From: Bjoern Steinbrink (bjoern.steinbrink_at_isp4p.net)
Date: Fri 16 Apr 2004 - 10:09:59 BST
On Fri, 2004-04-16 at 10:58, Michael Hilscher wrote:
> Herbert wrote in
> http://archives.linux-vserver.org/200401/0125.html
>
> please make sure to disable dangerous entries
> which are not required in a vserver anyway, like
> hardware interfaces (ide,bus,pci,scsi) or kernel
> interfaces (kmem,iomem,ioports,sys,...)
>
> well i'm not sure which entries are required for Vserver and which ones
> are dangereous and has to be disabled! Where do I found more
> information about this?
More recent 'basic' information can be found here:
http://www.linux-vserver.org/index.php?page=Proc-Security
There has been a discussion on the ml regarding what could be made
visible:
http://list.linux-vserver.org/archive/vserver/msg06552.html
And finally Bertl says:
<Bertl> my motto is, do not enable, what you do not need
<Bertl> so I'd start with a minimal config (would be /proc/*info
/proc/uptime /proc/loadavg) ...
> Why don't you disable dangerous entries by default in Vserver
> installation and integrate the needed vproc in util-vserver?
IIRC alpha tools do this, more information on them is located here:
http://www.linux-vserver.org/index.php?page=alpha+util-vserver
Bjoern
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver