From: Jon Bendtsen (jon707_at_kollegiegaarden.dk)
Date: Sun 07 Dec 2003 - 14:49:44 GMT
On Sunday 07 December 2003 15:26, Dariush Pietrzak wrote:
> > > That's not really wise, what about that want to use block
> > > devices?
> > They can set CAP_SYS_BLOCK_ACCESS
> So there IS such CAP? As I already said - that would be great, and
> that would be correct place to put that.
no, but i would like one.
> > > wouldn't that need access to your block devices?
> > *sigh* not the vserver. The root server would, and i dont want to
> > restrict that. The idea is just that the cdrom contains a script
> > that checks the harddisk for partitions, finds the "/" mounts it,
> > checks
> Well.. locates all raid-disks, then all lvm partitions etc etc...,
> then mounts all those correctly, THEN it replaces all daemons that
> use block devices with it's own... ? Or am I missing something? And
> after you're done with all that, you need to replace all hotplug
> modules with your own, so that if you attach your
> cellphone/camera/usb-firewire harddisk it appears inside the
software raid and LVM are autodetected anyway.
name me a daemon that uses direct blockdevice acess
Modules might be a problem, but this was intented for servers, not
> BTW, do you have such CD ready? I'm in a process of modyfing
> knoppix for similiar purposes, maybe I could just use your work?
no, i dont have such a CD, it is just a vision.
> > block access, and yet it would have all the /dev entries.
> isn't it easier to
> mount -o bind /vservers/generic/dev /vservers/desktop/dev ?
> This way you've got all the power to restrict your desktop, AND
> you're killing few more birds with this stone ( when you're
> preparing /dev for your vservers not only about block-devices you
> need to worry about, /dev/mem for example is a character device. ).
the blockdevice was just an example because of the fdisk part.
And no, i had no intention of doing this for desktops.
Vserver mailing list