Hello Community! hopefully the final bugfix release of the second linux-vserver stable release (1.23) is now available at
http://www.13thfloor.at/vserver/s_release/v1.23/ you can download an all-in-one patch for 2.4.24 as well as tar archives of the splitup ... (patches for older kernels available on request) this release fixes another locking issue, this time within the /proc filesystem, and adds a very important security interface, to protect entries against unwanted access. older tools (especially tools for 1.22) should work but util-vserver-0.26 or later is recommended. new proc security feature: by using the vproc tool (provided in vproc-0.1.tar) it is now possible to limit the visibility of proc entries to either the host, the special context one, or both, according to your preference. note: by default all proc entries are visible and therefore accessible via read and write on all contexts, only restricted by the linux capability system, which is equivalent to the setup in all earlier versions. (using the entry meminfo as example) vproc /proc/meminfo (shows current visibility) vproc -d /proc/meminfo (hide in user context) vproc -D /proc/meminfo (hide in any context) vproc -E /proc/meminfo (show only in ctx one) vproc -e /proc/meminfo (default: visible) please make sure to disable dangerous entries which are not required in a vserver anyway, like hardware interfaces (ide,bus,pci,scsi) or kernel interfaces (kmem,iomem,ioports,sys,...) note: symbolic links and dynamically generated entries like /proc/<pid> can not be masked by this interface yet ... enjoy, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
