About this list Date view Thread view Subject view Author view Attachment view

From: Dariush Pietrzak (eyck_at_ghost.anime.pl)
Date: Sun 07 Dec 2003 - 14:26:28 GMT


> > That's not really wise, what about that want to use block devices?
> They can set CAP_SYS_BLOCK_ACCESS
 So there IS such CAP? As I already said - that would be great, and that
would be correct place to put that.

> > wouldn't that need access to your block devices?
>
> *sigh* not the vserver. The root server would, and i dont want to
> restrict that. The idea is just that the cdrom contains a script that
> checks the harddisk for partitions, finds the "/" mounts it, checks
 Well.. locates all raid-disks, then all lvm partitions etc etc...,
then mounts all those correctly, THEN it replaces all daemons that use
block devices with it's own... ? Or am I missing something?
 And after you're done with all that, you need to replace all hotplug
modules with your own, so that if you attach your
cellphone/camera/usb-firewire harddisk it appears inside the vserver?

 BTW, do you have such CD ready? I'm in a process of modyfing knoppix for
similiar purposes, maybe I could just use your work?

> block access, and yet it would have all the /dev entries.
 isn't it easier to
mount -o bind /vservers/generic/dev /vservers/desktop/dev ?
This way you've got all the power to restrict your desktop, AND you're
killing few more birds with this stone ( when you're preparing /dev for
your vservers not only about block-devices you need to worry about,
/dev/mem for example is a character device. ).

regards,

-- 
Key fingerprint = 40D0 9FFB 9939 7320 8294  05E0 BCC7 02C4 75CC 50D9
Namagumi namagomi namagoroshi
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 07 Dec 2003 - 14:28:25 GMT by hypermail 2.1.3