From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sun 29 May 2005 - 13:05:31 BST
On Sat, May 28, 2005 at 09:25:51PM +0200, Bodo Eggert wrote:
> On Sat, 28 May 2005, gary ng wrote:
>
> > I am testing out vserver(1.2.10 on 2.4, not ready for
> > 2.6 yet because of stability issue unrelated to
> > vserver) and I am wondering what is the impact of
> > giving CAP_SYS_ADMIN to it.
> >
> > Without it, I cannot mount within vserver but I see
> > mount as a legitimate use like mounting CIFS/NFS or
> > FUSE related file systems.
>
> You can also mount filesystems containing device nodes. This would give
> you root access to the host.
>
> Secure user mounts are planned in the vanilla kernel, maybe they can be
> adopted for vservers.
2.6/1.9.x and 2.0-* already support 'secure' mounts inside
a vserver guest ...
best,
Herbert
> --
> Top 100 things you don't want the sysadmin to say:
> 45. Was that YOUR directory?
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver