About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 17 Feb 2004 - 11:52:07 GMT


On Tue, Feb 17, 2004 at 12:07:44PM +0100, Thomas Gelf wrote:
> Hello together!
>
> I'm new on this list so please be patient with me! My English
> is not that good, but it seems that I'm not alone with this
> problem :o)
>
> We started testing vserver one week ago, I found this great
> project while looking for an alternative to UML which we have
> currently running on different Web-, Mail and DNS-Servers.
>
> UML is great, but I'm not satisfied with the performance of
> Loopback-mounted sparse-files.
>
> We compiled about 30-40 Kernels last week, vserver's documentation
> was not really helpful (please don't hit me :o) - we did some

go ahead, improve it, that's what a wiki is designed for ...

> changes to debian-newvserver.sh to make it possible to run it
> with the exploit-proof "chattr +t /vservers"-directory. If
> someone is interested in it (it was not that difficult) - mail me!

I would suggest sendig it to the debian-newvserver maintainer
whoever that might be atm ...

> We haven't been able to compile kernel 2.6, maybe Herbert's
> patch (http://list.linux-vserver.org/archive/vserver/msg06189.html)

it seems to be a debian woody oddity, it was confirmed that
using sarge does solve this issue too, but as it seems that
we can provide a harmless workaround, this will be included
in the next release ...

> will help. Currently we are running 2.4.25-rc2, also using context-
> based disk-limits.

make sure to use static context ids ...

> I'll stop indroduction now, let's start with my first question to
> this list: We would like to improve vserver's networking support.
> Like with our UML-Servers we did the following today (on debian):
>
> # apt-get install uml-utilities
> # apt-get install bridge-utils
> # mkdir -p /dev/net
> # mknod -m 660 /dev/net/tun c 10 200
> # chmod 660 /dev/net/tun
> # chown root.uml-net /dev/net/tun // group uml-net added by debian
>
> now stop all your vservers, we did the following on a debian box
> with eth0:192.168.124.100, using this script (change ip addresses):
> ---
> #!/bin/sh
> tunctl -u root -t tom0
> brctl addbr br0
> ifconfig eth0 0.0.0.0 promisc up
> ifconfig tom0 0.0.0.0 promisc up
> ifconfig br0 192.168.124.100 netmask 255.255.255.0 up
> brctl stp br0 off
> brctl setfd br0 1
> brctl sethello br0 1
> brctl addif br0 eth0
> brctl addif br0 tom0
> route add default gw 192.168.124.1
> ---
> this also works during a ssh connection, but I'm not responsible if
> it doesn't - and no, you don't have to use "tom0" :)
>
> change /etc/vservers/XX.conf to match the new interface "tom0".
>
> now we tried to add S_CAPS="CAP_NET_RAW" - tadaaaaaaaaaa! just try
> to use the standard "ping" program. starting a sniffer works, but
> you will see absolutely nothing.

hmm, interesting approach, could you also try it with
the dummy interface (dummy0), that might work as well,
and if might be a simpler? solution ...

> we did all this tests this morning (it's 12:05 in south tyrol/italy now)
> and will go on installing a default web hosting environment on our new
> vservers.
>
> what do you think about this approach? is it secure? is it worth to
> invest time to enhance it? we are not kernel hackers so we need help
> for the following features: hide real interfaces in vservers, show
> them a "eth0" interface instead of "tom0:vs1", add a virtual loopback
> device.

not so fast, but yes, we could probably do a lot of those
things, just think nameif and private namespaces ...

> linux-vserver is a great project, compliments to all guys contributing
> to it. we would like to help to improve this project, doing tests,
> posting our ideas, maybe writing documentation (english with your help,
> german, italian) or little howto's, userspace utilities... And we need
> your feedback to go on faster!

do not let anybody stop you!

HTH,
Herbert

> yours sincerly
> Thomas Gelf
>
>
> --
> Thomas Gelf <vserver_at_gelf.net>
>
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 17 Feb 2004 - 11:52:57 GMT by hypermail 2.1.3