Re: [vserver] Howto configure graphic card in a guest/Xorg-server configuration

From: Ed W <lists_at_wildgooses.com>
Date: Thu 25 Mar 2010 - 13:39:56 GMT
Message-ID: <4BAB67AC.9000606@wildgooses.com>

On 25/03/2010 07:59, Romberg Christo wrote:
>
>> you probably need to copy any devices the userspace
>> driver part (from xorg) uses when setting up the
>> graphics card into the guest
>>
> Where should these devices be located in the filesystem?
>

vservers are basically just a fancy chroot, so when you are in a guest
then what you think is /dev is really /vserver/guest/dev - hence
populate that directory with whatever your software tries to access.
Remember that unix is about making everything look like a file, but
really you are talking to some hardware in the case of these special
files - so essentially you are copying the interface to the device into
the chroot

Good luck

Ed W

P.S. You might as well/instead consider looking at grsecurity or
similar - I seem to remember you needed to give the guest more
permissions than you want (ie could escape the chroot) in order to make
X work. A complementary lock down technique is a MAC system (eg
grsec/selinux, etc). Personally I never got my head around selinux, but
grsec is straightforward and likely you will already be using the other
pax patches on your kernel so it's kind of there for free? Also look at
the Suse MAC stuff (whatever it's called? app armour?) and I saw another
new idea in some new distro recently - some of these are even simpler to
configure than grsec

P.P.S. If you really want your tinfoil hat on then switch to gentoo and
turn on the hardened profile. I use this on all my servers and whilst
it will require a far greater understanding of linux to build and
initially setup, *if* you have this level of understanding then you gain
a great amount of flexibility and also you can lock the box down to a
much greater degree. Lots of other benefits to gentoo over <generic
distro>, but the basic tradeoff will remain that it requires more
knowhow to build...
Received on Thu Mar 25 13:47:33 2010

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Thu 25 Mar 2010 - 13:47:36 GMT by hypermail 2.1.8