About this list Date view Thread view Subject view Author view Attachment view

From: Bj÷rn Steinbrink (bjoern.steinbrink_at_isp4p.net)
Date: Fri 05 Nov 2004 - 02:51:31 GMT


> why not do it this way:
>
> 1. get a new namespace
> 2. create the vfsmount (for example via --bind)
> 3. pivot_root (or similar, maybe new cmd?) to the vfsmount
> 4. cleanup the namespace (remove host stuff)
> 5. do all required/listed mounts inside that namespace
> 6. create the context
>

I've found an easy way to get a clean namespace using lazy mounts. A
short bash script + description can be found at
http://doener.homeip.net/doener/vserver/
(be careful with that, it's just a quick hack!)

Pros:
Mounting of the whole vserver mount tree happens using host tools.
No / overlay mount.
Namespace is completely clean, not even the rootfs mount is there.
chdir("..") trick is not possible (dunno about fd exchange).
Should be easy to integrate with the current alpha tools.

Cons:
chroot(1) must not be on a separate partition.
Once inside the namespace currently there's no access to the host's
binaries (i'm working on that, maybe i can do something with
vc_set_namespace/vc_enter_namespace...)
[whatever you dislike about it/i missed]

Comments are welcome.

Bjoern
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 05 Nov 2004 - 02:51:48 GMT by hypermail 2.1.3