Hello,
i am trying to setup supervised vservers with runit (http://smarden.org/runit/) using linux-2.4.26, patch-2.4.26-vs1.28.diff with util-vserver-0.30.
To supervise the vservers i need them to stay in the foreground and to receive signals from runsv.
I could achieve that by putting exec in front of the commands that run $STARTCMD. i wrote a small patch to the vserver script that basically is
+ $EXEC $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
- $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
$CHCONTEXT_CMD $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure \
$SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx \
$CAPCHROOT_CMD $CHROOTOPT . $STARTCMD
Obviously the post-start script will not be executed but that's not a problem for me.
I am quite new to vserver and would like to ask you if you see a security problem with this concept.
For illustration -- my vpstree output looks like this:
|-runsvdir(207)---runsv(211)-+-runit(466)-- ... | | | `-svlogd(215)
where the runit(466) is the init of the vserver and runs in a vserver context while runsv(211) runs in context 0 and sends the signals with vc_ctx_kill to 466.
Any comments are appreciated.
Thanks, Henrik
-- Henrik Heil, zweipol Coy & Heil GbR http://www.zweipol.net/ _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
