On Sun, Jul 18, 2004 at 07:34:04PM +0200, Henrik Heil wrote: > Hello, > > i am trying to setup supervised vservers with runit > (http://smarden.org/runit/) using linux-2.4.26, patch-2.4.26-vs1.28.diff > with util-vserver-0.30. > > To supervise the vservers i need them to stay in the foreground and to > receive signals from runsv. > > I could achieve that by putting exec in front of the commands that run > $STARTCMD. i wrote a small patch to the vserver script that basically is > > + $EXEC $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \ > - $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \ > $CHCONTEXT_CMD $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT > $HOSTOPT $DOMAINOPT --secure \ > $SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx \ > $CAPCHROOT_CMD $CHROOTOPT . $STARTCMD > > Obviously the post-start script will not be executed but that's not a > problem for me. > > I am quite new to vserver and would like to ask you if you see a > security problem with this concept.
hmm, except for the connection between the processes in and outside no ... > For illustration -- my vpstree output looks like this: > > |-runsvdir(207)---runsv(211)-+-runit(466)-- ... > | | > | `-svlogd(215) > > where the runit(466) is the init of the vserver and runs in a vserver > context while runsv(211) runs in context 0 and sends the signals with > vc_ctx_kill to 466. > > Any comments are appreciated. I do not see a point (yet) in doing that, so what is the idea behind this 'solution'? if it is knowing when a vserver exits (is destroyed) you can get this info via the vshelper, if it is automatically restarting a 'rebooting' vserver, then this should be already done by the scripts ... please elaborate on your requirements ... TIA, Herbert > Thanks, > Henrik > > -- > Henrik Heil, zweipol Coy & Heil GbR > http://www.zweipol.net/ > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
