Herbert Poetzl: > but you should never us it inside a vserver, as devfs gives > you access to _all_ devices present on your system, which > basically allows any vserver root user to do whatever he > likes with your harddisks (and more) ...
I stopped it and created the device nodes you suggested. The vserver still comes up fine. > vshelper (and the alpha util-vserver tools) take care of > that now, reboot (or reboot -f) inside the vserver is > redirected to the helper which in turn cycles the vserver > > if a vserver manages to reboot your host, then you have > some connection to the host init present (like /dev/initctl) > or an ancient kernel running (which doesn't know about the > helper) And that's exactly what still doesn't work. On the root system: olymp ~ # cat /etc/sysctl.conf | grep vshelper kernel.vshelper=/usr/lib/util-vserver/vshelper olymp ~ # stat /usr/lib/util-vserver/vshelper File: `/usr/lib/util-vserver/vshelper' Size: 5534 Blocks: 16 IO Block: 4096 regular file Device: 805h/2053d Inode: 10739715 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2005-01-25 10:55:35.000000000 +0100 Modify: 2005-01-25 10:55:35.000000000 +0100 Change: 2005-01-25 10:55:35.000000000 +0100 olymp ~ # uname -r 2.4.29-vs1.2.10 I wouldn't call that kernel exactly ancient (2.6.10-vs1.9.3 gave me Oopses during console login on the root server, so I downgraded to this - obviously more stable - version...) Within the vserver: zope3 ~ # reboot Broadcast message from root (pts/2) (Thu Jan 27 20:58:04 2005): The system is going down for reboot NOW! shutdown: /dev/initctl: No such file or directory init: /dev/initctl: No such file or directory So, how do I now prevent reboot from accessing /dev/initctl. Or, more precisely, why isn't the reboot event handled by vshelper, which works perfectly fine from "outside" the vserver? Regards, Torsten
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
_______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
