From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Fri 15 Oct 2004 - 03:10:30 BST
On Thu, Oct 14, 2004 at 03:26:07PM +0200, Pierre.HURET_at_euro-securities-partners.com wrote:
> Hi,
>
> A special thank to Bjoern and Christian for your response.
>
> Effectively, a simple "modprobe capability" and all work fine after a
> "vserver vm1 stop".
>
> But I've got a question that must be clear for me and my future
> vserver machine:
>
> Is it normal that from a verser, whitch IP address is an alias (
> eth0:vm1 ) and eth0 is used by host server, I can see eth0 and the IP
> address associated, with a simple "ifconfig -a" ?
unless you set VXF_HIDE_NETIF, yes that is normal
(assuming 1.9.3-rc2 here)
> If I Update my verser.conf by a "S_CAPS="CAP_NET_ADMIN", from a
> vserver, I can now stop all the machine by a "ifconfig eth0 down".
yep, that is what CAP_NET_ADMIN is for (see
/usr/include/linux/capability.h or the linux-
vserver paper)
> I play with such things because I try to realise a balanced Vserver
> and I have to create or delete some alias around eth0, but inside a
> vserver.
>
> My old tests with a kernel 2.4.26 work perfectly well, but I noticed
> that, from a vserver, I can see eth0, but NOT its IP address. So it
> seems to be less dangerous !
hmm, no not really, CAP_NET_ADMIN allows everything ...
> Does all of this goes in a right way ? What I saw and what I think
> are inline with the vserver project concept ?
>
> A last question: Is it possible to use ipvs inside a vserver ?
never tried ... might work, but probably not ...
> Thanks again for all your help.
best,
Herbert
> Pierre.
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver