On Sat, Dec 06, 2003 at 01:27:15PM +0100, Jon Bendtsen wrote: > On Saturday 06 December 2003 13:08, Dariush Pietrzak wrote: > > > > > Why does a vserver need access to block devices? > > > > > > > > Which vserver? > > > > > > All vservers. You just said that it was not a bug if there was a > > > /dev > > > > Why would you want all your vservers to access your block devices? > > No i dont, i want all vservers by default to be disallowed access to > block devices, EVEN IF THERE IS A DEV ENTRY.
hmm, guess that isn't that easy to accomplish, but I can have a look at the code, and think about the possibilities ... maybe disallowing an open for block devices could be sufficient > > > Then i'm asking you... why does a vserver need access to a > > > blockdevice? > > > > Which vserver?! > > If I want vserver to access blockdevices - I create entries in /dev > > for it, if I don't - I don't. > > I don't really get where the problem is - you wan't all your > > vservers permanently banned from accessing block devices? Even if > > you create those devices yourself especially for your vserver to > > access them? Or what? > > Thats why you could have a CAP_BLOCK_ACCESS maybe as per vserver capability, once we have that system up and running, but the CAP_* resources are scarce ... (30/32) best, Herbert > JonB > > _______________________________________________ > Vserver mailing list > [EMAIL PROTECTED] > http://list.linux-vserver.org/mailman/listinfo/vserver _______________________________________________ Vserver mailing list [EMAIL PROTECTED] http://list.linux-vserver.org/mailman/listinfo/vserver