Re: [Vserver] what am i doing wrong with vserver exec?

From: Enrico Scholz <enrico.scholz_at_informatik.tu-chemnitz.de>
Date: Tue 04 Oct 2005 - 17:13:20 BST
Message-ID: <87ll199s67.fsf@kosh.bigo.ensc.de>

lists@spuddy.org (Stephen Harris) writes:

>> /usr/sbin/vserver prometheus exec /bin/rm -f /var/spool/qmailscan/quarantine/new/*
> ...
> However, why not just use the host to remove the files?

Because of symlinks like

| /vservers/prometheus/var/spool/qmailscan/quarantine/new -> /etc

or an other filesystem layout because of different namespaces.

The security relevant part of the first issue can be workarounded by
tools like 'chroot-sh' and the second issue by 'vnamespace -e'. But
'vserver ... exec' is more cleaner and solves the functionality relevant
part of the first issue also.

> /bin/rm -f /vservers/prometheus/var/spool/qmailscan/quarantine/new/*

Enrico

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Tue Oct 4 17:13:56 2005
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 04 Oct 2005 - 17:14:00 BST by hypermail 2.1.8