On Wed, 2007-10-24 at 13:14 +0200, Jon Bendtsen wrote:
> On Oct 23, 2007, at 4:46 AM, Daniel Risacher wrote:
>
> > My apologies in advance if this is re-opening old wounds.
> >
> > I recently set up VServer (mainly so I could run Zimbra w/ less pain)
> > and I found that the network isolation did not work the way I
> > (perhaps naively?) expected it to. (Mainly re: binding to TCP ports
> > and IPADDR_ANY.)
> >
> > I write this message to (1) determine whether my understanding of
> > VServer's functionality is correct, and possibly (2) suggest potential
> > improvements for discussion.
> >
> > How I think it DOES work
> > ------------------------
> >
> > * Host processes that bind to IPADDR_ANY can recieve connections to
> > any
> > host or guest address
>
> I think that just about the only process the Host system should run is
> SSH for remote management. Anything else should be in a vserver
> guest.
>
NTP should also run in the host.
-nc
Received on Wed Oct 24 12:33:08 2007