Re: [vserver] Operation not permitted:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

Re: [vserver] Operation not permitted

From: Guenther Fuchs <vserver_at_muh.at>
Date: Tue 30 Oct 2007 - 17:51:01 GMT
Message-ID: <273243724.20071030185101@fuchs.info>

Hi there,

on Tuesday, October 30, 2007 at 2:50:08 PM there was posted:

echo "CAP_NET_RAW" > /etc/vservers/${YOUR_GUEST}/bcapabilities

That does it, true - but it also opens the RAW access to the
net-interface which makes it able to "listen" to the net traffic of
_all_ guests from within that one - and that is a serious security
hole.

-- 
regards 'n greez,
Guenther Fuchs
(aka "muh" and "powerfox")

Received on Tue Oct 30 17:51:28 2007

This message: [ Message body ]
Next message: Daniel Risacher: "Re: [vserver] Network isolation and VServer"
Previous message: Guenther Fuchs: "Re: [vserver] Does the list work?"
In reply to: Peter Mann: "Re: [vserver] Operation not permitted"
Next in thread: Herbert Poetzl: "Re: [vserver] Operation not permitted"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 30 Oct 2007 - 17:51:34 GMT by hypermail 2.1.8