On Mon, Oct 05, 2009 at 07:46:23PM +0200, Wilhelm Meier wrote:
>
> we use a vserver as terminal-server, quite a normal setup, i think.
> The host and guest are both debian lenny.
> For some reason we need a polyinstantiated /media directory. i would
> like to do this with pam_namespace.
hmm .. could you elaborate on that?
sounds to me like you want to mount something there?
> When I use pam_namespace in the pamm-session-stack I get the following
> error:
> Oct 5 19:28:23 192.168.222.12 kdm:
> rich00E0C5600493.intern.kmux.de:1[27525]: pam_namespace(kdm:session):
> Unable to unshare from parent namespace, Operation not permitted
assuming that the pam module does an unshare with
CLONE_NEWNS, you can permit that with the context
capability VXC_NAMESPACE
> It is not clear to me if this is possible, because it would
> result in somehow nested namespace: the new namespace inside the
> vserver-namespace?
a Linux-VServer guest consists of several namespaces,
the filesystem/mount namespace is only one of them
and more than that, it is fully hierarchical, so that
should be fine :)
> Any hints how to do this?
get recent and working kernel, use VXC_NAMESPACE, be happy :)
best,
Herbert
if you or your company use and like the Linux-VServer project,
why not consider donating hardware or money, or getting a
service contract with the developers to ensure that it will
live on and continue to provide high quality free software?
> --
> Wilhelm
Received on Tue Oct 6 00:44:40 2009