From: gary ng (garyng2000_at_yahoo.com)
Date: Sun 29 May 2005 - 04:04:45 BST
Thanks. The reason I said it is legitimate use is that
I saw people offer vserver based VDS solutions. After
a closer examine, I think vserver is more suitable for
host service only "jail" rather than a full featured
VDS(I had one before which use uml), so mainly for
internal server management(moving vserver from one
machine to another is much easier).
--- Herbert Poetzl <herbert_at_13thfloor.at> wrote:
> On Sat, May 28, 2005 at 04:42:04AM -0700, gary ng
> wrote:
> > Hi,
> >
> > I am testing out vserver(1.2.10 on 2.4, not ready
> for
> > 2.6 yet because of stability issue unrelated to
> > vserver) and I am wondering what is the impact of
> > giving CAP_SYS_ADMIN to it.
>
> well, it basically allows the vserver root to take
> over the host system quite easily ...
>
> > Without it, I cannot mount within vserver but I
> see
> > mount as a legitimate use like mounting CIFS/NFS
> or
> > FUSE related file systems.
>
> no, mounting filesystems (without special security)
> isn't a legitimate use on a vserver ...
>
> you can do that in a more secure way with 2.6/1.9.x
> (but it isn't advisable anyway)
>
> > Oh, while I am at it, what capability is needed so
> > that I can setup vpn(pptp, openvpn etc.) within
> the
>
> you can set those things up from outside, or wait
> until ngnet (2.6 only) will become more mature ...
>
> > vserver or it will the vserver no longer
> virtual(too
> > much rights so it can get out of the jail)?
> >
> > thanks in advance for any help.
>
> best,
> Herbert
>
> > regards,
> > gary
> >
> > PS. please CC if possible as I am not on the list
> >
>
__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver