Lu�s Miguel Silva wrote:
[..snip..]
Ol� Lu�s!Since i thought *somebody could sniff the data beetween vservers* i choosed to bind them into the lo interface! That way they can still communicate with each other and be "secure" ;o) [would somebody correct me on this if im wrong?]
In the default vserver .conf, the vservers' root can't control the network interfaces, so vservers' root can't enable promisc mode and can't run a sniffer.
If the vservers' root could enable sniffing (you added CAP_NET_* to the vservers' capabilities list, for instance) then he could do it in eth0 or lo... So, afaict, chbind'ing to eth0: or lo: it's the same in terms of "sniffer protection".
Um abra�o,
Nuno Silva
