About this list Date view Thread view Subject view Author view Attachment view

From: Enrico Scholz (enrico.scholz_at_sigma-chemnitz.de)
Date: Mon 24 Nov 2003 - 14:03:24 GMT

bert.devuyst_at_intec.UGent.be (Bert De Vuyst) writes:

> After looking at the code of tool vrpm (part of vserver and util-vserver), I
> have some questions.
> 1. The location of /vservers is hardcoded in this tool.

Not in util-vserver. In stable branch, this value is set at ./configure time.
In alpha branch, this is /etc/vservers/<name>/vdir which is a (customizable)

> 2. In case the vserver is not running, the script starts a new security
> context.

'vrpm' in util-vserver stable branch is completly broken (does not
differ between host and vserver rpmdb format) and insecure (enters
already running context, relies on data from this context, does
not work with chmod 000 barrier).

The alpha branch solves these problems by:

* allowing to run a customizable rpm-program
* holding the rpmdb outside of vserver
* executing cpio-part in host-ctx and using an LD_PRELOAD wrapper
  for execve()'ing the rpm %scriptlets in a context

> Correct me if I'm wrong, but I think it's not a good idea.
> Why? Some people have a backup of there vservers on a spare machine in case
> there serverhardware fails. If they run vrpm on the spare machine, vrpm will
> startup the vservers to update the packages.

No, 'vrpm' creates a new context without doing any ip configuration.

Vserver mailing list

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 24 Nov 2003 - 14:05:29 GMT by hypermail 2.1.3