From: Liam Helmer (linuxlists_at_thevenue.org)
Date: Tue 30 Mar 2004 - 17:37:42 BST
On Tue, 2004-03-30 at 09:51, Dariush Pietrzak wrote:
> > > http://strongboxlinux.com/files/linux-2.4.25sbl1/
> > >
> > > vserver+POM+supermount+evfs+freeswan+a few other things
> >
> > Wow. Super patchset! For those of us slightly Linux challenged will a
> yup, and broken systrace on top. Very clever.
I've been playing around with systrace, somewhat successfully. But, yes,
it should come with the warning that it's not entirely as secure as it
says it is. And, since the patch is split off, you don't need to apply
it.
> > google search for supermount, evfs, and freeswan help explain what and
> I wouldn't recommend freeswan for 2.4.25, it's not trivial to merge, and
> there already is openswan project that's in active development.
This is for compatibility with some older systems. Not trivial to merge?
I really didn't have much problem with it... mind you, I'm using a 2.0x
version.
As to the other stuff that's in there: evfs is an encrypted VFS level
filesystem. It patches in a set of utilities in /usr/src/linux/evfs, and
creates a binary, called "efs" that you use for mounting partitions.
(efs /source/dir /dest/dir). There's a page on it, somewhere, at
hysteria.sk... although the guy who wrote it is no longer actively
maintaining it. I've got it on there because it's the only working VFS
level encryption scheme I've used for linux, so I've been playing with
it. The other semi working one is part of the FIST project -> but, I've
never had it work reliably (i.e. across a reboot, which is pretty sad).
Supermount is a patch set to allow mounts on devices that don't exist
yet ;) Do a search on that for relevant information and code snippets.
Anyways, as usual, YMMV.
Also, be warned: ALWAYS recompile iptables if you're going to use a POM
enabled netfilter if your kernel BEFORE you reboot the box -> as it will
cause many firewall rules to fail, and thus may stop you from being able
to get into the box!
Cheers,
Liam
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver