On Tue, 2004-03-30 at 09:51, Dariush Pietrzak wrote: > > > http://strongboxlinux.com/files/linux-2.4.25sbl1/ > > > > > > vserver+POM+supermount+evfs+freeswan+a few other things > > > > Wow. Super patchset! For those of us slightly Linux challenged will a > yup, and broken systrace on top. Very clever.
I've been playing around with systrace, somewhat successfully. But, yes, it should come with the warning that it's not entirely as secure as it says it is. And, since the patch is split off, you don't need to apply it. > > google search for supermount, evfs, and freeswan help explain what and > I wouldn't recommend freeswan for 2.4.25, it's not trivial to merge, and > there already is openswan project that's in active development. This is for compatibility with some older systems. Not trivial to merge? I really didn't have much problem with it... mind you, I'm using a 2.0x version. As to the other stuff that's in there: evfs is an encrypted VFS level filesystem. It patches in a set of utilities in /usr/src/linux/evfs, and creates a binary, called "efs" that you use for mounting partitions. (efs /source/dir /dest/dir). There's a page on it, somewhere, at hysteria.sk... although the guy who wrote it is no longer actively maintaining it. I've got it on there because it's the only working VFS level encryption scheme I've used for linux, so I've been playing with it. The other semi working one is part of the FIST project -> but, I've never had it work reliably (i.e. across a reboot, which is pretty sad). Supermount is a patch set to allow mounts on devices that don't exist yet ;) Do a search on that for relevant information and code snippets. Anyways, as usual, YMMV. Also, be warned: ALWAYS recompile iptables if you're going to use a POM enabled netfilter if your kernel BEFORE you reboot the box -> as it will cause many firewall rules to fail, and thus may stop you from being able to get into the box! Cheers, Liam _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
