On Thu, Mar 26, 2009 at 02:36:09PM +0100, Sebastien Bonnegent wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> This lines is generated by the command "vps ax" on master.
usually those lines are generated by pts/ptys which
were 'brought' into a context via 'enter' or 'exec'
if you get those messages without entering a guest,
I'm quite interested in a reproduceable setup.
> Can I find somewhere the description of
yes, the kernel config contains descriptions for all
the config options, just press '?' to view them
> "CONFIG_VSERVER_PROC_SECURE" and
This configures ProcFS security to initially hide
non-process entries for all contexts except the main and
spectator context (i.e. for all guests), which is a secure
default.
(note: on 1.2x the entries were visible by default)
> "CONFIG_VSERVER_PRIVACY" option ?
When enabled, most context checks will disallow
access to structures assigned to a specific context,
like ptys or loop devices.
HTH,
Herbert
> Sebastien Bonnegent wrote:
> > Hi,
> >
> > I have this lines in my syslog:
> >
> > [ 3872.477649] vxW: [???ps???,23026:#1|0|0] did lookup hidden devpts:f55dd500[#0,2] ???/dev/pts???.
> > [ 4172.175854] vxW: [???ps???,23291:#1|0|0] did lookup hidden devpts:f55dd500[#0,2] ???/dev/pts???.
> > [ 4472.844371] vxW: [???ps???,23570:#1|0|0] did lookup hidden devpts:f55dd500[#0,2] ???/dev/pts???.
> >
> > Do you know what is it ?
> >
> > # uname -r
> > 2.6.28.7-vs2.3.0.36.8-090326
> >
> > # grep VSERVER /boot/config-2.6.28.7-vs2.3.0.36.8-090326
> > CONFIG_VSERVER_AUTO_LBACK=y
> > CONFIG_VSERVER_AUTO_SINGLE=y
> > CONFIG_VSERVER_COWBL=y
> > # CONFIG_VSERVER_VTIME is not set
> > # CONFIG_VSERVER_DEVICE is not set
> > CONFIG_VSERVER_PROC_SECURE=y
> > CONFIG_VSERVER_HARDCPU=y
> > CONFIG_VSERVER_IDLETIME=y
> > # CONFIG_VSERVER_IDLELIMIT is not set
> > CONFIG_VSERVER_PRIVACY=y
> > CONFIG_VSERVER_CONTEXTS=256
> > CONFIG_VSERVER_WARN=y
> > # CONFIG_VSERVER_DEBUG is not set
> > CONFIG_VSERVER=y
> > CONFIG_VSERVER_SECURITY=y
> >
> >
>
> - --
> Cordialement - Sébastien Bonnegent
>
> "GNU/Linux, il y a moins bien mais c'est plus cher."
> - ---------------------------------------------------------------------------------------
> | http://www.insa-rouen.fr/institution/organisation/equipe-de-direction/informatique/ |
> - ---------------------------------------------------------------------------------------
> | Ingénieur système et réseau | Tél: 02 32 95 98 61 | GnuPG: 0x669176B0 |
> -------------------------------------------------------------------------
> | https://asi.insa-rouen.fr/asipedia/index.php/GnuPG |
> ------------------------------------------------------
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAknLhMEACgkQlMHL02aRdrDleQCgg54SbwczoripbjNs5Qtw2t6r
> 4GAAnAtC3CxN1d5dBzoeIA9LrLf8idCk
> =MyCg
> -----END PGP SIGNATURE-----
Received on Thu Mar 26 18:58:51 2009