Hello, Craig Sanders wrote (14 Dec 2007 23:48:20 GMT) : > On Fri, Dec 14, 2007 at 12:35:42PM +0100, [EMAIL PROTECTED] wrote: >> when installed inside a VServer (http://linux-vserver.org), the use of >> ionice in /etc/cron.daily/dlocate fails, and prints to stderr: >> ioprio_set: Operation not permitted >> >> Suggestion: ionice use could be toggled for example in >> /etc/default/dlocate, couldn???t it ?
> what version of the kernel are you running in vserver? A VServer is just a special chroot type, only *one* kernel runs on the machine; so: no kernel is running inside a VServer. > the ionice(1) man page says: > Linux supports io scheduling priorities and classes since 2.6.13 > with the CFQ io scheduler. > i.e. is this a complete incompatibility between ionice and vserver > (in which case, the bug should be filed against ionice's package > util-linux), or is it due to the kernel version and/or kernel > compile-time options (i.e. no CFQ scheduler) that you're running? This is Linux 2.6.22.14, with CFQ scheduler built in the kernel, and enabled by default (ie. CONFIG_DEFAULT_IOSCHED="cfq"). ionice works well outside the VServers, I use it myself for other tasks. Then it is not due to the kernel. On the other hand, I don’t consider this as a ionice bug: ionice purpose being to set a program’s IO priority, it’s quite normal it outputs an error message on stderr when it is denied to do its job (be it because of grsecurity, VServer, SE-Linux or whatever way to restrict root processes capabilities). That’s why I still consider this as a dlocate bug (and locate: see #456291). But, well, I can also understand another point of view: dlocate’s cronjob runs as root, and thus assumes it is allowed to do anything. The question is: can we still assume such things are true when SE Linux, grsecurity, VServer, etc. get more and more used? Anyway, the dlocate DB gets updated, and the only problem is a daily email with a boring error message, for every VServer I’m running... so I would not mind seeing this bug downgraded to wishlist or minor severity. On the other hand, people running dozens or hundreds VServers in mass-hosting environments will probably mind a bit more than I do. Bye, -- intrigeri <[EMAIL PROTECTED]> | gnupg key @ http://intrigeri.boum.org/intrigeri.asc | So what?
