From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Thu 10 Apr 2003 - 15:20:00 BST
On Thu, 10 Apr 2003, Alexander Alexandrov wrote:
> Inside the vserver i can read any block device such as /dev/hd*.
> I can't mount, but can do
If you don't want the vserver to have direct access to `/dev/foo' then don't
create it in the vserver!!!
One of the things we do is disable the capability to create new device nodes
*within* the vserver context, meaning that the vserver only has access to
the ones that are already in its `/dev/' directory.
and the dynamic `/dev/pts' tree.
-- War is inconsistent with Truth. Nottingham, GB