Re: [vserver] [iotop]?

From: Corey Wright <undefined_at_pobox.com>
Date: Wed 24 Oct 2012 - 14:12:52 BST
Message-Id: <20121024081252.bf6a7efb.undefined@pobox.com>

On Mon, 22 Oct 2012 22:09:41 -0500
Corey Wright <undefined@pobox.com> wrote:

> On Mon, 22 Oct 2012 17:31:53 +0200
> Adrian Reyer <are@lihas.de> wrote:
>
> > On Mon, Oct 22, 2012 at 04:00:39PM +0100, Sergiusz Pawlowicz wrote:
> > > Any ideas how to make iotop working? It was working well before 3.x came.
> >
> > mkdir /etc/vservers/.defaults/apps/vprocunhide
> > cp /usr/lib/util-vserver/defaults/vprocunhide-files /etc/vservers/.defaults/apps/vprocunhide/files
> > echo /proc/vmstat >> /etc/vservers/.defaults/apps/vprocunhide/files
> > /etc/init.d/vprocunhide start
>
> uh, doesn't that unhide /proc/vmstat for all contexts, not just context 1 (as
> "setattr --watch" does; see http://linux-vserver.org/Secure_ProcFS_Entries)?

yep, just verified (as no one replied to my email) that vprocunhide unhides
all specified proc entries for all contexts (context 1 and guests) and
"setattr --watch" only unhides the specified proc entry for context 1. good
to see things haven't changed since i last checked.

it might be argued that allowing access to /proc/vmstat in a guest is
relatively harmless, but definitely should be avoided (principle of least
privilege). it's definitely unnecessary and overkill for the original
poster's intended use-case of "chcontext --xid 1 -- iotop" (ie running iotop
in context 1).

for that i would recommend the two line script (as previously alluded to, but
now explicitly referenced in
http://archives.linux-vserver.org/201003/0019.html):

 * setattr --watch /proc/vmstat
 * chcontext --silent --ctx 1 iotop "$@"

corey

--
undefined@pobox.com
> corey
> --
> undefined@pobox.com
> 
> > The name of the init script and the source of vprocunhide-files might
> > vary with your distribution.
> > 
> > Regards,
> > 	_are_
> > -- 
> > LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart
> > Fon: +49 (7 11) 78 28 50 90 - Fax:  +49 (7 11) 78 28 50 91
> > Mail: lihas_at_lihas.de - Web: http://lihas.de
> > Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart
Received on Wed Oct 24 14:13:05 2012
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 24 Oct 2012 - 14:13:05 BST by hypermail 2.1.8