From: Thomas Weber (l_vserver_at_mail2news.4t2.com)
Date: Thu 13 Jan 2005 - 21:44:06 GMT
[sorry for messing up the thread by answering personal and forwarding to
the list earlier]
On Thu, Jan 13, 2005 at 07:26:30PM +0100, Herbert Poetzl wrote:
> On Thu, Jan 13, 2005 at 05:46:10PM +0100, Thomas Weber wrote:
> > On Thu, Jan 13, 2005 at 05:12:43PM +0100, Herbert Poetzl wrote:
> > > > So I think the util-vserver package should make sure that there is
> > > > capability support in the kernel before starting the vserver or else it
> > > > will silently run insecure vservers!
> > >
> > > well, IMHO that is something beyond the scope of
> > > util-vserver. why? simple, you would encounter the
> > > same issues on a vanilla system, if you do not load
> > > or compile in the capability stuff, similar to the
> > > issues you will encounter if you do not compile in
> > > support for ipv4, which clearly is _not_ something
> > > util-vserver should take care of when starting a
> > > new vserver ...
> >
> > I don't think it's much diffrent than checking the permissions of
> > /vservers and giving a warning...
>
> do the tools warn on misconfigured barriers?
at least the old ones did.
> (not sure about that) but agreed, a warning would
> be nice, unless it gives false positives ...
more than nice.
> (I guess patches are welcome ;)
if you have to try using capabilities in order to detect kernel support
for it, wouldn't it be more usefull to have the capability system
generate an entry in /proc (or /sys)? And no, I'm not a kernel hacker.
> > I don't consider myself a newbie, and I'm running vservers for quite
> > some time now - this wasn't a know issue to me and it's not very
> > obvious to figure out. Yet I'm glad this was a problem for me, because
> > an as you call it 'clean vserver config' would not have triggerd this
> > behaviour and maybe I would now run totally insecure vservers without
> > knowing. Maybe there are already lots of insecure vservers up and
> > running out there.
>
> probably, at least with debian it seems to be default
> to build linux-caps as module and _not_ load it on
> bootup (hopefully that will be fixed soon)
building linux-caps as module was my decision. I don't use debian
packages for the kernel. I compile it myself. Like most people I expect
something to fail if the kernel doesn't have support for it (coming from
2.4 kernels one might even expect it to load automatically).
regards,
Tom
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver