From: Mihai RUSU (dizzy_at_roedu.net)
Date: Wed 05 Mar 2003 - 09:03:10 GMT
On Tue, 4 Mar 2003, John P. Eisenmenger wrote:
>
> Do you have the parent directory of the vserver root set with mode 000?
> For example:
>
> root_at_john jpe # ls -ld /vservers /vservers/gentoo /vservers/x
> d--------- 5 root root 4096 Feb 24 15:45 /vservers
> drwxr-xr-x 17 root root 4096 Feb 12 10:35 /vservers/gentoo
> drwxr-xr-x 16 root root 4096 Feb 12 15:42 /vservers/x
>
> Supposedly setting the permissions of the parent directory to 000 blocks
> this method of escape. In fact I believe the vserver command will
> complain loudly if this is not the case.
>
> -John
Hi John and Paul
Unfortunetly this method while seems to work it imposes 2 constrains on
the vserver:
- to change context _after_ chroot (not chroot after chcontext), that
requires
- a chcontext program inside the vserver
- a /proc mounted procfs (which I _really_ dont want to have in my
vserver)
Did I missed something or is there another way ?
Thanks
----------------------------
Mihai RUSU
Disclaimer: Any views or opinions presented within this e-mail are solely
those of the author and do not necessarily represent those of any company,
unless otherwise specifically stated.