From: Alex Lyashkov (shadow_at_psoft.net)
Date: Wed 08 Oct 2003 - 13:24:04 BST
On Wednesday 08 October 2003 08:01, Jacques Gelinas wrote:
> On Tue, 7 Oct 2003 07:50:03 -0500, Alex Lyashkov wrote
> > On Tuesday 07 October 2003 03:34, Jacques Gelinas wrote:
> > > Using this new system call, chmod 000 is not needed anymore and we can
> > > support vservers inside vservers.
> > why don`t use private namespace ?
> How does it work ?
hm.. see file fs/namespace.c in kernel home.
in 2.4 and above all tasks have structure "namespace" where pointed rootdir
and root vfs. calling chroot you can change pointer for root dir but not
change root vfs.
for create unbreakable chroot you must create namespace structure for context
and migrate task to his.
if you create new vfs struct with root on vps home dir (you can use clone_mnt
function) all check for root directory be finished on it point.
for detailed info see functions:
chroot_fs_refs, sys_pivot_root, init_mount_tree, clone_mnt, copy_namespace,
i see Herbert treed direct use call do_fork with CLONE_NEWNS flags and change
root with sys_pivot_root, but have problem with opened dynamics librares.
i create and fill namespace y itself (withoit using CLONE_NEWNS) and added
function for migrate files\task to created namespace. It`s allow for me added
permit for use mount inside vps, without security problems. if you have you
can see it on my snapshot on www.freevps.com/download/snapshot/
(psoft registered this domain for me)
2Herbert you do try compile chcontext as static binary and remove use nice on
start vps ?
-- With best regards, Alex