From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 11 Nov 2002 - 00:16:56 GMT
First, I must say that I am surprised, how many hits I
got on the LVM Quota HowTo pages I set up last week.
I think this shows, that there actually _IS_ some
interrest in getting quota to work with vservers.
Shortly after I wrote/published the HowTo, Paul Sladen
commented, that a major disadvantage of this approach
would be the raw device (filesystem) access ...
(funny that no one mentioned that before)
This raw device access is required to make the quotactl
system useable for the user-land tools (quota-tools),
and results (at least) in the following security hazards
- root can modify the root filesystem at low levels.
- root can create arbitrary device nodes, gaining access
to any physical resources (by modifying the fs)
- wiping out the mounted (root) filesystem will probably
give some fun with the kernel ...
Because I would face the same security issues on my
Context Quota support (and a few more), I thought, first
I'll find a solution for that issue, and then take the
next step ...
The basic idea was to provide some filtered quotactls
while blocking out everything else, which reminded me
of typical proxying. Unfortunately the quotactl is not
handled via the ioctl device interface, and so I had
to modify the dquot code in the kernel.
Okay, enough talk, if you are interested, take a look
at the NEW howto, try it out, and provide feedback.
I WOULD BE INTERESTED HOW MANY LIST MEMBERS ARE
ACTUALLY USING QUOTA AND/OR WANT TO USE IT IN THE FUTURE