From: Henrik Heil (hhml_at_zweipol.net)
Date: Sun 18 Jul 2004 - 18:34:04 BST
Hello,
i am trying to setup supervised vservers with runit
(http://smarden.org/runit/) using linux-2.4.26, patch-2.4.26-vs1.28.diff
with util-vserver-0.30.
To supervise the vservers i need them to stay in the foreground and to
receive signals from runsv.
I could achieve that by putting exec in front of the commands that run
$STARTCMD. i wrote a small patch to the vserver script that basically is
+ $EXEC $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
- $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
$CHCONTEXT_CMD $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT
$HOSTOPT $DOMAINOPT --secure \
$SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx \
$CAPCHROOT_CMD $CHROOTOPT . $STARTCMD
Obviously the post-start script will not be executed but that's not a
problem for me.
I am quite new to vserver and would like to ask you if you see a
security problem with this concept.
For illustration -- my vpstree output looks like this:
|-runsvdir(207)---runsv(211)-+-runit(466)-- ...
| |
| `-svlogd(215)
where the runit(466) is the init of the vserver and runs in a vserver
context while runsv(211) runs in context 0 and sends the signals with
vc_ctx_kill to 466.
Any comments are appreciated.
Thanks,
Henrik
-- Henrik Heil, zweipol Coy & Heil GbR http://www.zweipol.net/ _______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver