On Sat, May 28, 2005 at 04:42:04AM -0700, gary ng wrote: > Hi, > > I am testing out vserver(1.2.10 on 2.4, not ready for > 2.6 yet because of stability issue unrelated to > vserver) and I am wondering what is the impact of > giving CAP_SYS_ADMIN to it.
well, it basically allows the vserver root to take over the host system quite easily ... > Without it, I cannot mount within vserver but I see > mount as a legitimate use like mounting CIFS/NFS or > FUSE related file systems. no, mounting filesystems (without special security) isn't a legitimate use on a vserver ... you can do that in a more secure way with 2.6/1.9.x (but it isn't advisable anyway) > Oh, while I am at it, what capability is needed so > that I can setup vpn(pptp, openvpn etc.) within the you can set those things up from outside, or wait until ngnet (2.6 only) will become more mature ... > vserver or it will the vserver no longer virtual(too > much rights so it can get out of the jail)? > > thanks in advance for any help. best, Herbert > regards, > gary > > PS. please CC if possible as I am not on the list > _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
