On Tue, 19 Jan 2010 16:41:37 +0100
Shinkan <firstname.lastname@example.org> wrote:
> 2010/1/19 Shinkan <email@example.com>
> > 2010/1/19 Corey Wright <firstname.lastname@example.org>
> >> like an application-specific chroot, but with the added functionality
> >> of linux-vserver?
> > Hi Corey,
> > Thanks for your try.
> > That's what I need yeah, "a (nearly) bullet proof chroot" to launch one
> > service.
> > And I want to use VServer as my "bullet proof chroot".
> > i think vcontext.
> > I'll Google for it.
> That's one of the most un-successful search I've ever made.
yeah, there's not much on vcontext, which is why i said you might want to
go with more standard linux-vserver usage ("vserver <name> start") and
heavily minimize/customize the vserver.
if you are trying to reduce filesystem usage, then look into unification.
if you are doing this to reduce attack surface (less tools to leverage once
an attacker compromises the lone application).
> I tried vcontext --create --xid 444 -- /etc/init.d/sshd start, and it
> seemed to work, but I didn't get what was done at all.
i only know to recommend:
* vcontext --help
to see how "vserver <name> start" leverages vcontext:
* less /usr/sbin/vserver
* less /usr/lib/util-vserver/vserver.start
* less /usr/lib/util-vserver/vserver.functions
yes, "use the source, luke" is probably not you were wanting.
or jump on irc and ask there, as the linux-vserver irc channel has always
been most responsive and helpful to me. (and then document whatever they
tell you on the wiki. ;-)
> Then, to be sure, I've done /etc/init.d/sshd stop (which worked), BUT I'm
> still able to "ssh localhost" ??!
> I can't find any ssh in "ps aux".
try "vps" instead of "ps" to list processes running within vservers.
> I really think like I don't understand what happened, and what vcontext
> "Sometimes when I'm talking, my words can't keep up with my thoughts. I
> wonder why we think faster than we speak. Probably so we can think
> twice." - Bill Watterson
-- email@example.comReceived on Tue Jan 19 16:17:16 2010