On Fri, 2004-04-16 at 10:58, Michael Hilscher wrote: > Herbert wrote in > http://archives.linux-vserver.org/200401/0125.html > > please make sure to disable dangerous entries > which are not required in a vserver anyway, like > hardware interfaces (ide,bus,pci,scsi) or kernel > interfaces (kmem,iomem,ioports,sys,...) > > well i'm not sure which entries are required for Vserver and which ones > are dangereous and has to be disabled! Where do I found more > information about this?
More recent 'basic' information can be found here: http://www.linux-vserver.org/index.php?page=Proc-Security There has been a discussion on the ml regarding what could be made visible: http://list.linux-vserver.org/archive/vserver/msg06552.html And finally Bertl says: <Bertl> my motto is, do not enable, what you do not need <Bertl> so I'd start with a minimal config (would be /proc/*info /proc/uptime /proc/loadavg) ... > Why don't you disable dangerous entries by default in Vserver > installation and integrate the needed vproc in util-vserver? IIRC alpha tools do this, more information on them is located here: http://www.linux-vserver.org/index.php?page=alpha+util-vserver Bjoern _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
