From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Sun, 26 Sep 2010 23:21:08 +0200 From: frank@inua.be To: 9fans@9fans.net Message-ID: <20100926212108.GA20262@chiron.galaxy> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: [9fans] playing with namespaces Topicbox-Message-UUID: 5b095ecc-ead6-11e9-9d60-3106f5b1d025 Hi, While setting up a diskless auth (only) server, that boots from a cpu/file server, I decided to take a closer look at namespaces because I wanted to keep the cpu/file server functionality separate from the auth server functionality (i.o.w. share the common stuff, separate the differences). More specifically, I decided to move the auth server specific functionality, which I had initially enabled on the fileserver itself (e.g. /rc/bin/service.auth/tcp567) to the auth host specific configuration (/cfg/). The first step in doing this, was to setup all auth specific things in the cpustart script of the auth host: - I copied /rc/bin/service.auth to /cfg//slash and enabled tcp567 and then added a bind -b of that directory to the original /rc/bin/service.auth. - I also moved startup of keyfs, cron and the listeners for /rc/bin/service.auth and /rc/bin/service to the cpustart script. With this, the auth server was separated from the cpu/file server. Then however, I started to look at netstat -n and ps | grep -i listen's output and noticed a lot of services, most of which I wanted to disable (on the auth server only for now). My first take at it: - I copied /rc/bin/service to /cfg//slash, disabled most of the services and added a bind to replace the original /rc/bin/sesrvice directory. - However, I found out that, even though /rc/bin/service showed those services as being disabled, netstat and ps still showed them as being enabled. - A closer look at /rc/bin/cpurc and re-reading man 8 listen indicated that those services were actually run as user none and with /lib/namespace as default. Thus, in /rc/bin/cpurc, aux/listen is executed before cpustart and runs as user none with namespace /lib/namespace; changing the namespace in cpustart is too late, doing it in cpurc should be ok but proved not to be... No idea why not? My second take at it: I then found out that /lib/namespace sources /cfg/$sysname/namespace. After adding the bind to disable the startup of unnecessary services, the output of netstat and ps looked fine. As this looked much cleaner, I then also moved the bind for /rc/bin/service.auth to /cfg//namespace but this did not work. The directory with tcp567 enabled was not bound and so aux/listen in cpustart did not start the listener on port 567. I tried to find out where the initial namespace was actually setup and from my understanding, the sequence is as follows: boot -> init -c -> namespace -> cpurc so the modified directory (with tcp567 enabled) should have been visible. What am I missing here? Kind regards, -- Frank Lenaerts ---------------------------------------- frank@inua.be