From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 16 Oct 2004 - 02:17:22 BST
On Fri, Oct 15, 2004 at 01:44:50PM -0400, Gregory (Grisha) Trubetskoy wrote:
> On Fri, 17 Sep 2004, Herbert Poetzl wrote:
>
> >On Thu, Sep 16, 2004 at 10:29:52PM -0400, Gregory (Grisha) Trubetskoy
> >wrote:
> >>
> >>Is it possible to somehow use mount --bind from within a vserver?
> >>(vs1.28).
> >
> >not in a secure way with the 2.4 stable branch, but
> >it is with recent 2.6 (vs1.9.x) devel branch ...
>
> Could you please elaborate on this?
>
> On 1.9.3-rc2.1/latest utils I see that I can mount after I give the
> context SYS_ADMIN bcap, but that doesn't seem like a wise thing in a web
> hosting scenario (our case) - is there some other way?
yes, giving VXC_SECURE_MOUNT (a context capability)
without the CAP_SYS_ADMIN (linux capability) will
allow for 'secure' mounts (including --bind mounts)
inside a vserver ...
HTH,
Herbert
> Thanks,
>
> Grisha
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver