Re: [vserver] xorg inside of vguest slower than on host

From: Stephan Mueller <d454d_at_web.de>
Date: Mon 10 Dec 2007 - 13:38:56 GMT
Message-ID: <20071210133856.GB6121@mail.web.de>

* Herbert Poetzl <herbert@13thfloor.at> [10.12.2007]:

> okay, that is a start, unfortunately you do neither want
> SYS_RAWIO nor SYS_ADMIN in a moderately secure guest,
> the pci stuff itself might be fine without write access
> (capability not permission) ...
>
> but I still think, if there is enough interest, we can
> make such a setup reasonably secure, by defining certain
> port ranges and/or pci structures as 'belonging' to that
> guest (like the graphics hardware) and thus we might get
> away without opening up the guest

As the main reason for me to run xorg in a vguest is

a) separate xorg from other stuff
b) gain more security if possible
c) don't want to have xorg in my host system

i am still very interested. I hope to put my current test system to
production mode on the next weekend, but I hope to have a new test
system later this month. So you can count me in for this.

Currently i am also thinking about getting usb sticks etc. working
inside a vguest without the need to grant too much permissions to the
guest. I had a look at usbmount (http://usbmount.alioth.debian.org/)
which is a simple udev script that mounts and unmounts usb drives to
given locations. When adjusted to use 'vnamespace' to mount drives
inside of vguest it should do what i want. Or is there some more nifty
solution for this?

Cheers,

Steph.
Received on Mon Dec 10 13:40:10 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 10 Dec 2007 - 13:40:15 GMT by hypermail 2.1.8