On Fri, Jun 30, 2006 at 08:50:49PM -0400, Paul S. Gumerman wrote: > Sorry about the previous thread hijacks --- I didn't realize what the > list server was using to do the threading. > > > I have been working on getting the freenx remote X access aplication > working on a vserver host machine. > > When using the v_sshd wrapper, it fails, fairly late in the process of a > login.
yes, that is kind of expected, the v_sshd wrapper should probably have been removed a long time ago IMHO, but you know "enough rope to shoot yourself in the foot", so we left it as is ... > If I do not use the wrapper, and start sshd from the standard initscript > with the following lines in sshd_config, it works fine. > > ListenAddress 192.168.1.42 > ListenAddress 127.0.0.1 > > It appears that the v_sshd wrapper does not allow sshd to listen to the > loopback address, but only the interface's primary IP addresses, and > that is causing the problem with freenx. the problem here is that using ssh (via the sshd wrapper) already puts you in a network namespace, which basically makes it impossible to manage network namespaces in a sensible way ... we might (in the future) declare special admin spaces/capabilities which will remove that 'issue' > Is there some reason that this limitation is necessary? yes, you basically cannot have a restriction to ssh, but none to the spawned children, as this would circumvent the network isolation > If not, can it be fixed? not with the current concept and certainly not with a big change in semantics, but the good news is, the ssh (or maybe telnet/rlogin/etc) service is the 'only' one which does require this 'restriction' on the host, for all other the v_* wrappers are fine, as they do not try to 'change' the network namespace afterwards ... HTC, Herbert > Best regards, > Paul > > _______________________________________________ > Vserver mailing list > [email protected] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [email protected] http://list.linux-vserver.org/mailman/listinfo/vserver
