From: Eric Estabrooks (eric_at_urbanrage.com)
Date: Mon 14 Apr 2003 - 18:50:56 BST

• Previous message: Georg Glas: "Re: [vserver] CAP_SYS_RAWIO"
• In reply to: Georg Glas: "Re: [vserver] CAP_SYS_RAWIO"

Georg Glas wrote:

>Am Montag, 14. April 2003 17:31 schrieben Sie:
>
>
>>I'd like to use the CAP_SYS_RAWIO capability. I would be using it for
>>iopl access so I can run an xserver from a virtual server. Does adding
>>this capability open security issues or allow bypassing of the virtual
>>server?
>>
>>
> .. why not run the X Server on the master (or another computer) and use the
>vserver as xdmcp server .. works well here ...
>
>
>
>
In this particular case another computer isn't an option and I didn't
want to run it on the master because I didn't want to have any
interaction between master and virtual server directly, as in the master
wouldn't be running any services that the virtual server would use/have
access to.

Basically it's a box where the master watches for attacks against the
virtual and checks/maintains the integrity of the virtual server. The
virtual server then provides all the external services including the X
interface for the gui portion. An example of the use for this box would
be a kiosk.

Eric

• application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature

• Previous message: Georg Glas: "Re: [vserver] CAP_SYS_RAWIO"
• In reply to: Georg Glas: "Re: [vserver] CAP_SYS_RAWIO"