From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 24 Nov 2003 - 14:26:31 GMT
On Mon, Nov 24, 2003 at 02:34:37PM +0100, Bert De Vuyst wrote:
> After looking at the code of tool vrpm (part of vserver and util-vserver), I
> have some questions.
> 1. The location of /vservers is hardcoded in this tool.
> I think it's at better idea use the option VSERVERS_ROOT=/vservers in this
> script and to use $VSERVERS_ROOT inside the script.
> In case of the vserver package by Jacques, the next lines
> if [ -f /etc/vservers.conf ] ; then
> source /etc/vservers.conf
> would be a usefull idea to set the $VSERVERS_ROOT.
> 2. In case the vserver is not running, the script starts a new security
> context. Correct me if I'm wrong, but I think it's not a good idea.
> Why? Some people have a backup of there vservers on a spare machine in case
> there serverhardware fails. If they run vrpm on the spare machine, vrpm will
> startup the vservers to update the packages. This can cause a problem as the
> IP-address of the vserver is in use by the vserver running on the master
> server, and you end up running 2 vservers using the same IP-address.
> I think it would be beter to use chroot to run rpm in case the vserver is
> Let me know if you think these suggestions are use full (or complete useless
judging by the effords enrico puts into the util-vserver
tools to make them secure ... and what I've seen so far
I would say your suggestions are useful, and they are/
will be available via util-vserver now/soon ...
> I don't want to flame people. It's just a idea to make vrpm a bit more idiot
keep up sending ideas, we really appreciate it ...
> Best regards,
> Vserver mailing list
Vserver mailing list