From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Sun 07 Dec 2003 - 14:26:28 GMT
> > That's not really wise, what about that want to use block devices?
> They can set CAP_SYS_BLOCK_ACCESS
So there IS such CAP? As I already said - that would be great, and that
would be correct place to put that.
> > wouldn't that need access to your block devices?
> *sigh* not the vserver. The root server would, and i dont want to
> restrict that. The idea is just that the cdrom contains a script that
> checks the harddisk for partitions, finds the "/" mounts it, checks
Well.. locates all raid-disks, then all lvm partitions etc etc...,
then mounts all those correctly, THEN it replaces all daemons that use
block devices with it's own... ? Or am I missing something?
And after you're done with all that, you need to replace all hotplug
modules with your own, so that if you attach your
cellphone/camera/usb-firewire harddisk it appears inside the vserver?
BTW, do you have such CD ready? I'm in a process of modyfing knoppix for
similiar purposes, maybe I could just use your work?
> block access, and yet it would have all the /dev entries.
isn't it easier to
mount -o bind /vservers/generic/dev /vservers/desktop/dev ?
This way you've got all the power to restrict your desktop, AND you're
killing few more birds with this stone ( when you're preparing /dev for
your vservers not only about block-devices you need to worry about,
/dev/mem for example is a character device. ).
-- Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9 Namagumi namagomi namagoroshi _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver