About this list Date view Thread view Subject view Author view Attachment view

From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Tue 27 Sep 2005 - 11:24:35 BST


On Tue, Sep 27, 2005 at 09:38:50AM +0200, Oliver Welter wrote:
> Hi All,
>
> I am running into a problem with a read-only filesystem regarding "dev".
>
> My root server has a read-only mount for the base-installation with a
> writable partition for var and temp, for dev I use "devfs", so the ro
> mount is no problem.

well, devfs is basically removed with 2.6.13, so this
will become an issue for you very soon ...

> Now I try to do the same inside the vServer Guest, the var and tmp are
> on writable partitions, the base system is on a read only mount. As the
> /dev resides also on the ro-mount I cannot start syslog (/dev/log is nor
> writable)
> Is there any solution to create a virtual /dev inside the vserver
> without creating security holes ?

why not do what you will have to do on a normal linux
system (starting with 2.6.13) and use a separate
partition (preferable /tmp) for the devices (on real
machines together with udev) just with the required
devices for the guest (no security implications, no
changes to devfs, except for the fact that you have
_another_ writeable partition (similar to /tmp)

HTH,
Herbert

> I am running Gentoo on Host and Guest with recent 2.0 tools
>
> regards
>
> Oliver
> --
> Diese Nachricht wurde digital unterschrieben
> oliwel's public key: http://www.oliwel.de/oliwel.crt
> Basiszertifikat: http://www.ldv.ei.tum.de/page72

> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 27 Sep 2005 - 11:24:59 BST by hypermail 2.1.3