vserver development mailing list: Re: [vserver] vserver eth interfaces

Re: [vserver] vserver eth interfaces:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Nuno Silva (nuno.silva_at_vgertech.com)
Date: Mon 20 Jan 2003 - 14:58:27 GMT

Previous message: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
In reply to: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
Next in thread: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
Reply: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"

Luís Miguel Silva wrote:

[..snip..]

> Since i thought *somebody could sniff the data beetween vservers* i
> choosed to bind them into the lo interface! That way they can still
> communicate with each other and be "secure" ;o) [would somebody correct me
> on this if im wrong?]

Olá Luís!

In the default vserver .conf, the vservers' root can't control the
network interfaces, so vservers' root can't enable promisc mode and
can't run a sniffer.

If the vservers' root could enable sniffing (you added CAP_NET_* to the
vservers' capabilities list, for instance) then he could do it in eth0
or lo... So, afaict, chbind'ing to eth0: or lo: it's the same in terms
of "sniffer protection".

Um abraço,
Nuno Silva

Previous message: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
In reply to: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
Next in thread: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"
Reply: Luís Miguel Silva: "Re: [vserver] vserver eth interfaces"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 20 Jan 2003 - 15:33:47 GMT by hypermail 2.1.3