From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Mon 19 Jul 2004 - 00:06:32 BST
On Sun, Jul 18, 2004 at 07:34:04PM +0200, Henrik Heil wrote:
> i am trying to setup supervised vservers with runit
> (http://smarden.org/runit/) using linux-2.4.26, patch-2.4.26-vs1.28.diff
> with util-vserver-0.30.
> To supervise the vservers i need them to stay in the foreground and to
> receive signals from runsv.
> I could achieve that by putting exec in front of the commands that run
> $STARTCMD. i wrote a small patch to the vserver script that basically is
> + $EXEC $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
> - $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
> $CHCONTEXT_CMD $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT
> $HOSTOPT $DOMAINOPT --secure \
> $SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx \
> $CAPCHROOT_CMD $CHROOTOPT . $STARTCMD
> Obviously the post-start script will not be executed but that's not a
> problem for me.
> I am quite new to vserver and would like to ask you if you see a
> security problem with this concept.
hmm, except for the connection between the processes
in and outside no ...
> For illustration -- my vpstree output looks like this:
> |-runsvdir(207)---runsv(211)-+-runit(466)-- ...
> | |
> | `-svlogd(215)
> where the runit(466) is the init of the vserver and runs in a vserver
> context while runsv(211) runs in context 0 and sends the signals with
> vc_ctx_kill to 466.
> Any comments are appreciated.
I do not see a point (yet) in doing that, so what
is the idea behind this 'solution'?
if it is knowing when a vserver exits (is destroyed)
you can get this info via the vshelper, if it is
automatically restarting a 'rebooting' vserver, then
this should be already done by the scripts ...
please elaborate on your requirements ...
> Henrik Heil, zweipol Coy & Heil GbR
> Vserver mailing list
Vserver mailing list