On Fri, Oct 15, 2004 at 01:44:50PM -0400, Gregory (Grisha) Trubetskoy wrote: > On Fri, 17 Sep 2004, Herbert Poetzl wrote: > > >On Thu, Sep 16, 2004 at 10:29:52PM -0400, Gregory (Grisha) Trubetskoy > >wrote: > >> > >>Is it possible to somehow use mount --bind from within a vserver? > >>(vs1.28). > > > >not in a secure way with the 2.4 stable branch, but > >it is with recent 2.6 (vs1.9.x) devel branch ... > > Could you please elaborate on this? > > On 1.9.3-rc2.1/latest utils I see that I can mount after I give the > context SYS_ADMIN bcap, but that doesn't seem like a wise thing in a web > hosting scenario (our case) - is there some other way?
yes, giving VXC_SECURE_MOUNT (a context capability) without the CAP_SYS_ADMIN (linux capability) will allow for 'secure' mounts (including --bind mounts) inside a vserver ... HTH, Herbert > Thanks, > > Grisha _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver
