From: Sam Vilain (sam_at_vilain.net)
Date: Thu 25 Oct 2001 - 20:23:42 BST
On Tue, 23 Oct 2001 23:00:49 -0200 (BRST)
Rik van Riel <riel_at_conectiva.com.br> wrote:
> One minor nitpick, 'vserver <foo> build' could use 'mount --bind'
> on the 2.4 kernels; this would save both disk space and memory use,
> and 'mount --bind' also accepts options like read only mounts so
> root inside the vservers cannot mess with the files.
For some applications, you WANT root to be able to change the files - ie,
in an ISP environment. However, you want to hard link their libc's, etc,
so that you save memory.
In order to prevent people changing libc's that other vservers are
accessing, you then need to make the files immutable, but then you can't
replace them when you upgrade the vservers.
I've hacked another attribute into the kernel to solve this problem; see
http://sam.vilain.net/immutable/. You also need to patch your e2fsprogs.
--
Sam Vilain, sam_at_vilain.net WWW: http://sam.vilain.net/
7D74 2A09 B2D3 C30F F78E GPG: http://sam.vilain.net/sam.asc
278A A425 30A9 05B5 2F13