From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Wed 11 Feb 2004 - 10:52:11 GMT
On Wed, Feb 11, 2004 at 11:35:23AM +0100, Dariush Pietrzak wrote:
> Hmm, wouldn't correct solution be something like this:
> when server boots up, vserver utilities report to the kernel the inode
> number of vservers directory ( and possibly minor&major number of device on
> which it's sitting ), and the vserver barrier becomes
> checking the inode instead of some special-case of various volatile
> settings? That would require small change in userspace, but wouldn't it be
> worth the trouble?
we have a working BARRIER flag in 1.3.7, which, as
you said requires some change in userspace, but should
be secure, in near future, private namespaces will
replace the current chroot approach ...
> If so, what would be correct way to send vserver inode to kernel?
> echo "1245334" > /proc/sys/verver-inode ?
might be an appropriate way, but maybe a syscall command
would be preferable (you have to pass the device
major and minor too ;)
> Key fingerprint = 40D0 9FFB 9939 7320 8294 05E0 BCC7 02C4 75CC 50D9
> ..The program fails and the power plant explodes, poisoning the earth
> and the sea. Famine and disease sweep the world. All die.
> Oh, the embarrassment.
> Vserver mailing list
Vserver mailing list