Hi everyone! First, I must say that I am surprised, how many hits I got on the LVM Quota HowTo pages I set up last week. I think this shows, that there actually _IS_ some interrest in getting quota to work with vservers.
Shortly after I wrote/published the HowTo, Paul Sladen commented, that a major disadvantage of this approach would be the raw device (filesystem) access ... (funny that no one mentioned that before) This raw device access is required to make the quotactl system useable for the user-land tools (quota-tools), and results (at least) in the following security hazards - root can modify the root filesystem at low levels. - root can create arbitrary device nodes, gaining access to any physical resources (by modifying the fs) - wiping out the mounted (root) filesystem will probably give some fun with the kernel ... Because I would face the same security issues on my Context Quota support (and a few more), I thought, first I'll find a solution for that issue, and then take the next step ... The basic idea was to provide some filtered quotactls while blocking out everything else, which reminded me of typical proxying. Unfortunately the quotactl is not handled via the ioctl device interface, and so I had to modify the dquot code in the kernel. Okay, enough talk, if you are interested, take a look at the NEW howto, try it out, and provide feedback. http://www.13thfloor.at/VServer/HowTo_LVMQS.shtml I WOULD BE INTERESTED HOW MANY LIST MEMBERS ARE ACTUALLY USING QUOTA AND/OR WANT TO USE IT IN THE FUTURE best, Herbert
