From: Jacques Gelinas (jack_at_solucorp.qc.ca)
Date: Thu 11 Jul 2002 - 11:37:36 BST
On Wed, 10 Jul 2002 22:29:58 -0500, Roderick A. Anderson wrote
> On Tue, 9 Jul 2002 shuri_at_linuxfriends.wox.org wrote:
>
> > i got a strange error when i do
> > chmod 000 /vservers/VSERVERNAME/..
>
> Why not just chmod 000 /vservers ?
>
> On my running system I see
>
> d--------- 7 root root 1024 Mar 20 00:27 vservers
>
> from the root directory
>
> and
>
> drwxr-xr-x 15 root root 4096 Jan 3 2002 cda
> drwxr-xr-x 15 root root 4096 Mar 19 23:22 rim
> drwxr-xr-x 15 root root 4096 Jan 3 2002 tux
>
> from the /vservers directory.
>
> I'd like to try your commands but don't want to mess with a working box
> and the test server is powered-down for hardware upgrades.
On a typical installation, there is a single volume / and /vservers lies in it.
So /vservers/cda/.. is indeed /vservers.
But if you are out of disk space, you may want to move cda to say
/disk2/vservers/cda and create a symlink /vservers/cda -> /disk4/vservers/cda.
By ensuring that /vservers/cda/.. is 000, we plug the chroot hole in all cases.
Now, I can't replicate this bug with ctx-12 and vserver 0.18.
Those who have the bug, can you tell us the directory layout you have. Is there
any symlink or something particular ?
---------------------------------------------------------
Jacques Gelinas <jack_at_solucorp.qc.ca>
vserver: run general purpose virtual servers on one box, full speed!
http://www.solucorp.qc.ca/miscprj/s_context.hc