From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 29 Jun 2004 - 13:02:54 BST
On Tue, Jun 29, 2004 at 08:07:16PM +0900, Dan Keimatsu wrote:
> A reply, thank you.
> At Tue, 29 Jun 2004 11:26:47 +0200,
> Matthias Wieser wrote:
> > Hi
> > > What is CONFIG_PROC_SECURE?
> > > and By setup of kernel which set this to yes, /proc has not been
> > > mounted within vserver (Guest side) again. Is this the right motion?
> > It hides some of the proc content as far as I understand it.
CONFIG_PROC_SECURE allows you to enable/disable the
procfs security from the kernel side ... disabling
it will give you 'unmodified' proc behaviour, where
all proc entries are accessible ...
> > You should use the new util-vserver utils. These do have a init scipt named
> > /etc/init.d/vprocunhide
> > This did the magic for me
> The good result was able to be obtained as a result of finding and
> performing vprochide in util-vserver-0.29-214.
> Here, it is one question.
> Although /proc has been mounted by vserver (guest side), the file
> which has a publication in vprocunhide-files was also able to read
> contents by the /proc subordinate of vserver (guest side).
> Is this the right motion?
the procfs is a single filesystem, every mount of
that filesystem uses the same superblock and the same
inodes, this gives you some kind of shared filesystems
across all 'users' of the procfs, the proc security
renders some entries invisible for contexts >(=)1
vs184.108.40.206 is not supposed to show or allow access
to any disabled entries from within a vserver, if that
happens, it's a bug, and you should report it ...
> > Ciao, Matthias
> > --
> > Matthias Wieser http://www.hiasl.net
> > Hafnerriegel 53 ICQ: 12597522
> > 8010 Graz AFS: www.afs.at
> > +43-650-8474256 Beach Volley Ball
> > _______________________________________________
> > Vserver mailing list
> > Vserver_at_list.linux-vserver.org
> > http://list.linux-vserver.org/mailman/listinfo/vserver
> Dan Keimatsu
> Vserver mailing list
Vserver mailing list