From: Christian Mayrhuber (christian.mayrhuber_at_gmx.net)
Date: Sun 13 Apr 2003 - 10:55:15 BST
Am Sonntag, 13. April 2003 08:33 schrieben Sie:
> linux 2.4.20ctx-17 kernel, debian testing distribution.
> I mounted devfs so that my virtual server would have devices and was
> able to /sbin/halt in my verser and shutdown the whole box. I have no
> extra capabilities listed in the vserver config.
> Any ideas on how prevent this? Not having /dev/initctl would stop it,
> but then I can't use devfs in the virtual server which isn't the end of
> the world, but it would be nicer to be able to use it.
Do not mount devfs in a virtual server, because you will loose all security.
As far I know, only the following devices are safe:
full log null ptmx pts random tty urandom xconsole zero
-- lg, Chris