On Mon, Dec 19, 2011 at 04:33:55PM +1100, Steve Kieu wrote:
> Hello,
> the version is util-vserver-0.30.216.pre2986 build on centos6 system
the question which comes to my mind here is: why the hell
would you build an old version of util-vserver?
> When I ran configure I got
> configure:10369: WARNING: *** it is strongly recommended to link
> util-vserver against ***
> configure:10371: WARNING: *** dietlibc; glibc's NSS functions are very
> unreliable in ***
> configure:10373: WARNING: *** chroot() environments, so you have to
> expect problems ***
> configure:10375: WARNING: *** there.
> I am not quite clear what is the use of dietlibc in the
> picture. If I use tools without linking to dietlibc what
> damage/disadvantages I will have?
dietlibc isn't just used to replace glibc, it is used to
build static binaries which are actually 'static'
note that glibc cannot build self contained binaries
anymore, even if you build them 'statically' they will
dynamically load resolver libraries, which in the case
of guest management might be from the host or from the
guest
> I suppose after vserver <NAME> start - the vserver environment
> is using normal libc under its root dir /lib/ rather than
> dietglibc?
correct, but anytime you start or enter the guest, you
have a certain chance that the host will execute some
code from the guest system (nss) which in turn gives
guest root a good chance to do evil things on the host
and even if security is not a concern in your case, you
might end up with unexpected failures
> Or just all commands I start using vnamespace for example will
> be affected?
> Should I download dietlibc somewhere and install it ?
first, your distro should provide dietlibc as package
(basically all known distros do) and if that isn't the
case, yes, you better download dietlibc, build and
install it, unless you want to have issues with the
tools ...
best,
Herbert
> many thanks in advance
> --
> Steve Kieu
Received on Mon Dec 19 14:03:11 2011