Re: Anyone tried the "vserver" patch?

From: Jacques Gelinas (jackat_private)
Date: Fri Dec 07 2001 - 16:19:04 PST

  • Next message: Chris Wright: "Re: Anyone tried the "vserver" patch?"

    On Wed, 5 Dec 2001 16:58:16 -0500, Chris Wright wrote
    > a couple things i don't like:
    > - i persnoally don't like the reliance on chroot(), as it wastes disk space
    >   -- and no i don't like the vunify solution either.  (also, make note...if
    >   your vserver has CAP_SYS_CHROOT, the root user in the vserver can break
    >   out).
    No. This has been tested. Since 2.4.10, all tests we did failed.
    > - i don't like that it touches ext2 and ext3 directly.  this makes it
    >   brittle w.r.t. filesystems (something we specifically don't do in LSM).
    No way out if we want to have a workable unification with hard links.
    Jacques Gelinas <jackat_private>
    vserver: run general purpose virtual servers on one box, full speed!
    linux-security-module mailing list

    This archive was generated by hypermail 2b30 : Fri Dec 07 2001 - 16:19:33 PST