[EMAIL PROTECTED] ("Gregory (Grisha) Trubetskoy") writes:
>> http://savannah.nongnu.org/cgi-bin/viewcvs/util-vserver/util-vserver/distrib/misc/vprocunhide-files?rev=HEAD
>
> Would you consider this a pretty safe list of things to be visible in
> a vserver?
It is probably too restrictive and removes too much entries. I am
currently aware of only two /proc entries which are not covered by
linux capabilities: sysrq-triggers and scsi. Else, I do not see a
reason to hide other entries since this can destroy functionality for
highly privileged vservers (e.g. VPN/firewall-setup vservers).
List above is something like a proof-of-concept data for the vprocunhide
script and can be overridden locally.
Enrico
_______________________________________________
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
