From: Herbert Poetzl (herbert_at_13thfloor.at)
Date: Sat 10 Sep 2005 - 18:18:38 BST
On Fri, Sep 09, 2005 at 11:29:32PM +0200, Tor Rune Skoglund wrote:
> Hi there,
>
> Quote http://linux-vserver.org/Proc-Security:
>
> "Default flagging
> As of now stable defaults to all proc entries visible everywhere,
> development and experimental versions default to all proc entries only
> visible in context 0."
thanks, updated that ...
> It seems like this is still valid for vs2.0 stable, although I
> would expect it to change to all proc entries hidden.
(from the 2.0 patches)
config VSERVER_PROC_SECURE
bool "Enable Proc Security"
depends on PROC_FS
default y
help
This configures ProcFS security to initially hide
non-process entries for all contexts except the main and
spectator context (i.e. for all guests), which is a secure
default.
so we now default to enable the proc security, hiding
most entries by default ...
> At least that would be the logic of having the
> vprocunhide utility and the default limiting settings in
> vprocunhide-files.... (?)
>
> At least all proc entries are visible by default on my first
> vs2.0.... Might I be missing something here?
well, what patch/kernel? (testme.sh) and more
improtant what kernel config?
> This is a Gentoo host and vserver, using the portage
> ebuilds for sources and the vserver-new command to
> make the first vserver. Util-vserver is 208.
maybe the gentoo default is wrong? Hollow?
best,
Herbert
> Best regards,
> Tor Rune Skoglund
> _______________________________________________
> Vserver mailing list
> Vserver_at_list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver