From: Linas Vepstas (linas_at_linas.org)
Date: Thu 06 Nov 2003 - 18:27:38 GMT
On Thu, Nov 06, 2003 at 04:28:55AM +0100, Herbert Poetzl was heard to remark:
> On Wed, Nov 05, 2003 at 01:15:28PM -0600, Linas Vepstas wrote:
> > I was exploring using some of the vserver features without going "all the way"
> > and using vservers. To do this, it's become clear to me that a set of tools
> > that are easier to use/better than setpcap/getpcap are needed. Is there
> > anyone working on such a thing?
> hmm, what do you have in mind?
Well, I found the output of getpcap cryptic, and was unable to Google up
any documentation that was 'adequate'.
As to using vservers without 'going all the way', I was just playing
with the various 'levels' in between: e.g. running bind9:
-- start bind9, let it chroot
-- use setpcap, take way chroot and other privs,
-- use context setting tool, make sure bind can no longer see other processes.
I dunno. Maybe in the end, there no difference/not a lot of differnce
between doing this and creating true virtual servers... I'm just playing
with alternate approaches.
> vserver ppc64 patches? right this way ;)
> are you able/willing to test on that platform?
yes, a little bit as time permits...
-- pub 1024D/01045933 2001-02-01 Linas Vepstas (Labas!) <linas_at_linas.org> PGP Key fingerprint = 8305 2521 6000 0B5E 8984 3F54 64A9 9A82 0104 5933 _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver