Re: [Vserver] dev in read-only guest / using a ramdisk

From: Oliver Welter <mail_at_oliwel.de>
Date: Sat 23 Dec 2006 - 21:56:46 GMT
Message-ID: <458DA61E.2040902@oliwel.de>

Hi Herbert,

> yes, because the bind mount probably doesn't exist
> when the tools try to write to /dev/null

Hmmm, anyway

> IMHO a more secure solution would be to bind mount
> the /dev/log only and keep the entire /dev read only
> as that is more secure than having them on var

AFAIK its not possible the bind-mount a file, or am I wrong?

I played around and came to a very nice solution :)
I added a Script to the prepre-start level, that mounts a tmpfs on /dev
and creates the necessary nodes. Seems to do fine

Thx for the help anyway

Oliver

_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Received on Sat Dec 23 21:57:58 2006
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 23 Dec 2006 - 21:58:05 GMT by hypermail 2.1.8