From: Torsten Kurbad (torsten_at_tk-webart.de)
Date: Thu 27 Jan 2005 - 20:05:50 GMT

• Previous message: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• In reply to: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• Next in thread: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• Reply: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."

Herbert Poetzl:
> but you should never us it inside a vserver, as devfs gives
> you access to _all_ devices present on your system, which
> basically allows any vserver root user to do whatever he
> likes with your harddisks (and more) ...

I stopped it and created the device nodes you suggested. The vserver
still comes up fine.

> vshelper (and the alpha util-vserver tools) take care of
> that now, reboot (or reboot -f) inside the vserver is
> redirected to the helper which in turn cycles the vserver
>
> if a vserver manages to reboot your host, then you have
> some connection to the host init present (like /dev/initctl)
> or an ancient kernel running (which doesn't know about the
> helper)

And that's exactly what still doesn't work.

On the root system:

olymp ~ # cat /etc/sysctl.conf | grep vshelper
kernel.vshelper=/usr/lib/util-vserver/vshelper

olymp ~ # stat /usr/lib/util-vserver/vshelper
  File: `/usr/lib/util-vserver/vshelper'
  Size: 5534 Blocks: 16 IO Block: 4096 regular file
Device: 805h/2053d Inode: 10739715 Links: 1
Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2005-01-25 10:55:35.000000000 +0100
Modify: 2005-01-25 10:55:35.000000000 +0100
Change: 2005-01-25 10:55:35.000000000 +0100

olymp ~ # uname -r
2.4.29-vs1.2.10

I wouldn't call that kernel exactly ancient (2.6.10-vs1.9.3 gave me
Oopses during console login on the root server, so I downgraded to this
- obviously more stable - version...)

Within the vserver:

zope3 ~ # reboot

Broadcast message from root (pts/2) (Thu Jan 27 20:58:04 2005):

The system is going down for reboot NOW!
shutdown: /dev/initctl: No such file or directory
init: /dev/initctl: No such file or directory

So, how do I now prevent reboot from accessing /dev/initctl. Or, more
precisely, why isn't the reboot event handled by vshelper, which works
perfectly fine from "outside" the vserver?

Regards,
Torsten

• application/pgp-signature attachment: Dies ist ein digital signierter Nachrichtenteil

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

• Previous message: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• In reply to: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• Next in thread: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."
• Reply: Herbert Poetzl: "Re: [Vserver] issuing /sbin/reboot within a vserver reboots the host system..."