Re: [Vserver] OCS Inventory:
 vserver development mailing list 
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [Vserver] OCS Inventory

From: Daniel Hokka Zakrisson <daniel_at_hozac.com>
Date: Sat 17 Mar 2007 - 13:04:46 GMT
Message-ID: <58127.192.168.101.6.1174136686.squirrel@intranet>

Daniel W. Crompton wrote:
> On 3/16/07, Daniel Hokka Zakrisson <daniel@hozac.com> wrote:
>> Daniel W. Crompton wrote:
>>> After reading Jean-Marc's answer I thought it could also be the fact
>>> that you might just need to create /dev/mem.
>>
>> You absolutely never ever want to do that, if you care the least about
>> the
>> guest being secure... /dev/mem would give it complete access to the
>> contents of your RAM.
>
> Seriously if you care about your guest being secure you make sure that
> the host doesn't have physical network access. If you want to be able
> to run certain programs in a guest you sometimes need rights which are
> available to only the host. That's the whole point of caps.

Which should not be taken as lightly as "you just need to create XYZ".
It's something that essentially voids the entire virtualization/isolation
that Linux-VServer provides... 

-- 
Daniel Hokka Zakrisson
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sat Mar 17 13:43:01 2007
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sat 17 Mar 2007 - 13:43:07 GMT by hypermail 2.1.8