW: Vserver
arekm
arekm at pld-linux.org
Wed Jun 25 12:56:17 CEST 2008
Author: arekm Date: Wed Jun 25 10:56:17 2008 GMT
Module: PLDWWW URL: http://www.pld-linux.org/Vserver?action=diff&rev2=113&rev1=112
---- Log message:
---- Page affected: Vserver
---- Diffs:
================================================================
Error while converting `root' to shadow account.
}}}
- There are two solutions for this. First enables setfcap capability (NOTE: it enables in guest much more than is needed by smack so consider security implications for that):
+ There are two solutions for this. First is to enable setfcap capability (NOTE: it enables in guest much more than is needed by smack, so seriously consider security implications for that!):
{{{
echo SETFCAP >> /etc/vservers/xyz/bcapabilities
}}}
- Second one is disabling SMACK if not needed. This can be done by using kernel boot command line option:
+ Second one is disabling SMACK entirely if not needed. This can be done by choosing other security module to be used by default (capability, selinux) using kernel boot command line option:
{{{
- security=FIXME
+ security=capability
}}}
+
+ Note: this option is available in vanilla kernels >= 2.6.26 and backported to PLD >= 2.6.25-3.
== Debian guest installation ==
More information about the pld-cvs-commit
mailing list