From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 28 May 2005 - 20:00:55 BST
On Sat, May 28, 2005 at 04:42:04AM -0700, gary ng wrote:
> I am testing out vserver(1.2.10 on 2.4, not ready for
> 2.6 yet because of stability issue unrelated to
> vserver) and I am wondering what is the impact of
> giving CAP_SYS_ADMIN to it.
well, it basically allows the vserver root to take
over the host system quite easily ...
> Without it, I cannot mount within vserver but I see
> mount as a legitimate use like mounting CIFS/NFS or
> FUSE related file systems.
no, mounting filesystems (without special security)
isn't a legitimate use on a vserver ...
you can do that in a more secure way with 2.6/1.9.x
(but it isn't advisable anyway)
> Oh, while I am at it, what capability is needed so
> that I can setup vpn(pptp, openvpn etc.) within the
you can set those things up from outside, or wait
until ngnet (2.6 only) will become more mature ...
> vserver or it will the vserver no longer virtual(too
> much rights so it can get out of the jail)?
> thanks in advance for any help.
> PS. please CC if possible as I am not on the list
Vserver mailing list