,loadavg} doesn't hurt and
is a good start ...
/proc/{sysrq-trigger,ide,scsi,bus} is evil ;)
/proc/mounts is evil too since it discloses the devices where the
virtual server and other virtual servers are mounted.
--
Sandino Araico Sánchez
-- Melón se comió las plumas
/overview
enjoy,
Herbert
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Sandino Araico Sánchez
-- Lo que no mata engorda.
___
Vserver mailing list
grsecurity's
kernel settings, but all the same - 'open: Permission denied'
What am i doing wrong? Maybe it'a a bug?
it's a bug you hit usaing vservers _and_ grsecurity's ACL subsystem.
--
Sandino Araico Sánchez
-- Melón se comió las plumas
conflicts other than
desireable restrictions inside chroot.
or do some merging ( I used to have this car with pedals as a kid, lots of fun,
wouldn't recommend it for production environment though... )
--
Sandino Araico Sánchez
-- Melón se comió las plumas
?
--
Sandino Araico Sánchez
-- Melón se comió las plumas
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
, it might be interesting to absorb
those parts useful for linux-vserver into a security
branch of linux-vserver ...
(would be 2.6 branch of course)
best,
Herbert
From: Sandino Araico Sánchez [EMAIL PROTECTED]
I've just uploaded the patch Vserver 1.27 + GR Security 1.9.14 against
2.4.25 to
http
in the early days of security enhancing patches) with different devs
taking care of different modules.
--
Sandino Araico Sánchez
-- ... there's no spoon ...
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
--
Sandino Araico Sánchez
-- ... there's no spoon ...
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
Marc E. Fiuczynski wrote:
Based on my reading of perf. numbers published in LSM's USENIX security
conference, LSM does not impact performance any more significantly than
vserver does. I.e., the numbers are so small that it doesn't really appear
to make a big difference. Correct me if I wrong! I
Christian Mayrhuber wrote:
Could become interesting:
http://www.namesys.com/blackbox_security.html
The process-oriented ACL seems functionality equivalent to grsec
process-based ACLs.
One disadvantage of grsec + vserver is that ACLs are applied system-wide
and must be administered on the
he needs the hosting
provider to setup a new iptables rule or a new grsec ACL.
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sandino
Araico Sánchez
Sent: Wednesday, September 15, 2004 10:36 PM
To: [EMAIL PROTECTED]
Subject: Re: [Vserver] Reiser4 views
,
Marc
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Sandino
Araico Sánchez
Sent: Friday, September 17, 2004 5:20 AM
To: [EMAIL PROTECTED]
Subject: Re: [Vserver] Reiser4 views/process oriented security proposal
Marc E. Fiuczynski wrote:
Hi Sandino,
In what
-devmapper-ioctl.patch
linux-2.4.22-VFS-lock.patch
--
Sandino Araico Sánchez
-- Melón se comió las plumas
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
next week.
Sandino Araico Sánchez
--
Free as in Beer:
You can drink as many as you want but you have to pay for them.
___
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Herbert Poetzl wrote:
I allready have set up shared filesystem im running my guests from,
was just looking for a possibility so guests wouldnt need to be
re-started when im in need to move them around.
stop/start should take less than 5 seconds if the
guests are configured properly,
passwd tcpdump telnet unzip wget which zip
exit
--
Sandino Araico Sánchez
edce71952773051c884f6a49cc194445 8a3ac99fbf88d0c58677ffd9706081bb5471b756
2bc1ad9b84e28ba8725ee0008c80a7f0 5945bcf00844d5a421f7b66e3c5c28467e48f2bc
--
2d188949024d886941f4dff4f500918d 510f47aeec377edb804439a0dae774b9d94269b9
Daniel Hokka Zakrisson wrote:
Sandino Araico Sánchez wrote:
In case somebody finds it useful, here it is:
http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2
http://mirrors.sandino.net/vserver/images/centos-5-i686-2007-07-14.tar.bz2.md5
http://mirrors.sandino.net
Daniel Hokka Zakrisson wrote:
Sandino Araico Sánchez wrote:
That's right, but yum does not always work on Debian or Gentoo hosts.
Oh? Details? Both Debian and Gentoo have packages for yum, so that sounds
like bug(s) which should be reported to the maintainers...
Yum is marked
Daniel Hokka Zakrisson wrote:
Sandino Araico Sánchez wrote:
Yum is marked unstable in Gentoo. It works sometimes but i got used to
unpacking the guest image and running a script that creates the config
directory and the config file... It takes me about 20 minutes to setup a
new vservar
19 matches
Mail list logo