Sorry, this is a bit off-topic:
I've seen quite a few mentions of Virtuozzo and Ensim VPS solutions.
Virtuozzo seems to be particularly keen on how they are so super advanced,
no open source thing comes even close.
Anyone here have any experience with those and can give the skinny on
what those
Had anyone tried to use freevps? FreeVPS extends the original Linux
VServer.
You might want to try http://www.freevps.com
Cheers!
Joey Esquibal
___
Vserver mailing list
[EMAIL PROTECTED]
http://list.linux-vserver.org/mailman/listinfo/vserver
[EMAIL PROTECTED] ("Gregory (Grisha) Trubetskoy") writes:
>> it 'seems' that the poster was worried about the
>> ability to sniff network packets from other vservers
>> on the same host, when inside a vserver.
>
> Could he have been referring to CAP_NET_RAW?
Regarding tasks which are requiring CA
On Friday, January 09, 2004 12:37 PM NZT,
Herbert Poetzl <[EMAIL PROTECTED]> wrote:
>
> some tools (traceroute or tracepath) make use of udp
> instead of icmp, which is no big deal in a vserver,
> only ping 'requires' the insecure icmp/raw access ...
>
I was thinking that, but traceroute doesn't
On Thu, Jan 08, 2004 at 06:24:49PM -0500, Gregory (Grisha) Trubetskoy wrote:
>
>
> On Thu, 8 Jan 2004, Herbert Poetzl wrote:
>
> > recently (end of december last year) somebody posted
> > a mystic message to one of the german webhosting lists
> > stating, that vserver is insecure, and that he wo
On Thu, 8 Jan 2004, Herbert Poetzl wrote:
> recently (end of december last year) somebody posted
> a mystic message to one of the german webhosting lists
> stating, that vserver is insecure, and that he would
> suggest not to use it (no details where given) ...
>
> it 'seems' that the poster was
On Thu, 8 Jan 2004, Dariush Pietrzak wrote:
> On Wed, 7 Jan 2004, Bodo Eggert wrote:
[X outside vserver was considered to be insecure, I told X is insecure
anyway]
> Hmm, this is supposed to be a 'demo', not a public kiosk.
ACK, therefore there is no need to jail the X-Server itself. So if it
d
InfoQOFCNRKTKVSEOSFN
<>
Dear Vserver Community!
we discovered that there is a security issue
in all vserver versions, which will be solved
soon, but for now it would be best to mount
the procfs read only on your vserver host.
this can be done with:
mount -o remount,ro /proc
if access to the procfs is required on the
Thanks for this short abstact Herbert.
[...]
> CAP_SYS_ADMIN
> this list would be too long, it basically
> alows to do everything else, not mentioned
> in another capability.
[...]
For all who are not aware of it: The full story ist readable in
/include/linux/capability.h.
Fra
On Thu, 8 Jan 2004, Herbert Poetzl wrote:
> as Cathy says, this is an option, but if you do so,
> make sure not to use the v_sshd wrapper at all ...
And since I've been "getting a 'vserver' clue" I'm getting closer and
closer to not using the v_* stuff at all. An early setup on a long
functionin
Hi Community!
recently (end of december last year) somebody posted
a mystic message to one of the german webhosting lists
stating, that vserver is insecure, and that he would
suggest not to use it (no details where given) ...
it 'seems' that the poster was worried about the
ability to sniff net
On Thu, Jan 08, 2004 at 08:36:19PM +1100, Alec Thomas wrote:
> Hi,
>
> I am seeing this same behaviour with 2.4.24-vs1.3.4:
>
> [EMAIL PROTECTED]:~]vserver swapoff enter
> -su: fork: Resource temporarily unavailable
> -su-2.05b#
>
> The same config worked fine with vs1.22.
yes, I can confirm th
Hi Chistian!
Thanks a lot, merci beaucoup, vielen Dank, mange tak!!
It really works!
Looks as if it's nessesary to read the kernel-source-docs even if one never
intends to become a kernel hacker.. So bashing foreign admins is no longer
needed, what a relief..:-)
Greetings
Alexander
Am Mittwoch,
Hi,
I am seeing this same behaviour with 2.4.24-vs1.3.4:
[EMAIL PROTECTED]:~]vserver swapoff enter
-su: fork: Resource temporarily unavailable
-su-2.05b#
The same config worked fine with vs1.22.
Regards,
Alec
> supported in 1.3.x. So I didn't tested it extensive.
> A vanilla 2.4.23 with patch-
On Wed, 7 Jan 2004, Bodo Eggert wrote:
> X needs too much privileges to be any good on a secure machine. You might
> reduce some risks, but I doubt you can get something you may actually
> call "secure". Instead, you should run a P90 as X-Server and connect
> using ethernet.
Hmm, this is supposed
16 matches
Mail list logo
