Never used vserver, but no, you can't do that with UML. I usually just
reboot the UML when I make a config change if it's not a "mission
critical" service as that only takes a few seconds since the bootup
procedure is pretty simple (basically just start the daemon in
question). For systems that require hot config tuning without a full
virtual server restart, I would probably make a bare minimum little
daemon that just sends the restart command (often just a SIGHUP) to the
daemon whenever you connect to it, then protect this daemon with ingress
filtering (iptables) on the host system. Ugly, and there is a potential
for DoS attacks if the ingress filter is compromised, but it would work.
I'm not sure, but the UML console might also allow the sending of
signals to arbitrary processes. If it doesn't, well you have the source :)
I haven't set up very many of these UML jails (only 1 really, it was for
an apache server), so I can't really say much.
--MonMotha
Warren Togami wrote:
----- Original Message -----
From: "MonMotha" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002 11:15 AM
Subject: Re: [luau] INFO: Heavy duty storage needs
I've used UML before to isolate services. Ever tried breaking out of a
chroot jail? This is even better. Ever tried breaking a system where
the only thing available is a readonly root filesystem with a single
daemon and a few required utils? Gotta love UML :)
--MonMotha
Yeah, vserver is very similar, except with lower overhead. Can you enter
individual UML security contextes with a bash shell in order to restart a
service after a config file change?
_______________________________________________
LUAU mailing list
[EMAIL PROTECTED]
http://videl.ics.hawaii.edu/mailman/listinfo/luau
