About this list Date view Thread view Subject view Author view Attachment view

From: Paul Sladen (vserver_at_paul.sladen.org)
Date: Thu 10 Apr 2003 - 15:20:00 BST


On Thu, 10 Apr 2003, Alexander Alexandrov wrote:
> Inside the vserver i can read any block device such as /dev/hd*.
> I can't mount, but can do

If you don't want the vserver to have direct access to `/dev/foo' then don't
create it in the vserver!!!

One of the things we do is disable the capability to create new device nodes
*within* the vserver context, meaning that the vserver only has access to
the ones that are already in its `/dev/' directory.

Something like:

  /dev/full
  /dev/null
  /dev/ptmx
  /dev/random
  /dev/tty
  /dev/urandom
  /dev/zero

and the dynamic `/dev/pts' tree.

        -Paul

-- 
War is inconsistent with Truth.  Nottingham, GB


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 22 Apr 2003 - 18:41:46 BST by hypermail 2.1.3