From: Enrico Scholz (enrico.scholz_at_sigma-chemnitz.de)
Date: Mon 24 Nov 2003 - 14:03:24 GMT
bert.devuyst_at_intec.UGent.be (Bert De Vuyst) writes:
> After looking at the code of tool vrpm (part of vserver and util-vserver), I
> have some questions.
>
> 1. The location of /vservers is hardcoded in this tool.
Not in util-vserver. In stable branch, this value is set at ./configure time.
In alpha branch, this is /etc/vservers/<name>/vdir which is a (customizable)
symlink.
> 2. In case the vserver is not running, the script starts a new security
> context.
'vrpm' in util-vserver stable branch is completly broken (does not
differ between host and vserver rpmdb format) and insecure (enters
already running context, relies on data from this context, does
not work with chmod 000 barrier).
The alpha branch solves these problems by:
* allowing to run a customizable rpm-program
* holding the rpmdb outside of vserver
* executing cpio-part in host-ctx and using an LD_PRELOAD wrapper
for execve()'ing the rpm %scriptlets in a context
> Correct me if I'm wrong, but I think it's not a good idea.
> Why? Some people have a backup of there vservers on a spare machine in case
> there serverhardware fails. If they run vrpm on the spare machine, vrpm will
> startup the vservers to update the packages.
No, 'vrpm' creates a new context without doing any ip configuration.
Enrico
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver