Re: [Vserver] [Release] Stable vs1.23 (improved security):
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
About this list Date view Thread view Subject view Author view Attachment view

From: Joey Esquibal (jaesquibal_at_meridiantelekoms.com)
Date: Mon 12 Jan 2004 - 08:36:21 GMT

Hi!

I have successfully installed the latest release including its tools but
I'm having problem stopping a vserver.

Basically, I have created on vserver. Let's name it vhost1, creation was
successful but when I am trying stop it using the tool

# vserver vhost1 stop
Stopping the virtual server vhost1
Server vhost1 is running
ipv4root is now 192.168.60.241
New security context is 3
Stopping sshd: [ OK ]
Shutting down sendmail: [ OK ]
Shutting down interface eth0:

It just stops at "Shutting down interface eth0:" for a long and nothing
happens.

Regards,

Joey Esquibal

On Mon, 2004-01-12 at 14:10, Herbert Poetzl wrote:
> Hello Community!
>
> hopefully the final bugfix release of the second
> linux-vserver stable release (1.23) is now
> available at
>
> http://www.13thfloor.at/vserver/s_release/v1.23/
>
> you can download an all-in-one patch for 2.4.24
> as well as tar archives of the splitup ...
> (patches for older kernels available on request)
>
> this release fixes another locking issue, this
> time within the /proc filesystem, and adds a very
> important security interface, to protect entries
> against unwanted access.
>
> older tools (especially tools for 1.22) should
> work but util-vserver-0.26 or later is recommended.
>
>
> new proc security feature:
>
> by using the vproc tool (provided in vproc-0.1.tar)
> it is now possible to limit the visibility of proc
> entries to either the host, the special context one,
> or both, according to your preference.
>
> note: by default all proc entries are visible and
> therefore accessible via read and write on all
> contexts, only restricted by the linux capability
> system, which is equivalent to the setup in all
> earlier versions.
>
> (using the entry meminfo as example)
>
> vproc /proc/meminfo (shows current visibility)
>
> vproc -d /proc/meminfo (hide in user context)
> vproc -D /proc/meminfo (hide in any context)
> vproc -E /proc/meminfo (show only in ctx one)
> vproc -e /proc/meminfo (default: visible)
>
> please make sure to disable dangerous entries
> which are not required in a vserver anyway, like
> hardware interfaces (ide,bus,pci,scsi) or kernel
> interfaces (kmem,iomem,ioports,sys,...)
>
> note: symbolic links and dynamically generated
> entries like /proc/<pid> can not be masked by this
> interface yet ...
>
> enjoy,
> Herbert
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
>

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 12 Jan 2004 - 08:37:45 GMT by hypermail 2.1.3