About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 28 May 2005 - 20:00:55 BST


On Sat, May 28, 2005 at 04:42:04AM -0700, gary ng wrote:
> Hi,
>
> I am testing out vserver(1.2.10 on 2.4, not ready for
> 2.6 yet because of stability issue unrelated to
> vserver) and I am wondering what is the impact of
> giving CAP_SYS_ADMIN to it.

well, it basically allows the vserver root to take
over the host system quite easily ...

> Without it, I cannot mount within vserver but I see
> mount as a legitimate use like mounting CIFS/NFS or
> FUSE related file systems.

no, mounting filesystems (without special security)
isn't a legitimate use on a vserver ...

you can do that in a more secure way with 2.6/1.9.x
(but it isn't advisable anyway)

> Oh, while I am at it, what capability is needed so
> that I can setup vpn(pptp, openvpn etc.) within the

you can set those things up from outside, or wait
until ngnet (2.6 only) will become more mature ...

> vserver or it will the vserver no longer virtual(too
> much rights so it can get out of the jail)?
>
> thanks in advance for any help.

best,
Herbert

> regards,
> gary
>
> PS. please CC if possible as I am not on the list
>
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 28 May 2005 - 20:01:14 BST by hypermail 2.1.3