From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 06 Dec 2003 - 15:25:49 GMT
On Sat, Dec 06, 2003 at 01:27:15PM +0100, Jon Bendtsen wrote:
> On Saturday 06 December 2003 13:08, Dariush Pietrzak wrote:
> > > > > Why does a vserver need access to block devices?
> > > >
> > > > Which vserver?
> > >
> > > All vservers. You just said that it was not a bug if there was a
> > > /dev
> > Why would you want all your vservers to access your block devices?
> No i dont, i want all vservers by default to be disallowed access to
> block devices, EVEN IF THERE IS A DEV ENTRY.
hmm, guess that isn't that easy to accomplish,
but I can have a look at the code, and think
about the possibilities ... maybe disallowing
an open for block devices could be sufficient
> > > Then i'm asking you... why does a vserver need access to a
> > > blockdevice?
> > Which vserver?!
> > If I want vserver to access blockdevices - I create entries in /dev
> > for it, if I don't - I don't.
> > I don't really get where the problem is - you wan't all your
> > vservers permanently banned from accessing block devices? Even if
> > you create those devices yourself especially for your vserver to
> > access them? Or what?
> Thats why you could have a CAP_BLOCK_ACCESS
maybe as per vserver capability, once we have
that system up and running, but the CAP_*
resources are scarce ... (30/32)
> Vserver mailing list
Vserver mailing list