From: Martin Honermeyer (maze_at_strahlungsfrei.de)
Date: Mon 06 Jun 2005 - 09:30:16 BST
Herbert Poetzl wrote:
> On Sat, May 28, 2005 at 09:25:51PM +0200, Bodo Eggert wrote:
>> On Sat, 28 May 2005, gary ng wrote:
>> > I am testing out vserver(1.2.10 on 2.4, not ready for
>> > 2.6 yet because of stability issue unrelated to
>> > vserver) and I am wondering what is the impact of
>> > giving CAP_SYS_ADMIN to it.
>> > Without it, I cannot mount within vserver but I see
>> > mount as a legitimate use like mounting CIFS/NFS or
>> > FUSE related file systems.
>> You can also mount filesystems containing device nodes. This would give
>> you root access to the host.
>> Secure user mounts are planned in the vanilla kernel, maybe they can be
>> adopted for vservers.
> 2.6/1.9.x and 2.0-* already support 'secure' mounts inside
> a vserver guest ...
How does this work? I am puzzled about this. In my setup, there is a vserver
which has to access different logical volumes mounted on different paths.
The vserver should be able to set up and manage quotas for each lv.
So far, I have an ugly workaround. The host mounts those lv's from /dev/vg
into the vserver. _After_ that, the vserver can be started, because it
doesn't see those mounts when it's already running! This way, quotas can
only be managed from within the host, as the vserver doesn't really see
What would be the best way to do it? I don't quite understand what secure
mounts are and how they work..
Vserver mailing list