From: Matthew Ayres (matta_at_kindhosts.com)
Date: Fri 18 Apr 2003 - 22:09:10 BST
I have a question about the CAP_NET_ADMIN capability being used. Does
anyone else consider this a possible security issue?
Does using this patch limit the capabilities of CAP_NET_ADMIN within a
vserver to only the settings for within that vserver?
Additionally, a versioning system would be nice for the 'releases'. Even if
just boring old 1.0, 2.0, etc.
-- Thanks, Matt
> -----Original Message----- > From: Lyashkov Alex [mailto:shadow_at_itt.net.ru] > Sent: Sunday, April 13, 2003 6:13 PM > To: vserver_at_solucorp.qc.ca > Subject: [vserver] new version vserver for RH released > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hello All > > After testing I release new version patch for RH kernels. > Changes > 1) added separate network device for host and virtual servers > 2) added separate routing tables per virtual servers > 3) added separate iptables per virtual serveres > > For activate this addition you must add > S_CAPS="CAP_NET_RAW CAP_NET_ADMIN" in vserver config file and use changed > vserver script. > Example added nework device: > > IPROOT="eth1(eth0):192.168.1.3/24" > where > eth1 - name in network device in virtual server > eth0 - name parent network device - in context 0. > 192.168.1.3/24 - ip address which allow use on this interface. > if you can use more one adresses on one interface you can separete it with > ',". > > This patch must use with vserver tools (from vserver-xxx.rpm) but not need > original vserver patch. > > Patch uploaded to www.ttn.ru/~shadow/ > - -- > With best regards, > Alex > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE+meD4NBWB3yw8ZqcRAmAZAJ9RJ0X5i1/oU6+XwUt1cH8nhQjzXwCeLRic > ITxbITKNFuTtdyKiSvMgwYI= > =voKH > -----END PGP SIGNATURE----- >