About this list Date view Thread view Subject view Author view Attachment view

From: Bjoern Steinbrink (bjoern.steinbrink_at_isp4p.net)
Date: Fri 19 Mar 2004 - 23:14:21 GMT


On Fri, 2004-03-19 at 23:55, Christian Jung wrote:
> I did not find anything usefull in the groups. There was something
> mentioned
> that the proc filesystem is hidden for security reasons and that this
> can be
> changed with a tool. I did not really understand this, sorry.
>
As the procfs exposes some things that shouldn't be seen inside a
vserver, proc entries can be hidden, for stable they're visible by
default, for devel/exper. they're only visible in ctx 0 by default.
A paper on vproc security can be found here:
http://www.linux-vserver.org/index.php?page=Proc-Security
For the experimental patches you should use the util-vserver alpha tools
that come with a tool called setattr, i guess the vproc tool would work
as well but the changed flag logic would make the cli appear confusing.
There are no documented known-to-be-safe proc-visibility settings but
IIRC Bertl has posted some hints about good starting points on the list
> I know that this version is experimental and so is subject to fail.
You may want to use vs0.09.22, is quite stable for me and has some nifty
features ;)

Bjoern

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 19 Mar 2004 - 23:15:14 GMT by hypermail 2.1.3