On Tue, 4 Oct 2005, Torsten Becker wrote:
> I try to run a complete workstation in a vserver including a x-server.
> This is no problem since I do not try to use the hardware acceleration
> with the nvidia kernel module.
> I have set several capabilities for the vserver:
That's enough to make the vserver insecure.
> Does anyone have a hint for me, how I can manage this? Or is it impossible?
> I use this configuration to deploy the workstations to a pool of pc's.
> Therefor the security between host and vserver is not first goal.
If your X11 is exploited, you're toast, so you can as well run X11 from
the host and make it contact the xdm running in the vserver.
Off cause this isn't as flexble as running in the vserver, but unless
you're testing different X-Servers, this should be a minor problem.
However, I don't know if 3d support is network transparent, and I can't
test it here.
-- Funny quotes: 30. Why is a person who plays the piano called a pianist but a person who drives a race car not called a racist? _______________________________________________ Vserver mailing list Vserver@list.linux-vserver.org http://list.linux-vserver.org/mailman/listinfo/vserverReceived on Tue Oct 4 13:50:21 2005