vserver development mailing list: Re: [Vserver] 32 bits Debian vservers on AMD64

Re: [Vserver] 32 bits Debian vservers on AMD64:
vserver development mailing list
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]

About this list	Date view	Thread view	Subject view	Author view	Attachment view

From: Gilles (gilles_at_harfang.homelinux.org)
Date: Mon 12 Sep 2005 - 00:59:47 BST

Previous message: Herbert Poetzl: "Re: [Vserver] Proc Security in V2.0"
In reply to: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"
Next in thread: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"
Reply: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"

Hello.

> > I tried to build a vserver with the "debootstrap" method (using
> > the "--arch" and "--foreign" options), but didn't succeed: the
> > "--second-stage" aborts with
>
> Try building the image with plain debootstrap, ie without vserver xxx
> build -m debootstrap.
>
> If that doesn't work, it's probably not specifically vserver-related.
>

That's right. It was only a missing dependency.

Nevertheless, I have new problems with "debootstrap".

(1)
I used the "--exclude" option in order to not install hardware-related
packages (and some others):

at,base-config,console-common,console-data,console-tools,cpio,cron,dhcp-client,exim4,exim4-base,exim4-config,exim4-daemon-light,fdutils,ifupdown,info,ipchains,iptables,klogd,logrotate,mailx,makedev,man-db,manpages,modutils,mount,netbase,netkit-inetd,nvi,pciutils,ppp,pppconfig,pppoe,pppoeconf,sysklogd,tasksel,telnet,tcpd,wget

But, it seems that, contrary to the manpage warning, "debootstrap"
installs some of them anyway, namely "modutils", "mount" and "makedev".
These are tagged as "required", but should not be in a vserver.

Is there a way to deal with this at the "debootstrap" level or is the
only solution to try and remove them afterwards from within the vserver?

(2)
Here attached are 2 files listing the contents of the "/dev" directory.
One is after the first stage of "debootstrap" (which seems fine), the
other after the completion of the second stage; the former contains
many devices which shouldn't be there in a vserver (strangely, a lot
of them audio-related).
Why does this happen and how can it be avoided?

Although this is more related to Debian than vserver, the main point is
to try and define the proper method to create a "clean" Debian vserver,
where by "clean" I mean:
* Not containing any packages which may attempt to perform actions
  forbidden inside a vserver (i.e. hardware-related stuff).
* Containing only the strict minimum for the vserver to function as a
  Debian distribution (i.e. with the ability to install and remove
  packages).

Thanks for your suggestions.
Gilles

text/plain attachment: dev_after_1st_stage.txt

text/plain attachment: dev_after_2nd_stage.txt

_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver

Previous message: Herbert Poetzl: "Re: [Vserver] Proc Security in V2.0"
In reply to: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"
Next in thread: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"
Reply: Sam Vilain: "Re: [Vserver] 32 bits Debian vservers on AMD64"

About this list	Date view	Thread view	Subject view	Author view	Attachment view

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 12 Sep 2005 - 01:00:38 BST by hypermail 2.1.3