Hello, Great to read that :o)
Am I gonna have the problems I had with 2.4.24-vs1.22? Iam referring to the security context problems. Currently iam using 2.4.24-vs1.00 because of those! (after exchanging some mails in the past week with other users, which you probably saw too, I think those problems had to do with me not being able to get a random security context)! Other users "complained" about the same and said they resolved their problem by specifying a static security context. Thanks for the new version, +------------------------------------------- | Lu�s Miguel Silva | Network Administrator@ ISPGaya.pt | Rua Ant�nio Rodrigues da Rocha, 291/341 | Sto. Ov�dio � 4400-025 V. N. de Gaia | Portugal | T: +351 22 3745730/3/5 F: +351 22 3745738 | G: +351 93 6371253 E: [EMAIL PROTECTED] | H: http://lms.ispgaya.pt/ +------------------------------------------- -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Herbert Poetzl Sent: segunda-feira, 12 de Janeiro de 2004 6:11 To: [EMAIL PROTECTED] Subject: [Vserver] [Release] Stable vs1.23 (improved security) Hello Community! hopefully the final bugfix release of the second linux-vserver stable release (1.23) is now available at http://www.13thfloor.at/vserver/s_release/v1.23/ you can download an all-in-one patch for 2.4.24 as well as tar archives of the splitup ... (patches for older kernels available on request) this release fixes another locking issue, this time within the /proc filesystem, and adds a very important security interface, to protect entries against unwanted access. older tools (especially tools for 1.22) should work but util-vserver-0.26 or later is recommended. new proc security feature: by using the vproc tool (provided in vproc-0.1.tar) it is now possible to limit the visibility of proc entries to either the host, the special context one, or both, according to your preference. note: by default all proc entries are visible and therefore accessible via read and write on all contexts, only restricted by the linux capability system, which is equivalent to the setup in all earlier versions. (using the entry meminfo as example) vproc /proc/meminfo (shows current visibility) vproc -d /proc/meminfo (hide in user context) vproc -D /proc/meminfo (hide in any context) vproc -E /proc/meminfo (show only in ctx one) vproc -e /proc/meminfo (default: visible) please make sure to disable dangerous entries which are not required in a vserver anyway, like hardware interfaces (ide,bus,pci,scsi) or kernel interfaces (kmem,iomem,ioports,sys,...) note: symbolic links and dynamically generated entries like /proc/<pid> can not be masked by this interface yet ... enjoy, Herbert _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
