vserver development mailing list: Re: [Vserver] X server and /dev/mem

Re: [Vserver] X server and /dev/mem:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Mon 20 Dec 2004 - 17:32:55 GMT

Previous message: Liam Helmer: "Re: [Vserver] apt-get and vserver problem"
In reply to: Benoit des Ligneris: "Re: [Vserver] X server and /dev/mem"

Here's my BCapabilities -> I've been running X inside a vserver for
quite some time. This is what I use.

CAP_CHOWN
CAP_DAC_READ_SEARCH -> needed for X
CAP_FOWNER
CAP_FSETID
CAP_KILL
CAP_SETGID
CAP_SETUID
CAP_SETPCAP -> I use this for ethereal
CAP_NET_BIND_SERVICE
CAP_NET_BROADCAST
CAP_NET_RAW
CAP_SYS_MODULE
CAP_SYS_RAWIO
CAP_SYS_CHROOT -> needed for vserver scripts AFAICT
CAP_SYS_PTRACE
CAP_SYS_PACCT
CAP_MKNOD -> for creating the dev/card/xxx
CAP_LEASE

Cheers,
Liam

On Sun, 2004-12-19 at 12:30 -0500, Benoit des Ligneris wrote:
> Hello,
>
> Well, the vserver has some CAP : I tried initially with
> CAP_NET_ADMIN and CAP_SYS_ADMIN but with no success.
>
> After a bit of RTFS, I still believe that no additional CAP should be
> necessary but maybe am I wrong ?
>
> Any suggestion ?
>
> Ben
>
>
> * Herbert Poetzl <herbert_at_13thfloor.at> [04-12-19 11:12]:
> > On Fri, Dec 17, 2004 at 11:17:29PM -0500, Benoit des Ligneris wrote:
> > > Hello,
> > >
> > > We are trying to run an X server inside a vserver. We found some
> > > messages on the mailing list but no know success ;-)
> > >
> > > The errror we have is the following :
> > > ========= Extract of XFree86 log ==============
> > > * BIOS: Failed to open /dev/mem (Operation not permitted)
> > > Using vt 7
> > > (--) using VT number 7
> > >
> > > (WW) Open APM failed (/dev/apm_bios) (No such device)
> > >
> > > Fatal server error:
> > > xf86EnableIOPorts: Failed to set IOPL for I/O
> > > ====End of Extract of XFree86 log ==============
> > >
> > >
> > > I noticed that it is not possible to access /dev/mem from inside a
> > > vserver. I think this is needed because X try to directly access the
> > > memory.
> > >
> > > Any idea to achieve that ?
> >
> > hmm, did you try to give proper capabilities to that
> > vserver?
> >
> > no need to mention that access to /dev/mem or /proc/mem
> > will allow to wipe out your host machine ...
> >
> > best,
> > Herbert
> >
> > > Thanks by advance,
> > >
> > > Ben
> > >
> > > --
> > > Benoit des Ligneris Ph. D.
> > > President de Revolution Linux http://www.revolutionlinux.com/
> > > OSCAR Chair http://oscar.openclustergroup.org/
> > > Chef de projet EduLinux http://www.edulinux.org/
> > > _______________________________________________
> > > Vserver mailing list
> > > Vserver_at_list.linux-vserver.org
> > > http://list.linux-vserver.org/mailman/listinfo/vserver

StrongBox Linux http://www.strongboxlinux.com "Making Security Friendly"

_______________________________________________ Vserver mailing list Vserver_at_list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Liam Helmer: "Re: [Vserver] apt-get and vserver problem"
In reply to: Benoit des Ligneris: "Re: [Vserver] X server and /dev/mem"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Dec 2004 - 17:33:29 GMT by hypermail 2.1.3