About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 16 Oct 2004 - 02:17:22 BST


On Fri, Oct 15, 2004 at 01:44:50PM -0400, Gregory (Grisha) Trubetskoy wrote:
> On Fri, 17 Sep 2004, Herbert Poetzl wrote:
>
> >On Thu, Sep 16, 2004 at 10:29:52PM -0400, Gregory (Grisha) Trubetskoy
> >wrote:
> >>
> >>Is it possible to somehow use mount --bind from within a vserver?
> >>(vs1.28).
> >
> >not in a secure way with the 2.4 stable branch, but
> >it is with recent 2.6 (vs1.9.x) devel branch ...
>
> Could you please elaborate on this?
>
> On 1.9.3-rc2.1/latest utils I see that I can mount after I give the
> context SYS_ADMIN bcap, but that doesn't seem like a wise thing in a web
> hosting scenario (our case) - is there some other way?

yes, giving VXC_SECURE_MOUNT (a context capability)
without the CAP_SYS_ADMIN (linux capability) will
allow for 'secure' mounts (including --bind mounts)
inside a vserver ...

HTH,
Herbert

> Thanks,
>
> Grisha
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 16 Oct 2004 - 02:17:35 BST by hypermail 2.1.3