Re: [Vserver] Using SECURE_MOUNT

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Fri 08 Sep 2006 - 19:14:08 BST
Message-ID: <20060908181408.GB8745@MAIL.13thfloor.at>

On Fri, Sep 08, 2006 at 09:23:01AM +0200, Wilhelm Meier wrote:
> Am Mittwoch, 6. September 2006 22:13 schrieb Herbert Poetzl:
> > On Tue, Sep 05, 2006 at 12:35:48PM +0200, Wilhelm Meier wrote:
> > > Hi,
> > >
> > > I wonder how to use SECURE_MOUNT.
> > >
> > > I want to give a vserver secure access to a device so that
> > > mounting the device does not introduce any new device nodes.
> >
> > that's the idea behind the secure mount
> >
> > > What do I have to include in /etc/vservers/vsxx/bcapabilities?
> > > CAP_SYS_ADMIN?
> >
> > nope, just the SECURE_MOUNT context capability (ccapabilities)
>
> Thanks, it works as desired.
>
> As I understand, the context caps are a new set of capabilities
> introduced by vserver-patches, right?

yep, correct, they are 'simple' capability flags
per guest (i.e. all tasks inside that context will
have the same set)

best,
Herbert

> --
> Wilhelm
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Fri Sep 8 19:15:13 2006

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Fri 08 Sep 2006 - 19:15:17 BST by hypermail 2.1.8