+ $EXEC $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
- $NICECMD $CHBIND_CMD $SILENT $IPOPT --bcast $IPROOTBCAST \
$CHCONTEXT_CMD $SILENT $DISCONNECT $CAPS $FLAGS $CTXOPT $HOSTOPT $DOMAINOPT --secure \
$SAVE_S_CONTEXT_CMD /var/run/vservers/$1.ctx \
$CAPCHROOT_CMD $CHROOTOPT . $STARTCMD
I am quite new to vserver and would like to ask you if you see a security problem with this concept.
hmm, except for the connection between the processes in and outside no ...
o.k. -- thanks.
As far as i know the process in the vserver cannot trick runsv to do something bad.
For illustration -- my vpstree output looks like this:
|-runsvdir(207)---runsv(211)-+-runit(466)-- ... | | | `-svlogd(215)
where the runit(466) is the init of the vserver and runs in a vserver context while runsv(211) runs in context 0 and sends the signals with vc_ctx_kill to 466.
Any comments are appreciated.
I do not see a point (yet) in doing that, so what is the idea behind this 'solution'?
I have some normal services converted to supervised processes which i admit is just my personal preference -- i would like to treat the vservers alike.
if it is knowing when a vserver exits (is destroyed) you can get this info via the vshelper, if it is automatically restarting a 'rebooting' vserver, then this should be already done by the scripts ...
I didn't look into vshelper yet because i only used the stable vserver + utils branch -- i think there is no equivaltent to vshelper -- is there?
I know that rebootmgr restarts a rebooting or dying vserver. Its just that if there is no security or other downside to it i would prefer a process-supervision scheme.
please elaborate on your requirements ...Just to be consistent with my other services.
I can use runsvstat for status/uptime, runsvctl for start/stop etc...
I know this is a 'special' requirement -- so i didn't mean to propose a patch for inclusion (on the other hand -- if it doesn't hurt anyone).
Best regards, Henrik
-- Henrik Heil, zweipol Coy & Heil GbR http://www.zweipol.net/ _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
