From: Gregory (Grisha) Trubetskoy (grisha_at_ispol.com)
Date: Fri 17 Sep 2004 - 15:37:20 BST
On Fri, 17 Sep 2004, Herbert Poetzl wrote:
> On Thu, Sep 16, 2004 at 10:29:52PM -0400, Gregory (Grisha) Trubetskoy wrote:
>> Is it possible to somehow use mount --bind from within a vserver?
> not in a secure way with the 2.4 stable branch, but it is with recent
> 2.6 (vs1.9.x) devel branch ...
> of course, after adding enough CAPs, everything is possible ...
We do something like this to allow ping and traceroute - there is an
outside process that reenters the vserver to execute a particular command
with an elevated capability.
At first look it seems that mount --bind obeys chroot and it should be
safe for us to allow it as well, or is there some apparent security
problem with this?
There is more details on the aforementioned kludge here for those
Thanks for your help!
Vserver mailing list