From: Jon Bendtsen (jon707_at_kollegiegaarden.dk)
Date: Fri 05 Dec 2003 - 11:50:52 GMT
On Friday 05 December 2003 12:41, Dariush Pietrzak wrote:
> and it should look roughly similiar in most vservers. You should
> use vserver-utils for creating vservers, I use
> debian-newvserver.sh, try vserver-copy etc..
> Maybe it's shocking but security in vserver is based on not giving
> access to /dev nodes -> 1) dangerous devs are removed from /dev, 2)
> mount syscall is blocked 3) mknod is blocked. This is rougly
> similiar to security on unix. ( If you could create your own
> devnodes, or mount filesystems you could easily get full access to
> the system ).
Why does a vserver need access to block devices?
Vserver mailing list