From: Enrico Scholz (enrico.scholz_at_informatik.tu-chemnitz.de)
Date: Fri 09 Jan 2004 - 00:55:56 GMT
grisha_at_ispol.com ("Gregory (Grisha) Trubetskoy") writes:
>> it 'seems' that the poster was worried about the
>> ability to sniff network packets from other vservers
>> on the same host, when inside a vserver.
> Could he have been referring to CAP_NET_RAW?
Regarding tasks which are requiring CAP_NET_RAW or other privileges, tools
like vserver-djinni can be solution. See  for a short description. This
tool requires alpha util-vserver, a recent C99 compiler and has still some
missing features (some parameter specifiers are not implemented yet, no
documentation). But it is full functionally for a buildsystem which needs
things like mounting within vservers.
Tool can be downloaded at  but it is not published officially because
of the named, uncommon requirements.
especially figure 3
Vserver mailing list