From: Enrico Scholz (enrico.scholz_at_informatik.tu-chemnitz.de)
Date: Wed 16 Jul 2003 - 21:39:14 BST
Hello,
I have uploaded a vserver-wrapper for rpm to
http://www.tu-chemnitz.de/~ensc/vserver/vrpm
With this implementation, it is possible to
* run 'rpm' on the host-system, and
* keep the 0000 mode of the /vservers directory, and
* unpackage block/character files (mknod), and
* run scriptlets with lowered capabilities in the vserver-ctx
This is done by LD_PRELOAD'ing a special library which overloads the
execv() function.
The software can be used in a way like:
| # CUR_VSERVER=foobar vrpm-wrap -Uvh package.rpm
A problem with the current version is that I have not figured out which
capabilities are really needed; currently I am dropping all, but it can
be fixed by adjusting the RPM_FAKE_CAP environment variable.
This wrapper is designed to be used by an apt-get wrapper available at
http://www.tu-chemnitz.de/~ensc/vserver/vapt-get
This 'vapt-get' can be used e.g. as
| # vapt-get <vserver>* -- install <package>*
(vapt-get works only with rpm; I do not know enough about Debian to
provide a dpkg version)
Enrico