Re: [vserver] mknod inside vserver (bind error)

From: Daniel Hokka Zakrisson <daniel_at_hozac.com>
Date: Tue 24 Mar 2009 - 11:49:18 GMT
Message-ID: <35781.2001:16d8:ff15:101:219:d2ff:fed5:8193.1237895358.squirrel@intranet>

ADNET Ghislain wrote:
>
>> another approach is to setup device mapping
>> properly to allow certain 'considered secure'
>> devices to be created inside a guest
>>
>> yet another (but insecure) approach is to give
>> the bcapability to create arbitrary device nodes
>> to the guest
>>
>> HTH,
>> Herbert
>>
> you can give device mapping without the bcapability ? my last try failed
> to work with this setup. Can you give an exemple of how should work the
> device mapping with a simple exemple of

No, if your kernel is configured with device mapping, you need to give the guest CAP_MKNOD
and setup the device mapping tables to allow it to do whatever it is you're looking for.

-- 
Daniel Hokka Zakrisson
Received on Tue Mar 24 11:49:36 2009
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Tue 24 Mar 2009 - 11:49:37 GMT by hypermail 2.1.8