On Wed December 21 2005 11:41, Joel Soete wrote:
> > Hello all,
> >
> > BUT the from the host I can always access and modify data into guest dedicated
> > fs (and btw I risk to corupt a guest service config by accident because the
> > host ignore, well doesn't show, processes owned by guest).
> >
> > My question is so: is it possible to configure another way the guest server to
> > hide its data from host?
> >
Hi Joel,
One way that 'should' work is to use Access Control Lists (ACL).
Since that mechanism works at the filesystem level, it should be
transparent to any Vserver.
Note that I said: "should" - I am still testing and looking for
hidden gotchas. Will post my notes once I try it myself.
I posted a link to a good description in one of my earlier mails,
the one that summarized my exploring ReiserFS-3/4.
The ACL examples are here:
<www.suse.de/~agruen/acl/chapter/fs_acl-en.pdf>
Those examples are known to work on ext2, ext3, Reiser-3, xfs
and maybe others. Not yet in Reiser-4.
Just be sure to use a group name and user name that is
on your system rather than those shown in the examples.
The acl tools (getfacl, setfacl) in Debian/Stable work as described.
For other than xfs you will probably have to pass an option or two
to the mount command (edit your fstab).
The summary e-mail is here:
<http://list.linux-vserver.org/archive/vserver/msg11799.html>
Mike
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Dec 21 18:11:50 2005