From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 10 Jan 2004 - 21:58:14 GMT
On Sat, Jan 10, 2004 at 09:37:16PM +0000, Rus Foster wrote:
> Hi,
> We are looking at retrying vserver for our VPS business instead of User
> Mode Linux (or a combination). Last time we reviewed it there were a few
> issues that made vserver uncompetative and I wondered if they had been
> "fixed"
>
> For us we found
>
> 1) Couldn't ping inside a vserver and is CAP_NET_RAW was enabled other
> vserver could tcpdump the traffic
>
> 2) IP-Tables didn't work out of the box
>
> 3) /proc/mounts wasn't virtualised.
>
> Have these been fixed in the latest releases?
no, for several reasons:
1) ping is bad (because it actually requires CAP_NET_RAW),
and there is tracepath, which works inside a vserver
without requiring this capability ...
2) iptables need a virtualized network stack, which isn't
done yet for linux-vserver, freevps support that IIRC
3) there are some options for /proc/mounts
a) you can remove the entire /proc/mounts
(most tools work with this setup)
b) you can enable a 'fake' /proc/mounts
c) wait for the next few releases, they will
probably allow you to modify the visibility
of /proc entries in general ...
HTH,
Herbert
> Thanks
>
> Rus
>
> --
> e: support_at_vpscolo.com
> t: 1-888-327-6330
> www.jvds.com - Root on your own box
> www.vpscolo.com - Your next hosting company
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver