maybe, it's unnecessary or too paranoid ?
Xavier de Poorter a écrit :
> hi everybody,
>
> /etc/vservers/guest/fstab
> imagine a guest with a fstab like this :
>
> /mnt/guest/root / none bind,dev,exec,attrs,rw
>
> none proc proc defaults
> none /dev/pts devpts gid=5,mode=620
>
> /mnt/guest/tmp /tmp none bind,attrs,rw
> /mnt/guest/var /var none bind,attrs,rw
>
>
> i want remount in a secure mode
> vattribute --ccap SECURE_REMOUNT --ccap SET_UTSNAME --ccap RAW_ICMP
> --xid context
>
> mount /mnt/guest/root -o ro,remount
>
> vserver guest exec mount /var -o remount,noexec,nodev,nosuid
> vserver guest exec mount /tmp -o remount,noexec,nodev,nosuid
>
> vattribute --ccap SET_UTSNAME --ccap RAW_ICMP --xid context
>
>
>
> i want remount in a updatable mode
> vattribute --ccap SECURE_REMOUNT --ccap SET_UTSNAME --ccap RAW_ICMP
> --xid context
>
> mount /mnt/guest/root -o rw,remount
>
> vserver guest exec mount /var -o remount,defaults,attrs
> vserver guest exec mount /tmp -o remount,defaults,attrs
>
> vattribute --ccap SET_UTSNAME --ccap RAW_ICMP --xid context
>
>
> it works but is it the good way to remount bind in a vserver ?
>
Received on Mon Feb 11 17:23:05 2008